[MDEV-31468] Problems with proxy-protol-networks and IPv4 addresses on IPv6 Created: 2023-06-13 Updated: 2023-06-29 Resolved: 2023-06-14 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Protocol |
| Affects Version/s: | 10.5.20 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Major |
| Reporter: | Hartmut Holzgraefe | Assignee: | Unassigned |
| Resolution: | Cannot Reproduce | Votes: | 1 |
| Labels: | None | ||
| Description |
|
I tried to create a test setup for maxscale and proxy protocol, with proxy-protocol-networks only allowing the IPv4 subnet my maxscale instances were in. The maxscale instances had IP 10.64.86.100 and 10.64.86.101, so I tried ``` This did not work, connections via maxscale were rejected, but the cause was unclear at first, until looking at maxscale logs showed ``` The ::ffff: prefix finally gave it away. Disabling IPv6 as a first workaround made connections work, but that didn't feel like a correct solution I then added the legacy prefix to my IPv4 netmask as: ``` and with that things finally worked with IPv6 enabled, too. The 6to4 prefix 2002:0a40:5600::/48 also worked. As this is rather un-intuitive I'd say that proxy-protocol-networks handling should be made aware of incoming legacy IPv4 / 6to4 address and match them against given netmasks and host addresses given in classic IPv4 format, too. |
| Comments |
| Comment by Hartmut Holzgraefe [ 2023-06-14 ] |
|
Not sure what I did wrong originally, but I can't reproduce this anymore, IPv4 <-> IPv6 address mappings are not really an issue after all as these special cases are handled in the proxy protocol and vio socket code files. Closing this myself as I can no longer reproduce my original test problem, and can't re-construct my original failing test case to see what I did differently there... |