Comments (12)
For reference, here's that branch I started: https://github.com/seanmonstar/warp/compare/addr?expand=1
It doesn't need the local hyper dependency any more, and doesn't actually add a new filter yet, just makes the address available in the Route
. Running a pipelined benchmark against the branch suggests some slow down, which is not desirable.
from warp.
Note that hyper gained the ability for a MakeService
to receive a reference to the connection when making a new Service
, so it could be fairly simple to implement in warp now.
A blocker is that warp allows any transport type that implements AsyncRead + AsyncWrite
, which doesn't provide a way to access the remote address. We could add a trait like Transport: AsyncRead + AsyncWrite
, and new server constructors with the new bounds.
from warp.
Good idea! Hm, should this try to be smarter, by checking X-Forwarded-For
and such, or simply return the value from the TcpStream
?
from warp.
If you don't use the x-forwarded-for header contents, aren't you going to be returning the address of the last proxy that touched the request, rather than the actual client address?
from warp.
I think a collection of filters would make sense here:
- one that gets the address of the connected socket
- one that gets the address from
X-Forwarded-For
(returns an iterator?) - one that gets the address from
Forwarded
(https://tools.ietf.org/html/rfc7239)
I don't think a decision should be made for the user on whether they trust the proxy header or not. Some friendly default combinations could be useful though, eg Forwarded
or X-Forwarded-For
if available, else socket.
from warp.
@markcol yes, but that's only an issue if proxies are involved. The other side is that you're trusting that a proxy was in place and it would have had to look at the remote address of its TcpStream. If it's done automatically and there is no proxy, you'd be trusting an end user that could forge a fake header.
It seems like both are useful, depending on your deployment.
from warp.
I have a branch a branch exploring adding this that I can push tomorrow. It might be hurting performance slightly, making me wish for a solution that doesn't do anything unless the filter was actually being used...
from warp.
Is this possible without changes to hyper? I didn't see any way to get at the address from Request
that you get as a hyper::Service
, which is why I started poking around hyper's code and issues.
from warp.
Yes it's possible, just not with hyper::Server
. It requires creating the listener and using Http::serve_connection
, so that the bound service could have grabbed the socket address of the connection first.
from warp.
@seanmonstar how are you benchmarking? in case I get to experiment a bit this weekend...
from warp.
The server program:
extern crate warp;
use warp::Filter;
fn main() {
let text = warp::path("plaintext")
.map(|| "Hello, World!");
let json = warp::path("json")
.map(|| warp::reply::json(&["Hello, World"]));
let routes = text.or(json);
warp::serve(routes)
.unstable_pipeline()
.run(([127, 0, 0, 1], 3030));
}
And then, using wrk with a pipeline script, something like wrk -t1 -d10 -c50 -s pipeline.lua http://127.0.0.1:3030/plaintext -- 16
. You can fiddle with the -c
argument some to find a good baseline on your machine for warp master, and then compare with the branch.
from warp.
@seanmonstar would you consider to make it as a feature? Those, for whom a client IP based routing is critical (like me) would switch it on and pay the penalty, and it wouldn't affect anyone else that way.
from warp.
Related Issues (20)
- Feature request: More customization points in tracing HOT 2
- EC Private key support HOT 1
- Make `Option<F>` a filter when F is a filter
- Feature request: `warp::make_service()` or `warp::service_with_addr()`
- CVE-2023-43669/GHSA-9mcr-873m-xcxp: tungstenite <= 0.20.0 DoS vulnerability HOT 1
- [feature request] [low prio] Non-Metal fallback option HOT 2
- SSE gives up on Streams that return Pending HOT 3
- Server::run should return ! (never type)
- Default OS / self signed certificate without create it HOT 1
- websocket disconnect (code: 1006, reason: "") HOT 2
- Add `rust-version` into `Cargo.toml` HOT 1
- Error `connection closed before message completed` after 60s HOT 2
- Websocket connection closes immediately, but not with firefox HOT 4
- Navigation between panes using vim commands HOT 1
- examples/tls/cert.pem has expired
- Upgrade to hyper v1 HOT 4
- key contains no private key while using ecc key HOT 1
- integrate with monoio
- HELP: filters inside .then never get executed HOT 1
- Chinese input method following error in notebook HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from warp.