From: Emmanuel Hocdet <manu@gandi.net>
Date: Mon, 5 Feb 2018 15:23:23 +0000 (+0100)
Subject: MINOR: accept-proxy: support proxy protocol v2 CRC32c checksum
X-Git-Tag: v1.9-dev1~354
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=115df3e38ed2389e43e9418d2fa8d3e79e920d40;p=thirdparty%2Fhaproxy.git

MINOR: accept-proxy: support proxy protocol v2 CRC32c checksum

When proxy protocol v2 CRC32c tlv is received, check it before accept
connection (as describe in "doc/proxy-protocol.txt").
---

diff --git a/src/connection.c b/src/connection.c
index db5134e6ec..1ea96ae3da 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -613,6 +613,14 @@ int conn_recv_proxy(struct connection *conn, int flag)
 				tlv_offset += tlv_len + TLV_HEADER_SIZE;
 
 				switch (tlv_packet->type) {
+				case PP2_TYPE_CRC32C: {
+					void *tlv_crc32c_p = (void *)tlv_packet->value;
+					uint32_t n_crc32c = ntohl(read_u32(tlv_crc32c_p));
+					write_u32(tlv_crc32c_p, 0);
+					if (hash_crc32c(trash.str, PP2_HEADER_LEN + ntohs(hdr_v2->len)) != n_crc32c)
+						goto bad_header;
+					break;
+				}
 #ifdef CONFIG_HAP_NS
 				case PP2_TYPE_NETNS: {
 					const struct netns_entry *ns;