* SPDX-License-Identifier: GPL-3.0-or-later
*/
+#include "daemon/session.h"
+#include "daemon/network.h"
+
#include "daemon/proxyv2.h"
#include "lib/generic/trie.h"
static inline union proxy2_address *proxy2_get_address(const struct proxy2_header *h)
{
- return (union proxy2_address *) ((uint8_t *) h + sizeof(struct proxy2_header));
+ return (union proxy2_address *)((uint8_t *)h + sizeof(struct proxy2_header));
}
static inline struct proxy2_tlv *get_tlvs(const struct proxy2_header *h, size_t addr_len)
{
- return (struct proxy2_tlv *) ((uint8_t *) proxy2_get_address(h) + addr_len);
+ return (struct proxy2_tlv *)((uint8_t *)proxy2_get_address(h) + addr_len);
}
/** Gets the length of the TLV's `value` attribute. */
uint64_t addr_length = ntohs(h->length);
ptrdiff_t hdr_len = sizeof(struct proxy2_header) + addr_length;
- uint8_t *tlv_hdr_end = (uint8_t *) tlv + sizeof(struct proxy2_tlv);
- ptrdiff_t distance = tlv_hdr_end - (uint8_t *) h;
+ uint8_t *tlv_hdr_end = (uint8_t *)tlv + sizeof(struct proxy2_tlv);
+ ptrdiff_t distance = tlv_hdr_end - (uint8_t *)h;
if (hdr_len < distance)
return false;
uint8_t *tlv_end = tlv_hdr_end + proxy2_tlv_length(tlv);
- distance = tlv_end - (uint8_t *) h;
+ distance = tlv_end - (uint8_t *)h;
return hdr_len >= distance;
}
static inline void next_tlv(struct proxy2_tlv **tlv)
{
- uint8_t *next = ((uint8_t *) *tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv));
- *tlv = (struct proxy2_tlv *) next;
+ uint8_t *next = ((uint8_t *)*tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv));
+ *tlv = (struct proxy2_tlv *)next;
}
trie = net->proxy_addrs4;
addr_size = sizeof(addr.ip4);
- addr.ip4 = ((struct sockaddr_in *) saddr)->sin_addr;
+ addr.ip4 = ((struct sockaddr_in *)saddr)->sin_addr;
break;
case AF_INET6:
if (net->proxy_all6)
trie = net->proxy_addrs6;
addr_size = sizeof(addr.ip6);
- addr.ip6 = ((struct sockaddr_in6 *) saddr)->sin6_addr;
+ addr.ip6 = ((struct sockaddr_in6 *)saddr)->sin6_addr;
break;
default:
kr_assert(false); // Only IPv4 and IPv6 proxy addresses supported
}
trie_val_t *val;
- int ret = trie_get_leq(trie, (char *) &addr, addr_size, &val);
+ int ret = trie_get_leq(trie, (char *)&addr, addr_size, &val);
if (ret != kr_ok() && ret != 1)
return false;
kr_assert(val);
const struct net_proxy_data *found = *val;
kr_assert(found);
- return kr_bitcmp((char *) &addr, (char *) &found->addr, found->netmask) == 0;
+ return kr_bitcmp((char *)&addr, (char *)&found->addr, found->netmask) == 0;
}
ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
if (!buf)
return kr_error(EINVAL);
- const struct proxy2_header *hdr = (struct proxy2_header *) buf;
+ const struct proxy2_header *hdr = (struct proxy2_header *)buf;
uint64_t content_length = ntohs(hdr->length);
ssize_t hdr_len = sizeof(struct proxy2_header) + content_length;
enum proxy2_command command = proxy2_header_command(hdr);
if (command == PROXY2_CMD_LOCAL) {
/* Addresses for LOCAL are to be discarded */
- *out = (struct proxy_result) { .command = PROXY2_CMD_LOCAL };
+ *out = (struct proxy_result){ .command = PROXY2_CMD_LOCAL };
goto fill_wirebuf;
}
return kr_error(KNOT_EMALF);
}
- *out = (struct proxy_result) { .command = PROXY2_CMD_PROXY };
+ *out = (struct proxy_result){ .command = PROXY2_CMD_PROXY };
/* Parse flags */
enum proxy2_family family = proxy2_header_family(hdr);
switch(family) {
case PROXY2_AF_UNSPEC:
- case PROXY2_AF_UNIX: /* UNIX is unsupported, fall back to UNSPEC */
+ case PROXY2_AF_UNIX:
+ /* UNIX is unsupported, fall back to UNSPEC */
out->family = AF_UNSPEC;
break;
case PROXY2_AF_INET:
case PROXY2_AF_INET6:
out->family = AF_INET6;
break;
- default: /* PROXYv2 prohibits other values */
+ default:
+ /* PROXYv2 prohibits other values */
return kr_error(KNOT_EMALF);
}
case PROXY2_PROTOCOL_STREAM:
out->protocol = SOCK_STREAM;
break;
- default: /* PROXYv2 prohibits other values */
+ default:
+ /* PROXYv2 prohibits other values */
return kr_error(KNOT_EMALF);
}
if (content_length < addr_length)
return kr_error(KNOT_EMALF);
- out->src_addr.ip4 = (struct sockaddr_in) {
+ out->src_addr.ip4 = (struct sockaddr_in){
.sin_family = AF_INET,
.sin_addr = { .s_addr = addr->ipv4_addr.src_addr },
.sin_port = addr->ipv4_addr.src_port,
};
- out->dst_addr.ip4 = (struct sockaddr_in) {
+ out->dst_addr.ip4 = (struct sockaddr_in){
.sin_family = AF_INET,
.sin_addr = { .s_addr = addr->ipv4_addr.dst_addr },
.sin_port = addr->ipv4_addr.dst_port,
if (content_length < addr_length)
return kr_error(KNOT_EMALF);
- out->src_addr.ip6 = (struct sockaddr_in6) {
+ out->src_addr.ip6 = (struct sockaddr_in6){
.sin6_family = AF_INET6,
.sin6_port = addr->ipv6_addr.src_port
};
&out->src_addr.ip6.sin6_addr.s6_addr,
&addr->ipv6_addr.src_addr,
sizeof(out->src_addr.ip6.sin6_addr.s6_addr));
- out->dst_addr.ip6 = (struct sockaddr_in6) {
+ out->dst_addr.ip6 = (struct sockaddr_in6){
.sin6_family = AF_INET6,
.sin6_port = addr->ipv6_addr.dst_port
};
#include <stdint.h>
-#include "daemon/session.h"
-#include "daemon/network.h"
#include "lib/utils.h"
+struct network;
+struct session;
+
extern const char PROXY2_SIGNATURE[12];
#define PROXY2_MIN_SIZE 16
/** Parsed result of the PROXY protocol */
struct proxy_result {
- enum proxy2_command command; /**< Proxy command - PROXY or LOCAL. */
- int family; /**< Address family from netinet library (e.g. AF_INET6). */
- int protocol; /**< Protocol type from socket library (e.g. SOCK_STREAM). */
- union kr_sockaddr src_addr; /**< Parsed source address and port. */
- union kr_sockaddr dst_addr; /**< Parsed destination address and port. */
- bool has_tls : 1; /**< `true` = client has used TLS with the proxy.
- If TLS padding is enabled, it will be used even if
- the proxy did not use TLS with kresd. */
+ /** Proxy command - PROXY or LOCAL. */
+ enum proxy2_command command;
+ /** Address family from netinet library (e.g. AF_INET6). */
+ int family;
+ /** Protocol type from socket library (e.g. SOCK_STREAM). */
+ int protocol;
+ /** Parsed source address and port. */
+ union kr_sockaddr src_addr;
+ /** Parsed destination address and port. */
+ union kr_sockaddr dst_addr;
+ /** `true` = client has used TLS with the proxy. If TLS padding is
+ * enabled, it will be used even if the communication between kresd and
+ * the proxy is unencrypted. */
+ bool has_tls : 1;
};
/** Checks for a PROXY protocol version 2 signature in the specified buffer. */
projects / thirdparty / knot-resolver.git / commitdiff
