Fix Windows mirror/steal HTTP forwarding to wildcard-bound servers#4302
Draft
cristeigabriela wants to merge 1 commit into
Draft
Fix Windows mirror/steal HTTP forwarding to wildcard-bound servers#4302cristeigabriela wants to merge 1 commit into
cristeigabriela wants to merge 1 commit into
Conversation
…gateway Mirrored/stolen HTTP traffic to a server bound to a wildcard address (e.g. `0.0.0.0`) failed on Windows: the intproxy HTTP gateway connected to the resolved address directly, and metalbear-co#4264 dropped the `normalize_connection_address` call on this path while the raw-TCP path kept it. Connecting to `0.0.0.0` happens to route to loopback on Linux but fails on Windows, so every mirrored or stolen HTTP request to a wildcard-bound server failed there. Restore the normalization in the HTTP gateway so it matches the TCP path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The intproxy HTTP gateway connected to the resolved
listening_onaddress directly. #4264 (3817ef2c) dropped thenormalize_connection_addresscall on this path while the raw-TCP path kept it. Connecting to a wildcard address (0.0.0.0) routes to loopback on Linux but fails on Windows, so every mirrored/stolen HTTP request to a wildcard-bound server failed there.This restores the normalization in the HTTP gateway so it matches the TCP path.
How this was found
windows-e2e last passed at #4213 and was failing on
main. Bisecting the 46 commits in between (CI probes at evenly-spaced commits) isolated the regression to #4264 — id 44 passed, id 45 (#4264) failed. The failing tests are all incoming HTTP (http::mirror_http_traffic,traffic::mirror::mirror_with_http_header_filter::*,traffic::steal::steal_tests::*), matching exactly the gateway forwarding path.Notes
windows-e2elabel so only the Windows e2e suite runs.ListeningOnExt::resolve_addrso the two paths can't diverge again.