diff options
| author | EuAndreh <eu@euandre.org> | 2026-04-30 13:20:30 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2026-04-30 13:20:30 -0300 |
| commit | ef8c102fe9f7df498626ded1f641ee455d52cd65 (patch) | |
| tree | 3ebe3485409f1fa3036bbee35a77383a9e39600b /src/labareda.edn | |
| parent | Implement ADMIN, STATS, LINKS, TRACE, USERS, REHASH, CONNECT (diff) | |
| download | papod-ef8c102fe9f7df498626ded1f641ee455d52cd65.tar.gz papod-ef8c102fe9f7df498626ded1f641ee455d52cd65.tar.xz | |
Identify networks via PROXY v2 AUTHORITY; drop default network
papod no longer pre-creates a "default network" at boot. Instead,
each accepted connection is expected to begin with a PROXY protocol
v2 header (RFC: haproxy.org proxy-protocol.txt) carrying the SNI in
a PP2_TYPE_AUTHORITY (0x02) TLV — exactly what untls now injects.
The authority is used to look up (or create) a network by name, and
the resulting network-id is bound to the client at connect time
rather than at registration time. Connections that arrive without
a header and without the PAPOD_NETWORK_NAME fallback set are refused
with "ERROR :Closing link: (No network)".
PAPOD_NETWORK_NAME exists for environments where untls is not in
the path (notably the integration test harness, where binder/wscat
speak raw bytes); production deployments should leave it unset and
let untls supply the SNI.
Unit tests cover the parser: a valid header returns the AUTHORITY
and leaves trailing bytes intact; non-PROXY input returns nil and
preserves the stream; PROXY without an AUTHORITY TLV returns "".
Diffstat (limited to 'src/labareda.edn')
0 files changed, 0 insertions, 0 deletions
