From 788b36617a8017ba00f5e095fbd4525bd7d653a6 Mon Sep 17 00:00:00 2001
From: PufferBlue <85125856+PufferBlue@users.noreply.github.com>
Date: Sun, 13 Nov 2022 12:06:12 +0800
Subject: [PATCH] Add proxyprotocol support to TLS listener

---
 go.mod               |  1 +
 go.sum               |  2 ++
 src/core/link.go     |  4 ++++
 src/core/link_tls.go | 12 +++++++++++-
 4 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 74b88aa4..d5b96a97 100644
--- a/go.mod
+++ b/go.mod
@@ -12,6 +12,7 @@ require (
 	github.com/kardianos/minwinsvc v1.0.2
 	github.com/mitchellh/mapstructure v1.4.1
 	github.com/vishvananda/netlink v1.1.0
+	github.com/pires/go-proxyproto v0.6.2
 	golang.org/x/mobile v0.0.0-20221110043201-43a038452099
 	golang.org/x/net v0.0.0-20221014081412-f15817d10f9b
 	golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43
diff --git a/go.sum b/go.sum
index f3904fc0..362f77cc 100644
--- a/go.sum
+++ b/go.sum
@@ -34,6 +34,8 @@ github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxd
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
+github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
diff --git a/src/core/link.go b/src/core/link.go
index 933e3983..12d93b29 100644
--- a/src/core/link.go
+++ b/src/core/link.go
@@ -52,6 +52,7 @@ type link struct {
 type linkOptions struct {
 	pinnedEd25519Keys map[keyArray]struct{}
 	priority          uint8
+	proxyprotocol     bool
 }
 
 type Listener struct {
@@ -428,5 +429,8 @@ func linkOptionsForListener(u *url.URL) (l linkOptions) {
 			l.priority = uint8(pi)
 		}
 	}
+	if p := u.Query().Get("proxyprotocol"); p == "true" {
+		l.proxyprotocol = true
+	}
 	return
 }
diff --git a/src/core/link_tls.go b/src/core/link_tls.go
index dda0e2fe..f6e69827 100644
--- a/src/core/link_tls.go
+++ b/src/core/link_tls.go
@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/Arceliar/phony"
+	"github.com/pires/go-proxyproto"
 )
 
 type linkTLS struct {
@@ -90,7 +91,16 @@ func (l *linkTLS) listen(url *url.URL, sintf string) (*Listener, error) {
 		cancel()
 		return nil, err
 	}
-	tlslistener := tls.NewListener(listener, l.config)
+	var tlslistener net.Listener
+	var proxylistener proxyproto.Listener
+	linkoptions := linkOptionsForListener(url)
+	if linkoptions.proxyprotocol {
+		proxylistener = proxyproto.Listener{Listener: listener}
+		tlslistener = tls.NewListener(&proxylistener, l.config)
+		l.core.log.Printf("ProxyProtocol enabled for TLS listener %s", listener.Addr())
+	} else {
+		tlslistener = tls.NewListener(listener, l.config)
+	}
 	entry := &Listener{
 		Listener: tlslistener,
 		closed:   make(chan struct{}),