change Inbound to always use localhost

Signed-off-by: Sean McArthur <sean@buoyant.io>

src/app/inbound.rs

@@ -88,7 +88,7 @@ impl<A> router::Recognize<http::Request<A>> for Recognize {
             .unwrap_or_else(|| Conditional::None(tls::ReasonForNoTls::Disabled));
 
         let addr = src
-            .and_then(|s| s.orig_dst_if_not_local())
+            .and_then(Source::orig_dst_if_not_local)
             .or(self.default_addr)?;
 
         let dst_name = super::http_request_addr(req)
@@ -169,6 +169,62 @@ pub mod orig_proto_downgrade {
     }
 }
 
+/// Rewrites connect `Target`s IP address to the loopback address (`127.0.0.1`),
+/// with the same port still set.
+pub mod rewrite_loopback_addr {
+    use std::net::SocketAddr;
+    use svc;
+    use transport::connect::Target;
+
+    #[derive(Debug, Clone)]
+    pub struct Layer;
+
+    #[derive(Clone, Debug)]
+    pub struct Stack<M>
+    where
+        M: svc::Stack<Target>,
+    {
+        inner: M,
+    }
+
+    // === impl Layer ===
+
+    pub fn layer() -> Layer {
+        Layer
+    }
+
+    impl<M> svc::Layer<Target, Target, M> for Layer
+    where
+        M: svc::Stack<Target>,
+    {
+        type Value = <Stack<M> as svc::Stack<Target>>::Value;
+        type Error = <Stack<M> as svc::Stack<Target>>::Error;
+        type Stack = Stack<M>;
+
+        fn bind(&self, inner: M) -> Self::Stack {
+            Stack { inner }
+        }
+    }
+
+    // === impl Stack ===
+
+    impl<M> svc::Stack<Target> for Stack<M>
+    where
+        M: svc::Stack<Target>,
+    {
+        type Value = M::Value;
+        type Error = M::Error;
+
+        fn make(&self, target: &Target) -> Result<Self::Value, Self::Error> {
+            debug!("rewriting inbound address to loopback; target={:?}", target);
+
+            let rewritten = SocketAddr::from(([127, 0, 0, 1], target.addr.port()));
+            let target = Target::new(rewritten, target.tls.clone());
+            self.inner.make(&target)
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use http;

src/app/main.rs

@@ -359,7 +359,8 @@ where
                 // Establishes connections to the local application.
                 let connect = connect::Stack::new()
                     .push(proxy::timeout::layer(config.inbound_connect_timeout))
-                    .push(transport_metrics.connect("inbound"));
+                    .push(transport_metrics.connect("inbound"))
+                    .push(inbound::rewrite_loopback_addr::layer());
 
                 // A stack configured by `router::Config`, responsible for building
                 // a router made of route stacks configured by `inbound::Endpoint`.

tests/support/proxy.rs

@@ -57,6 +57,19 @@ impl Proxy {
         self
     }
 
+    /// Adjust the server's 'addr'. This won't actually re-bind the server,
+    /// it will just affect what the proxy think is the so_original_dst.
+    ///
+    /// This address is bogus, but the proxy should properly ignored the IP
+    /// and only use the port combined with 127.0.0.1 to still connect to
+    /// the server.
+    pub fn inbound_fuzz_addr(self, mut s: server::Listening) -> Self {
+        let old_addr = s.addr;
+        let new_addr = ([10, 1, 2, 3], old_addr.port()).into();
+        s.addr = new_addr;
+        self.inbound(s)
+    }
+
     pub fn outbound(mut self, s: server::Listening) -> Self {
         self.outbound = Some(s);
         self

tests/transparency.rs

@@ -23,7 +23,7 @@ fn inbound_http1() {
 
     let srv = server::http1().route("/", "hello h1").run();
     let proxy = proxy::new()
-        .inbound(srv)
+        .inbound_fuzz_addr(srv)
         .run();
     let client = client::http1(proxy.inbound, "transparency.test.svc.cluster.local");
 
@@ -69,7 +69,7 @@ fn inbound_tcp() {
         })
         .run();
     let proxy = proxy::new()
-        .inbound(srv)
+        .inbound_fuzz_addr(srv)
         .run();
 
     let client = client::tcp(proxy.inbound);