bharatbots
commented
1 year ago I wrote a dpkt parser to extract the X-Forwarded-For HTTP header and it works but the current process_packet implementation seems to be filtering out specific TCP packet types(SYN and not ACK). I'm not able to get all the required info from a single TCP packet. Maybe some info is on the next packet.
def get_real_ip(ip, tcp):
try:
request = dpkt.http.Request(tcp.data)
except (dpkt.dpkt.NeedData, dpkt.dpkt.UnpackError):
return None
if "x-forwarded-for" in request.headers:
real_ip = request.headers["x-forwarded-for"]
return real_ip
return None
I don't understand networking stuff, especially the lower level stuff. I hope you can add support for extracting real client IPs from TCP packets(either by parsing HTTP headers or by adding support for Proxy Protocol)
As a side note, Proxy Protocol isn't supported by all load balancers so in some cases parsing HTTP headers may seem like the only option.
NikolaiT
When I run it behind an AWS load balancer, it can't capture the real client IPs(x-forwarded-for). The API can grab the real IP with nginx or by parsing http headers but is there any way to extract real client IPs using
dpkt?Currently in my setup,
ip_pkt.srcreturns a load balancer IP instead of real client IP.Is it an inherent limitation of this software? Should I not use a load balancer and directly expose the app to the internet?
Edit: Is it possible have support for Proxy Protocol so we're able to easily get the original client IP?