RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-05-10 03:38:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: proxy-v2-options: add crc32c

Browse Source 
This patch add option crc32c (PP2_TYPE_CRC32C) to proxy protocol v2.
It compute the checksum of proxy protocol v2 header as describe in
"doc/proxy-protocol.txt".
This commit is contained in:
Emmanuel Hocdet 2018-02-05 15:26:43 +01:00 committed by Willy Tarreau
parent 6afd898988
commit 4399c75f6c
4 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/configuration.txt
View File

@ -11726,7 +11726,7 @@ proxy-v2-options <option>[,<option>]*
name of the used cipher, "cert-sig": signature algorithm of the used name of the used cipher, "cert-sig": signature algorithm of the used
certificate, "cert-key": key algorithm of the used certificate), "authority": certificate, "cert-key": key algorithm of the used certificate), "authority":
host name value passed by the client (only sni from a tls connection is host name value passed by the client (only sni from a tls connection is
supported). supported), "crc32c": checksum of the proxy protocol v2 header.
send-proxy-v2-ssl send-proxy-v2-ssl
The "send-proxy-v2-ssl" parameter enforces use of the PROXY protocol version The "send-proxy-v2-ssl" parameter enforces use of the PROXY protocol version

4
include/types/server.h
View File

@ -152,6 +152,7 @@ enum srv_initaddr {
#define SRV_PP_V2_SSL_SIG_ALG 0x0020 /* proxy protocol version 2 with cert signature algorithm */ #define SRV_PP_V2_SSL_SIG_ALG 0x0020 /* proxy protocol version 2 with cert signature algorithm */
#define SRV_PP_V2_SSL_CIPHER 0x0040 /* proxy protocol version 2 with cipher used */ #define SRV_PP_V2_SSL_CIPHER 0x0040 /* proxy protocol version 2 with cipher used */
#define SRV_PP_V2_AUTHORITY 0x0080 /* proxy protocol version 2 with authority */ #define SRV_PP_V2_AUTHORITY 0x0080 /* proxy protocol version 2 with authority */
#define SRV_PP_V2_CRC32C 0x0100 /* proxy protocol version 2 with crc32c */
/* function which act on servers need to return various errors */ /* function which act on servers need to return various errors */
#define SRV_STATUS_OK 0 /* everything is OK. */ #define SRV_STATUS_OK 0 /* everything is OK. */
@ -195,7 +196,8 @@ struct server {
enum obj_type obj_type; /* object type == OBJ_TYPE_SERVER */ enum obj_type obj_type; /* object type == OBJ_TYPE_SERVER */
enum srv_state next_state, cur_state; /* server state among SRV_ST_* */ enum srv_state next_state, cur_state; /* server state among SRV_ST_* */
enum srv_admin next_admin, cur_admin; /* server maintenance status : SRV_ADMF_* */ enum srv_admin next_admin, cur_admin; /* server maintenance status : SRV_ADMF_* */
unsigned char pp_opts; /* proxy protocol options (SRV_PP_*) */ /* 1 unused byte here */
unsigned int pp_opts; /* proxy protocol options (SRV_PP_*) */
struct server *next; struct server *next;
int cklen; /* the len of the cookie, to speed up checks */ int cklen; /* the len of the cookie, to speed up checks */
int rdr_len; /* the length of the redirection prefix */ int rdr_len; /* the length of the redirection prefix */

15
src/connection.c
View File

@ -15,6 +15,8 @@
#include <common/compat.h> #include <common/compat.h>
#include <common/config.h> #include <common/config.h>
#include <common/namespace.h> #include <common/namespace.h>
#include <common/hash.h>
#include <common/net_helper.h>
#include <proto/connection.h> #include <proto/connection.h>
#include <proto/fd.h> #include <proto/fd.h>
@ -990,6 +992,7 @@ static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const
int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote) int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote)
{ {
const char pp2_signature[] = PP2_SIGNATURE; const char pp2_signature[] = PP2_SIGNATURE;
void *tlv_crc32c_p = NULL;
int ret = 0; int ret = 0;
struct proxy_hdr_v2 *hdr = (struct proxy_hdr_v2 *)buf; struct proxy_hdr_v2 *hdr = (struct proxy_hdr_v2 *)buf;
struct sockaddr_storage null_addr = { .ss_family = 0 }; struct sockaddr_storage null_addr = { .ss_family = 0 };
@ -1037,6 +1040,14 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
ret = PP2_HDR_LEN_UNSPEC; ret = PP2_HDR_LEN_UNSPEC;
} }
if (srv->pp_opts & SRV_PP_V2_CRC32C) {
uint32_t zero_crc32c = 0;
if ((buf_len - ret) < sizeof(struct tlv))
return 0;
tlv_crc32c_p = (void *)((struct tlv *)&buf[ret])->value;
ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_CRC32C, sizeof(zero_crc32c), (const char *)&zero_crc32c);
}
if (conn_get_alpn(remote, &value, &value_len)) { if (conn_get_alpn(remote, &value, &value_len)) {
if ((buf_len - ret) < sizeof(struct tlv)) if ((buf_len - ret) < sizeof(struct tlv))
return 0; return 0;
@ -1115,6 +1126,10 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
hdr->len = htons((uint16_t)(ret - PP2_HEADER_LEN)); hdr->len = htons((uint16_t)(ret - PP2_HEADER_LEN));
if (tlv_crc32c_p) {
write_u32(tlv_crc32c_p, htonl(hash_crc32c(buf, ret)));
}
return ret; return ret;
} }

2
src/server.c
View File

@ -528,6 +528,8 @@ static int srv_parse_proxy_v2_options(char **args, int *cur_arg,
newsrv->pp_opts |= SRV_PP_V2_SSL_CIPHER; newsrv->pp_opts |= SRV_PP_V2_SSL_CIPHER;
} else if (!strcmp(p, "authority")) { } else if (!strcmp(p, "authority")) {
newsrv->pp_opts |= SRV_PP_V2_AUTHORITY; newsrv->pp_opts |= SRV_PP_V2_AUTHORITY;
} else if (!strcmp(p, "crc32c")) {
newsrv->pp_opts |= SRV_PP_V2_CRC32C;
} else } else
goto fail; goto fail;
} }