yanc0
commented
7 years ago Thanks Aaron !
Open TheHackerDev opened 7 years ago
yanc0
commented
7 years ago Thanks Aaron !
TheHackerDev
commented
7 years ago No problem, Yann!
Cheers, Aaron (insp3ctre)
yanc0
commented
7 years ago Hi Aaron,
I've just fetch your PR locally and bound Beeping on an IPv6 address. It almost works, I get the header but with too much surround brackets:
Forwarded: for="[[2002:c000:203::1]]"
There is no need to add brackets when you split IP:PORT, they are apparently already there in the request.RemoteAddr
The fix could be:
- srcIP := "["
+ var srcIP string
for index := 0; index < len(srcSlice)-2; index++ {
srcIP += fmt.Sprintf("%s:", srcSlice[index])
}
- srcIP += fmt.Sprintf("%s]", srcSlice[len(srcSlice)-2])
+ srcIP += fmt.Sprintf("%s", srcSlice[len(srcSlice)-2])
req.Header.Set("Forwarded", fmt.Sprintf("for=\"%s\"", srcIP))Here are my tests on Debian: Create HTTP bin on https://requestb.in
$ sudo ip -6 addr add 2002:c000:203::1/64 dev wlan0
$ ./beeping -listen "[2002:c000:203::1]"
$ curl -6 '[2002:c000:203::1]:8080/check' -d '{"url": "https://requestb.in/15qre161"}'Thanks Aaron ! Cheers, Yann
Includes the remote address in the request, following RFC 7239, section 4.
This is not going to be exact for every case, because
http.Request.RemoteAddrhas no defined format (see https://golang.org/src/net/http/request.go#L260). However,http.Serversets the address toIP:port, so it is safe to go with that.NOTE: I was unable to check this with an IPv6 source address. Please do so before merging, to confirm that IPv6 source addresses get transformed to look like the following header:
Forwarded: For="[2001:db8:cafe::17]"I was mostly unsure as to whether the
http.Serverset theremoteAddrvalue for IPv6 addresses with square brackets or not. The assumption in the code's logic right now is that it does not.Cheers, Aaron (insp3ctre)