Module client_ip 

Tuwunel’s client-IP extractor.

Wraps axum_client_ip with a two-mode fallback:

• If the operator configured ip_source, a ConfiguredIpSource marker is installed in request extensions and we delegate to [axum_client_ip::SecureClientIp] with that source.
• Otherwise we fall back to [axum_client_ip::InsecureClientIp], preserving existing behavior exactly – including the header scan chain and the socket-address fallback that matters for Unix-socket deployments (see matrix-construct/tuwunel#310).

The plain SecureClientIpSource::ConnectInfo extension already installed by src/router/layers.rs is intentionally ignored here; only the ConfiguredIpSource marker participates in the secure path. This avoids flipping behavior for deployments that never opted in.

Structs

ClientIp 🔒

Tuwunel client-IP extractor. See module docs.

ConfiguredIpSource

Marker wrapper around [SecureClientIpSource] placed into request extensions only when an operator has explicitly configured ip_source.