From: Erwan Le Goas <elegoas@haproxy.com>
Date: Thu, 29 Sep 2022 08:25:31 +0000 (+0200)
Subject: MINOR: tools: modify hash_ipanon in order to use it in cli
X-Git-Tag: v2.7-dev7~19
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5eef1588a110597e16b403221e3226d8f4779d05;p=thirdparty%2Fhaproxy.git

MINOR: tools: modify hash_ipanon in order to use it in cli

Add a parameter hasport to return a simple hash or ipstring when
ipstring has no port. Doesn't hash if scramble is null. Add
option PA_O_PORT_RESOLVE to str2sa_range. Add a case UNIX.
Those modification permit to use hash_ipanon in cli section
in order to dump the same anonymization of address in the
configuration file and with CLI.

No backport needed, except if anonymization mechanism is backported.
---

diff --git a/include/haproxy/tools.h b/include/haproxy/tools.h
index f786e1a475..320646a5de 100644
--- a/include/haproxy/tools.h
+++ b/include/haproxy/tools.h
@@ -491,7 +491,7 @@ unsigned int inetaddr_host_lim_ret(char *text, char *stop, char **ret);
 const char *hash_anon(uint32_t scramble, const char *string2hash, const char *prefix, const char *suffix);
 
 /* Function that hashes or not an ip according to the ipstring entered */
-const char * hash_ipanon(uint32_t scramble, char *ipstring);
+const char * hash_ipanon(uint32_t scramble, char *ipstring, int hasport);
 
 static inline char *cut_crlf(char *s) {
 
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 352953fb76..e6a6d30de6 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1964,7 +1964,7 @@ next_line:
 					qfprintf(stdout, "%s %s ", args[0], args[1]);
 
 					if (arg > 1) {
-						qfprintf(stdout, "%s ", args[2]);
+						qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
 
 						if (arg > 2) {
 							qfprintf(stdout, "[...]\n");
@@ -2000,7 +2000,7 @@ next_line:
 
 				else if (strcmp(args[0], "bind") == 0) {
 					qfprintf(stdout, "%s ", args[0]);
-					qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1]));
+					qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1], 1));
 					if (arg > 2) {
 						qfprintf(stdout, "[...]\n");
 					}
@@ -2019,7 +2019,7 @@ next_line:
 						qfprintf(stdout, "%s ", HA_ANON_ID(g_key, args[1]));
 					}
 					if (arg > 2) {
-						qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2]));
+						qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
 					}
 					if (arg > 3) {
 						qfprintf(stdout, "[...]\n");
@@ -2060,7 +2060,7 @@ next_line:
 						qfprintf(stdout, "%s ", args[1]);
 					}
 					else {
-						qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1]));
+						qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1], 1));
 					}
 					if (arg > 2) {
 						qfprintf(stdout, "[...]");
@@ -2070,7 +2070,7 @@ next_line:
 
 				else if (strcmp(args[0], "peer") == 0) {
 					qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1]));
-					qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2]));
+					qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
 
 					if (arg > 3) {
 						qfprintf(stdout, "[...]");
diff --git a/src/tools.c b/src/tools.c
index f697eaccb9..53958a996a 100644
--- a/src/tools.c
+++ b/src/tools.c
@@ -77,7 +77,7 @@ extern void *__elf_aux_vector;
 #define RET0_UNLESS(__x) do { if (!(__x)) return 0; } while (0)
 
 /* Define the number of line of hash_word */
-#define NB_L_HASH_WORD 7
+#define NB_L_HASH_WORD 15
 
 /* enough to store NB_ITOA_STR integers of :
  *   2^64-1 = 18446744073709551615 or
@@ -5876,11 +5876,14 @@ const char *hash_anon(uint32_t scramble, const char *string2hash, const char *pr
 
 /* This function hashes or not an ip address ipstring, scramble is the anonymizing
  * key, returns the hashed ip with his port or ipstring when there is nothing to hash.
+ * Put hasport equal 0 to point out ipstring has no port, else put an other int.
+ * Without port, return a simple hash or ipstring.
  */
-const char *hash_ipanon(uint32_t scramble, char *ipstring)
+const char *hash_ipanon(uint32_t scramble, char *ipstring, int hasport)
 {
 	char *errmsg = NULL;
 	struct sockaddr_storage *sa;
+	struct sockaddr_storage ss;
 	char addr[46];
 	int port;
 
@@ -5889,57 +5892,72 @@ const char *hash_ipanon(uint32_t scramble, char *ipstring)
                 index_hash = 0;
 	}
 
-	if (strncmp(ipstring, "localhost", 1) == 0) {
+	if (scramble == 0) {
+		return ipstring;
+	}
+	if (strcmp(ipstring, "localhost") == 0) {
 		return ipstring;
 	}
 	else {
-		sa = str2sa_range(ipstring, NULL, NULL, NULL, NULL, NULL, &errmsg, NULL, NULL,
-				  PA_O_PORT_OK | PA_O_STREAM | PA_O_XPRT | PA_O_CONNECT | PA_O_PORT_RANGE);
-		if (sa == NULL) {
-			return ipstring;
+		if (hasport == 0) {
+			memset(&ss, 0, sizeof(ss));
+			if (str2ip2(ipstring, &ss, 1) == NULL) {
+				return HA_ANON_STR(scramble, ipstring);
+			}
+			sa = &ss;
 		}
 		else {
-			addr_to_str(sa, addr, sizeof(addr));
-			port = get_host_port(sa);
+			sa = str2sa_range(ipstring, NULL, NULL, NULL, NULL, NULL, &errmsg, NULL, NULL,
+					  PA_O_PORT_OK | PA_O_STREAM | PA_O_XPRT | PA_O_CONNECT |
+					  PA_O_PORT_RANGE | PA_O_RESOLVE);
+			if (sa == NULL) {
+				return HA_ANON_STR(scramble, ipstring);
+			}
+		}
+		addr_to_str(sa, addr, sizeof(addr));
+		port = get_host_port(sa);
 
-			switch(sa->ss_family) {
-				case AF_INET:
-					if (strncmp(addr, "127", 3) == 0 || strncmp(addr, "255", 3) == 0 || strncmp(addr, "0", 1) == 0) {
-						return ipstring;
+		switch(sa->ss_family) {
+			case AF_INET:
+				if (strncmp(addr, "127", 3) == 0 || strncmp(addr, "255", 3) == 0 || strncmp(addr, "0", 1) == 0) {
+					return ipstring;
+				}
+				else {
+					if (port != 0) {
+						snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port);
+						return hash_word[index_hash];
 					}
 					else {
-						if (port != 0) {
-							snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port);
-							return hash_word[index_hash];
-						}
-						else {
-							snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x)", HA_ANON(scramble, addr, strlen(addr)));
-							return hash_word[index_hash];
-						}
+						snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x)", HA_ANON(scramble, addr, strlen(addr)));
+						return hash_word[index_hash];
 					}
-					break;
+				}
+				break;
 
-				case AF_INET6:
-					if (strcmp(addr, "::1") == 0) {
-						return ipstring;
+			case AF_INET6:
+				if (strcmp(addr, "::1") == 0) {
+					return ipstring;
+				}
+				else {
+					if (port != 0) {
+						snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port);
+						return hash_word[index_hash];
 					}
 					else {
-						if (port != 0) {
-							snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port);
-							return hash_word[index_hash];
-						}
-						else {
-							snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x)", HA_ANON(scramble, addr, strlen(addr)));
-							return hash_word[index_hash];
-						}
+						snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x)", HA_ANON(scramble, addr, strlen(addr)));
+						return hash_word[index_hash];
 					}
-					break;
+				}
+				break;
 
-				default:
-					return ipstring;
-					break;
-			};
-		}
+			case AF_UNIX:
+				return HA_ANON_STR(scramble, ipstring);
+				break;
+
+			default:
+				return ipstring;
+				break;
+		};
 	}
 	return ipstring;
 }