Mercurial > hg > nginx
view src/core/ngx_proxy_protocol.h @ 7938:dc955d274130
Mail: connections with wrong ALPN protocols are now rejected.
This is a recommended behavior by RFC 7301 and is useful
for mitigation of protocol confusion attacks [1].
For POP3 and IMAP protocols IANA-assigned ALPN IDs are used [2].
For the SMTP protocol "smtp" is used.
[1] https://alpaca-attack.com/
[2] https://www.iana.org/assignments/tls-extensiontype-values/
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 20 Oct 2021 09:45:34 +0300 |
parents | 89adf49fe76a |
children | cca4c8a715de |
line wrap: on
line source
/* * Copyright (C) Roman Arutyunyan * Copyright (C) Nginx, Inc. */ #ifndef _NGX_PROXY_PROTOCOL_H_INCLUDED_ #define _NGX_PROXY_PROTOCOL_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #define NGX_PROXY_PROTOCOL_MAX_HEADER 107 struct ngx_proxy_protocol_s { ngx_str_t src_addr; ngx_str_t dst_addr; in_port_t src_port; in_port_t dst_port; }; u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last); u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last); #endif /* _NGX_PROXY_PROTOCOL_H_INCLUDED_ */