From: Willy Tarreau Date: Thu, 1 Jan 2026 09:19:48 +0000 (+0100) Subject: MINOR: net_helper: add an option to ip.fp() to append the TTL to the fingerprint X-Git-Tag: v3.4-dev2~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70ffae36146e5d937d168a8acb2532df9cfde029;p=thirdparty%2Fhaproxy.git MINOR: net_helper: add an option to ip.fp() to append the TTL to the fingerprint With mode value 1, the TTL will be appended immediately after the 7 bytes, making it a 8-byte fingerprint. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 0f865d8d6..8dab2c865 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -21143,6 +21143,7 @@ ip.fp([]) value, it then corresponds to the sum of the following values, and the respective components will be concatenated to the fingerprint, in the order below: + - 1: the received TTL value is appended to the fingerprint (1 byte) - 2: the list of TCP option kinds, as returned by "tcp.options_list", made of 0 to 40 extra bytes, is appended to the fingerprint diff --git a/src/net_helper.c b/src/net_helper.c index 4a187b375..49a0d5ed4 100644 --- a/src/net_helper.c +++ b/src/net_helper.c @@ -722,6 +722,9 @@ static int sample_conv_ip_fp(const struct arg *arg_p, struct sample *smp, void * /* store the TOS in the FP's first byte */ trash->area[0] = iptos; + if (mode & 1) // append TTL + trash->area[trash->data++] = ipttl; + /* keep only two bits for TTL: <=32, <=64, <=128, <=255 */ ipttl = (ipttl > 64) ? ((ipttl > 128) ? 3 : 2) : ((ipttl > 32) ? 1 : 0);