mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-11 00:09:42 +00:00
MINOR: sample: Add be2dec converter
Add be2dec converter which allows to build JA3 compatible TLS fingerprints by converting big-endian binary data into string separated unsigned integers eg. http-request set-header X-SSL-JA3 %[ssl_fc_protocol_hello_id],\ %[ssl_fc_cipherlist_bin(1),be2dec(-,2)],\ %[ssl_fc_extlist_bin(1),be2dec(-,2)],\ %[ssl_fc_eclist_bin(1),be2dec(-,2)],\ %[ssl_fc_ecformats_bin,be2dec(-,1)]
This commit is contained in:
parent
959a48c116
commit
40ca09c7bb
@ -16092,6 +16092,19 @@ base64
|
|||||||
an SSL ID can be copied in a header). For base64url("URL and Filename
|
an SSL ID can be copied in a header). For base64url("URL and Filename
|
||||||
Safe Alphabet" (RFC 4648)) variant see "ub64enc".
|
Safe Alphabet" (RFC 4648)) variant see "ub64enc".
|
||||||
|
|
||||||
|
be2dec(<separator>,<chunk_size>,[<truncate>])
|
||||||
|
Converts big-endian binary input sample to a string containing an unsigned
|
||||||
|
integer number per <chunk_size> input bytes. <separator> is put every
|
||||||
|
<chunk_size> binary input bytes if specified. <truncate> flag indicates
|
||||||
|
whatever binary input is truncated at <chunk_size> boundaries. <chunk_size>
|
||||||
|
maximum value is limited by the size of long long int (8 bytes).
|
||||||
|
|
||||||
|
Example:
|
||||||
|
bin(01020304050607),be2dec(:,2) # 258:772:1286:7
|
||||||
|
bin(01020304050607),be2dec(-,2,1) # 258-772-1286
|
||||||
|
bin(01020304050607),be2dec(,2,1) # 2587721286
|
||||||
|
bin(7f000001),be2dec(.,1) # 127.0.0.1
|
||||||
|
|
||||||
bool
|
bool
|
||||||
Returns a boolean TRUE if the input value of type signed integer is
|
Returns a boolean TRUE if the input value of type signed integer is
|
||||||
non-null, otherwise returns FALSE. Used in conjunction with and(), it can be
|
non-null, otherwise returns FALSE. Used in conjunction with and(), it can be
|
||||||
|
56
reg-tests/converter/be2dec.vtc
Normal file
56
reg-tests/converter/be2dec.vtc
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
varnishtest "be2dec converter Test"
|
||||||
|
|
||||||
|
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
|
||||||
|
feature ignore_unknown_macro
|
||||||
|
|
||||||
|
server s1 {
|
||||||
|
rxreq
|
||||||
|
txresp
|
||||||
|
} -repeat 3 -start
|
||||||
|
|
||||||
|
haproxy h1 -conf {
|
||||||
|
defaults
|
||||||
|
mode http
|
||||||
|
timeout connect 1s
|
||||||
|
timeout client 1s
|
||||||
|
timeout server 1s
|
||||||
|
|
||||||
|
frontend fe
|
||||||
|
bind "fd@${fe}"
|
||||||
|
|
||||||
|
#### requests
|
||||||
|
http-request set-var(txn.input) req.hdr(input)
|
||||||
|
|
||||||
|
http-response set-header be2dec-1 "%[var(txn.input),be2dec(:,1)]"
|
||||||
|
http-response set-header be2dec-2 "%[var(txn.input),be2dec(-,3)]"
|
||||||
|
http-response set-header be2dec-3 "%[var(txn.input),be2dec(::,3,1)]"
|
||||||
|
|
||||||
|
default_backend be
|
||||||
|
|
||||||
|
backend be
|
||||||
|
server s1 ${s1_addr}:${s1_port}
|
||||||
|
} -start
|
||||||
|
|
||||||
|
client c1 -connect ${h1_fe_sock} {
|
||||||
|
txreq -url "/" \
|
||||||
|
-hdr "input:"
|
||||||
|
rxresp
|
||||||
|
expect resp.status == 200
|
||||||
|
expect resp.http.be2dec-1 == ""
|
||||||
|
expect resp.http.be2dec-2 == ""
|
||||||
|
expect resp.http.be2dec-3 == ""
|
||||||
|
txreq -url "/" \
|
||||||
|
-hdr "input: 0123456789"
|
||||||
|
rxresp
|
||||||
|
expect resp.status == 200
|
||||||
|
expect resp.http.be2dec-1 == "48:49:50:51:52:53:54:55:56:57"
|
||||||
|
expect resp.http.be2dec-2 == "3158322-3355701-3553080-57"
|
||||||
|
expect resp.http.be2dec-3 == "3158322::3355701::3553080"
|
||||||
|
txreq -url "/" \
|
||||||
|
-hdr "input: abcdefghijklmnopqrstuvwxyz"
|
||||||
|
rxresp
|
||||||
|
expect resp.status == 200
|
||||||
|
expect resp.http.be2dec-1 == "97:98:99:100:101:102:103:104:105:106:107:108:109:110:111:112:113:114:115:116:117:118:119:120:121:122"
|
||||||
|
expect resp.http.be2dec-2 == "6382179-6579558-6776937-6974316-7171695-7369074-7566453-7763832-31098"
|
||||||
|
expect resp.http.be2dec-3 == "6382179::6579558::6776937::6974316::7171695::7369074::7566453::7763832"
|
||||||
|
} -run
|
65
src/sample.c
65
src/sample.c
@ -2059,6 +2059,70 @@ err:
|
|||||||
|
|
||||||
#endif /* USE_OPENSSL */
|
#endif /* USE_OPENSSL */
|
||||||
|
|
||||||
|
static int sample_conv_be2dec_check(struct arg *args, struct sample_conv *conv,
|
||||||
|
const char *file, int line, char **err)
|
||||||
|
{
|
||||||
|
if (args[1].data.sint <= 0 || args[1].data.sint > sizeof(unsigned long long)) {
|
||||||
|
memprintf(err, "chunk_size out of [1..%ld] range (%lld)", sizeof(unsigned long long), args[1].data.sint);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (args[2].data.sint != 0 && args[2].data.sint != 1) {
|
||||||
|
memprintf(err, "Unsupported truncate value (%lld)", args[2].data.sint);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Converts big-endian binary input sample to a string containing an unsigned
|
||||||
|
* integer number per <chunk_size> input bytes separated with <separator>.
|
||||||
|
* Optional <truncate> flag indicates if input is truncated at <chunk_size>
|
||||||
|
* boundaries.
|
||||||
|
* Arguments: separator (string), chunk_size (integer), truncate (0,1)
|
||||||
|
*/
|
||||||
|
static int sample_conv_be2dec(const struct arg *args, struct sample *smp, void *private)
|
||||||
|
{
|
||||||
|
struct buffer *trash = get_trash_chunk();
|
||||||
|
const int last = args[2].data.sint ? smp->data.u.str.data - args[1].data.sint + 1 : smp->data.u.str.data;
|
||||||
|
int max_size = trash->size - 2;
|
||||||
|
int i;
|
||||||
|
int start;
|
||||||
|
int ptr = 0;
|
||||||
|
unsigned long long number;
|
||||||
|
char *pos;
|
||||||
|
|
||||||
|
trash->data = 0;
|
||||||
|
|
||||||
|
while (ptr < last && trash->data <= max_size) {
|
||||||
|
start = trash->data;
|
||||||
|
if (ptr) {
|
||||||
|
/* Add separator */
|
||||||
|
memcpy(trash->area + trash->data, args[0].data.str.area, args[0].data.str.data);
|
||||||
|
trash->data += args[0].data.str.data;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
max_size -= args[0].data.str.data;
|
||||||
|
|
||||||
|
/* Add integer */
|
||||||
|
for (number = 0, i = 0; i < args[1].data.sint && ptr < smp->data.u.str.data; i++)
|
||||||
|
number = (number << 8) + (unsigned char)smp->data.u.str.area[ptr++];
|
||||||
|
|
||||||
|
pos = ulltoa(number, trash->area + trash->data, trash->size - trash->data);
|
||||||
|
if (pos)
|
||||||
|
trash->data = pos - trash->area;
|
||||||
|
else {
|
||||||
|
trash->data = start;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
smp->data.u.str = *trash;
|
||||||
|
smp->data.type = SMP_T_STR;
|
||||||
|
smp->flags &= ~SMP_F_CONST;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
static int sample_conv_bin2hex(const struct arg *arg_p, struct sample *smp, void *private)
|
static int sample_conv_bin2hex(const struct arg *arg_p, struct sample *smp, void *private)
|
||||||
{
|
{
|
||||||
struct buffer *trash = get_trash_chunk();
|
struct buffer *trash = get_trash_chunk();
|
||||||
@ -4253,6 +4317,7 @@ static struct sample_conv_kw_list sample_conv_kws = {ILH, {
|
|||||||
{ "upper", sample_conv_str2upper, 0, NULL, SMP_T_STR, SMP_T_STR },
|
{ "upper", sample_conv_str2upper, 0, NULL, SMP_T_STR, SMP_T_STR },
|
||||||
{ "lower", sample_conv_str2lower, 0, NULL, SMP_T_STR, SMP_T_STR },
|
{ "lower", sample_conv_str2lower, 0, NULL, SMP_T_STR, SMP_T_STR },
|
||||||
{ "length", sample_conv_length, 0, NULL, SMP_T_STR, SMP_T_SINT },
|
{ "length", sample_conv_length, 0, NULL, SMP_T_STR, SMP_T_SINT },
|
||||||
|
{ "be2dec", sample_conv_be2dec, ARG3(1,STR,SINT,SINT), sample_conv_be2dec_check, SMP_T_BIN, SMP_T_STR },
|
||||||
{ "hex", sample_conv_bin2hex, 0, NULL, SMP_T_BIN, SMP_T_STR },
|
{ "hex", sample_conv_bin2hex, 0, NULL, SMP_T_BIN, SMP_T_STR },
|
||||||
{ "hex2i", sample_conv_hex2int, 0, NULL, SMP_T_STR, SMP_T_SINT },
|
{ "hex2i", sample_conv_hex2int, 0, NULL, SMP_T_STR, SMP_T_SINT },
|
||||||
{ "ipmask", sample_conv_ipmask, ARG2(1,MSK4,MSK6), NULL, SMP_T_ADDR, SMP_T_IPV4 },
|
{ "ipmask", sample_conv_ipmask, ARG2(1,MSK4,MSK6), NULL, SMP_T_ADDR, SMP_T_IPV4 },
|
||||||
|
Loading…
Reference in New Issue
Block a user