proxyprotocol: unify the ip family before sending Proxy Protocol (#1055)

YangKeao · web-flow · commit 14d5243a8adc · 2026-01-06T22:13:41.000Z
Signed-off-by: Yang Keao &lt;yangkeao@chunibyo.icu&gt;
diff --git a/pkg/proxy/net/proxy_test.go b/pkg/proxy/net/proxy_test.go
@@ -56,7 +56,11 @@ func TestProxyReadWrite(t *testing.T) {
 			n, err := prw.Read(data)
 			require.NoError(t, err)
 			require.Equal(t, len(message), n)
-			require.Equal(t, p.SrcAddress, prw.Proxy().SrcAddress)
+
+			parsedAddr, ok := prw.Proxy().SrcAddress.(*net.TCPAddr)
+			require.True(t, ok)
+			require.Equal(t, addr.IP.To4(), parsedAddr.IP)
+			require.Equal(t, addr.Port, parsedAddr.Port)
 			require.Equal(t, addr.String(), prw.RemoteAddr().String())
 			require.Equal(t, proxyAddr, prw.ProxyAddr().String())
 		}, 1)
diff --git a/pkg/proxy/proxyprotocol/proxy.go b/pkg/proxy/proxyprotocol/proxy.go
@@ -36,31 +36,35 @@ func (p *Proxy) ToBytes() ([]byte, error) {
 
 	switch sadd := srcAddr.(type) {
 	case *net.TCPAddr:
-		addressFamily = ProxyAFINet
-		if len(sadd.IP) == net.IPv6len {
-			addressFamily = ProxyAFINet6
-		}
-		network = ProxyNetworkStream
 		dadd, ok := dstAddr.(*net.TCPAddr)
 		if !ok {
 			return nil, ErrAddressFamilyMismatch
 		}
-		buf = append(buf, sadd.IP...)
-		buf = append(buf, dadd.IP...)
-		buf = append(buf, byte(sadd.Port>>8), byte(sadd.Port))
-		buf = append(buf, byte(dadd.Port>>8), byte(dadd.Port))
-	case *net.UDPAddr:
+		saddUnifiedIP, daddUnifiedIP := unifyIPFamily(sadd.IP, dadd.IP)
+
 		addressFamily = ProxyAFINet
-		if len(sadd.IP) == net.IPv6len {
+		if len(saddUnifiedIP) == net.IPv6len {
 			addressFamily = ProxyAFINet6
 		}
-		network = ProxyNetworkDgram
+		network = ProxyNetworkStream
+		buf = append(buf, saddUnifiedIP...)
+		buf = append(buf, daddUnifiedIP...)
+		buf = append(buf, byte(sadd.Port>>8), byte(sadd.Port))
+		buf = append(buf, byte(dadd.Port>>8), byte(dadd.Port))
+	case *net.UDPAddr:
 		dadd, ok := dstAddr.(*net.UDPAddr)
 		if !ok {
 			return nil, ErrAddressFamilyMismatch
 		}
-		buf = append(buf, sadd.IP...)
-		buf = append(buf, dadd.IP...)
+		saddUnifiedIP, daddUnifiedIP := unifyIPFamily(sadd.IP, dadd.IP)
+
+		addressFamily = ProxyAFINet
+		if len(saddUnifiedIP) == net.IPv6len {
+			addressFamily = ProxyAFINet6
+		}
+		network = ProxyNetworkDgram
+		buf = append(buf, saddUnifiedIP...)
+		buf = append(buf, daddUnifiedIP...)
 		buf = append(buf, byte(sadd.Port>>8), byte(sadd.Port))
 		buf = append(buf, byte(dadd.Port>>8), byte(dadd.Port))
 	case *net.UnixAddr:
@@ -94,6 +98,19 @@ func (p *Proxy) ToBytes() ([]byte, error) {
 	return buf, nil
 }
 
+// unifyIPFamily unifies the IP family of ip1 and ip2.
+// If both of them are IPv4 (or IPv4 mapped IPv6), return the IPv4 addresses.
+// Else, convert both of them to IPv6 and return.
+func unifyIPFamily(ip1 net.IP, ip2 net.IP) (net.IP, net.IP) {
+	ip1To4 := ip1.To4()
+	ip2To4 := ip2.To4()
+	if ip1To4 != nil && ip2To4 != nil {
+		return ip1To4, ip2To4
+	}
+
+	return ip1.To16(), ip2.To16()
+}
+
 func ParseProxyV2(rd io.Reader) (m *Proxy, n int, err error) {
 	var hdr [4]byte
 
diff --git a/pkg/proxy/proxyprotocol/proxy_test.go b/pkg/proxy/proxyprotocol/proxy_test.go
@@ -50,8 +50,15 @@ func TestProxyParse(t *testing.T) {
 			p, _, err := ParseProxyV2(srv)
 			require.NoError(t, err)
 			require.NotNil(t, p)
-			require.Equal(t, tcpaddr, p.SrcAddress)
-			require.Equal(t, tcpaddr, p.DstAddress)
+
+			srcAddr, ok := p.SrcAddress.(*net.TCPAddr)
+			require.True(t, ok)
+			require.Equal(t, tcpaddr.IP.To4(), srcAddr.IP)
+			require.Equal(t, tcpaddr.Port, srcAddr.Port)
+			dstAddr, ok := p.DstAddress.(*net.TCPAddr)
+			require.True(t, ok)
+			require.Equal(t, tcpaddr.IP.To4(), dstAddr.IP)
+			require.Equal(t, tcpaddr.Port, dstAddr.Port)
 			require.Equal(t, ProxyVersion2, p.Version)
 			require.Equal(t, ProxyCommandLocal, p.Command)
 			require.Len(t, p.TLV, 2)
@@ -92,3 +99,85 @@ func TestProxyToBytes(t *testing.T) {
 	_, err = hdr.ToBytes()
 	require.NoError(t, err)
 }
+
+func TestMixIPv4AndIPv6ProxyToBytes(t *testing.T) {
+	tests := []struct {
+		srcIP     net.IP
+		dstIP     net.IP
+		srcPort   int
+		dstPort   int
+		wantAF    ProxyAddressFamily
+		wantIPLen int
+	}{
+		{
+			srcIP:     net.ParseIP("192.168.1.1"),
+			dstIP:     net.ParseIP("192.168.1.2"),
+			srcPort:   1234,
+			dstPort:   5678,
+			wantAF:    ProxyAFINet,
+			wantIPLen: net.IPv4len,
+		},
+		{
+			srcIP:     net.ParseIP("2001:db8::1"),
+			dstIP:     net.ParseIP("2001:db8::2"),
+			srcPort:   1234,
+			dstPort:   5678,
+			wantAF:    ProxyAFINet6,
+			wantIPLen: net.IPv6len,
+		},
+		{
+			srcIP:     net.ParseIP("192.168.1.1"),
+			dstIP:     net.ParseIP("2001:db8::1"),
+			srcPort:   1234,
+			dstPort:   5678,
+			wantAF:    ProxyAFINet6,
+			wantIPLen: net.IPv6len,
+		},
+		{
+			srcIP:     net.ParseIP("192.168.1.1"),
+			dstIP:     net.ParseIP("::ffff:192.168.1.2"),
+			srcPort:   1234,
+			dstPort:   5678,
+			wantAF:    ProxyAFINet,
+			wantIPLen: net.IPv4len,
+		},
+		{
+			srcIP:     net.ParseIP("::ffff:192.168.1.1"),
+			dstIP:     net.ParseIP("::ffff:192.168.1.2"),
+			srcPort:   1234,
+			dstPort:   5678,
+			wantAF:    ProxyAFINet,
+			wantIPLen: net.IPv4len,
+		},
+		{
+			srcIP:     net.ParseIP("::ffff:192.168.1.1"),
+			dstIP:     net.ParseIP("2001:db8::1"),
+			srcPort:   1234,
+			dstPort:   5678,
+			wantAF:    ProxyAFINet6,
+			wantIPLen: net.IPv6len,
+		},
+	}
+
+	for _, tt := range tests {
+		hdr := &Proxy{
+			Version:    ProxyVersion2,
+			Command:    ProxyCommandProxy,
+			SrcAddress: &net.TCPAddr{IP: tt.srcIP, Port: tt.srcPort},
+			DstAddress: &net.TCPAddr{IP: tt.dstIP, Port: tt.dstPort},
+		}
+
+		hdrBytes, err := hdr.ToBytes()
+		require.NoError(t, err)
+		require.GreaterOrEqual(t, len(hdrBytes), len(MagicV2)+4)
+
+		addressFamily := ProxyAddressFamily(hdrBytes[len(MagicV2)+1] >> 4)
+		require.Equal(t, tt.wantAF, addressFamily)
+
+		length := int(hdrBytes[len(MagicV2)+2])<<8 | int(hdrBytes[len(MagicV2)+3])
+		require.Equal(t, len(hdrBytes)-4-len(MagicV2), length)
+
+		expectedPayloadSize := tt.wantIPLen*2 + 4
+		require.Equal(t, expectedPayloadSize, length)
+	}
+}
