return -1;
}
-/* This analyser tries to fetch a line from the request buffer which looks like :
- *
- * "PROXY" <SP> PROTO <SP> SRC3 <SP> DST3 <SP> SRC4 <SP> <DST4> "\r\n"
- *
- * There must be exactly one space between each field. Fields are :
- * - PROTO : layer 4 protocol, which must be "TCP4" or "TCP6".
- * - SRC3 : layer 3 (eg: IP) source address in standard text form
- * - DST3 : layer 3 (eg: IP) destination address in standard text form
- * - SRC4 : layer 4 (eg: TCP port) source address in standard text form
- * - DST4 : layer 4 (eg: TCP port) destination address in standard text form
- *
- * This line MUST be at the beginning of the buffer and MUST NOT wrap.
- *
- * Once the data is fetched, the values are set in the session's field and data
- * are removed from the buffer. The function returns zero if it needs to wait
- * for more data (max: timeout_client), or 1 if it has finished and removed itself.
- */
-int frontend_decode_proxy_request(struct session *s, struct channel *req, int an_bit)
-{
- char *line = req->buf.data;
- char *end = req->buf.data + req->buf.i;
- int len;
-
- DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
- now_ms, __FUNCTION__,
- s,
- req,
- req->rex, req->wex,
- req->flags,
- req->i,
- req->analysers);
-
- if (req->flags & (CF_READ_ERROR|CF_READ_TIMEOUT))
- goto fail;
-
- len = MIN(req->buf.i, 6);
- if (!len)
- goto missing;
-
- /* Decode a possible proxy request, fail early if it does not match */
- if (strncmp(line, "PROXY ", len) != 0)
- goto fail;
-
- line += 6;
- if (req->buf.i < 18) /* shortest possible line */
- goto missing;
-
- if (!memcmp(line, "TCP4 ", 5) != 0) {
- u32 src3, dst3, sport, dport;
-
- line += 5;
-
- src3 = inetaddr_host_lim_ret(line, end, &line);
- if (line == end)
- goto missing;
- if (*line++ != ' ')
- goto fail;
-
- dst3 = inetaddr_host_lim_ret(line, end, &line);
- if (line == end)
- goto missing;
- if (*line++ != ' ')
- goto fail;
-
- sport = read_uint((const char **)&line, end);
- if (line == end)
- goto missing;
- if (*line++ != ' ')
- goto fail;
-
- dport = read_uint((const char **)&line, end);
- if (line > end - 2)
- goto missing;
- if (*line++ != '\r')
- goto fail;
- if (*line++ != '\n')
- goto fail;
-
- /* update the session's addresses and mark them set */
- ((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_family = AF_INET;
- ((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_addr.s_addr = htonl(src3);
- ((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_port = htons(sport);
-
- ((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_family = AF_INET;
- ((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_addr.s_addr = htonl(dst3);
- ((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_port = htons(dport);
- s->si[0].conn.flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
- }
- else if (!memcmp(line, "TCP6 ", 5) != 0) {
- u32 sport, dport;
- char *src_s;
- char *dst_s, *sport_s, *dport_s;
- struct in6_addr src3, dst3;
-
- line+=5;
-
- src_s = line;
- dst_s = sport_s = dport_s = NULL;
- while (1) {
- if (line > end - 2) {
- goto missing;
- }
- else if (*line == '\r') {
- *line = 0;
- line++;
- if (*line++ != '\n')
- goto fail;
- break;
- }
-
- if (*line == ' ') {
- *line = 0;
- if (!dst_s)
- dst_s = line+1;
- else if (!sport_s)
- sport_s = line+1;
- else if (!dport_s)
- dport_s = line+1;
- }
- line++;
- }
-
- if (!dst_s || !sport_s || !dport_s)
- goto fail;
-
- sport = read_uint((const char **)&sport_s,dport_s-1);
- if ( *sport_s != 0 )
- goto fail;
-
- dport = read_uint((const char **)&dport_s,line-2);
- if ( *dport_s != 0 )
- goto fail;
-
- if (inet_pton(AF_INET6, src_s, (void *)&src3) != 1)
- goto fail;
-
- if (inet_pton(AF_INET6, dst_s, (void *)&dst3) != 1)
- goto fail;
-
- /* update the session's addresses and mark them set */
- ((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_family = AF_INET6;
- memcpy(&((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_addr, &src3, sizeof(struct in6_addr));
- ((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_port = htons(sport);
-
- ((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_family = AF_INET6;
- memcpy(&((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_addr, &dst3, sizeof(struct in6_addr));
- ((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_port = htons(dport);
- s->si[0].conn.flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
- }
- else {
- goto fail;
- }
-
- /* remove the PROXY line from the request */
- len = line - req->buf.data;
- buffer_replace2(&req->buf, req->buf.data, line, NULL, 0);
- req->total -= len; /* don't count the header line */
-
- req->analysers &= ~an_bit;
- return 1;
-
- missing:
- /* missing data and buffer is either full or shutdown => fail */
- if ((req->flags & CF_SHUTR) || buffer_full(&req->buf, global.tune.maxrewrite))
- goto fail;
-
- channel_dont_connect(s->req);
- return 0;
-
- fail:
- channel_abort(req);
- channel_abort(s->rep);
- req->analysers = 0;
-
- s->fe->fe_counters.failed_req++;
- if (s->listener->counters)
- s->listener->counters->failed_req++;
-
- if (!(s->flags & SN_ERR_MASK))
- s->flags |= SN_ERR_PRXCOND;
- if (!(s->flags & SN_FINST_MASK))
- s->flags |= SN_FINST_R;
- return 0;
-}
-
/* This handshake handler waits a PROXY protocol header at the beginning of the
* raw data stream. The header looks like this :
*
projects / thirdparty / haproxy.git / commitdiff
