proxyproto: add UDP session tracking for Spectrum PPv2 (#7967)

2026-04-08 21:15:40 -04:00 · 2026-03-28 15:06:36 -07:00
parent 12d9457e71
commit 34acf8353f
10 changed files with 398 additions and 19 deletions
--- a/core/dnsserver/config.go
+++ b/core/dnsserver/config.go
@@ -73,6 +73,22 @@ type Config struct {
 	// If nil, PROXY protocol is disabled.
 	ProxyProtoConnPolicy proxyproto.ConnPolicyFunc

+	// ProxyProtoUDPSessionTrackingTTL enables per-UDP-session source address
+	// caching on the PacketConn listener when set to a positive duration.
+	// The first datagram of a Cloudflare Spectrum PPv2 session (which contains
+	// only the PROXY Protocol header and no DNS payload) is used to populate a
+	// short-lived cache keyed by the Spectrum-side remote address. Subsequent
+	// datagrams from the same remote address that carry no PROXY Protocol header
+	// are associated with the cached real client address for up to this duration
+	// (refreshed on each matching packet). A zero or negative value disables
+	// session tracking. Has no effect unless ProxyProtoConnPolicy is also set.
+	ProxyProtoUDPSessionTrackingTTL time.Duration
+
+	// ProxyProtoUDPSessionTrackingMaxSessions is the maximum number of concurrent
+	// UDP sessions held in the LRU cache. Zero means use the default (udpSessionMaxEntries).
+	// Has no effect unless ProxyProtoUDPSessionTrackingTTL is positive.
+	ProxyProtoUDPSessionTrackingMaxSessions int
+
 	// MaxGRPCStreams defines the maximum number of concurrent streams per gRPC connection.
 	// This is nil if not specified, allowing for a default to be used.
 	MaxGRPCStreams *int