summaryrefslogtreecommitdiff
path: root/src/labareda.edn
diff options
context:
space:
mode:
authorEuAndreh <eu@euandre.org>2026-04-30 13:20:30 -0300
committerEuAndreh <eu@euandre.org>2026-04-30 13:20:30 -0300
commitef8c102fe9f7df498626ded1f641ee455d52cd65 (patch)
tree3ebe3485409f1fa3036bbee35a77383a9e39600b /src/labareda.edn
parentImplement ADMIN, STATS, LINKS, TRACE, USERS, REHASH, CONNECT (diff)
downloadpapod-ef8c102fe9f7df498626ded1f641ee455d52cd65.tar.gz
papod-ef8c102fe9f7df498626ded1f641ee455d52cd65.tar.xz
Identify networks via PROXY v2 AUTHORITY; drop default network
papod no longer pre-creates a "default network" at boot. Instead, each accepted connection is expected to begin with a PROXY protocol v2 header (RFC: haproxy.org proxy-protocol.txt) carrying the SNI in a PP2_TYPE_AUTHORITY (0x02) TLV — exactly what untls now injects. The authority is used to look up (or create) a network by name, and the resulting network-id is bound to the client at connect time rather than at registration time. Connections that arrive without a header and without the PAPOD_NETWORK_NAME fallback set are refused with "ERROR :Closing link: (No network)". PAPOD_NETWORK_NAME exists for environments where untls is not in the path (notably the integration test harness, where binder/wscat speak raw bytes); production deployments should leave it unset and let untls supply the SNI. Unit tests cover the parser: a valid header returns the AUTHORITY and leaves trailing bytes intact; non-PROXY input returns nil and preserves the stream; PROXY without an AUTHORITY TLV returns "".
Diffstat (limited to 'src/labareda.edn')
0 files changed, 0 insertions, 0 deletions