MINOR: tools: modify hash_ipanon in order to use it in cli

Add a parameter hasport to return a simple hash or ipstring when
ipstring has no port. Doesn't hash if scramble is null. Add
option PA_O_PORT_RESOLVE to str2sa_range. Add a case UNIX.
Those modification permit to use hash_ipanon in cli section
in order to dump the same anonymization of address in the
configuration file and with CLI.

No backport needed, except if anonymization mechanism is backported.

diff --git a/include/haproxy/tools.h b/include/haproxy/tools.h
index f786e1a475c7b1e67dd15b828d3359233c874b88..320646a5deeb01b13423c292cbcc4a5ec94c0b06 100644 (file)
--- a/include/haproxy/tools.h
+++ b/include/haproxy/tools.h
@@ -491,7 +491,7 @@ unsigned int inetaddr_host_lim_ret(char *text, char *stop, char **ret);
 const char *hash_anon(uint32_t scramble, const char *string2hash, const char *prefix, const char *suffix);
 
 /* Function that hashes or not an ip according to the ipstring entered */
-const char * hash_ipanon(uint32_t scramble, char *ipstring);
+const char * hash_ipanon(uint32_t scramble, char *ipstring, int hasport);
 
 static inline char *cut_crlf(char *s) {
 

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 352953fb76b5bfcfcaa5e9fb001dc1feabcdd375..e6a6d30de6b7cdf9877e074971c38f81e6b66350 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1964,7 +1964,7 @@ next_line:
                                        qfprintf(stdout, "%s %s ", args[0], args[1]);
 
                                        if (arg > 1) {
-                                               qfprintf(stdout, "%s ", args[2]);
+                                               qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
 
                                                if (arg > 2) {
                                                        qfprintf(stdout, "[...]\n");
@@ -2000,7 +2000,7 @@ next_line:
 
                                else if (strcmp(args[0], "bind") == 0) {
                                        qfprintf(stdout, "%s ", args[0]);
-                                       qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1]));
+                                       qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1], 1));
                                        if (arg > 2) {
                                                qfprintf(stdout, "[...]\n");
                                        }
@@ -2019,7 +2019,7 @@ next_line:
                                                qfprintf(stdout, "%s ", HA_ANON_ID(g_key, args[1]));
                                        }
                                        if (arg > 2) {
-                                               qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2]));
+                                               qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
                                        }
                                        if (arg > 3) {
                                                qfprintf(stdout, "[...]\n");
@@ -2060,7 +2060,7 @@ next_line:
                                                qfprintf(stdout, "%s ", args[1]);
                                        }
                                        else {
-                                               qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1]));
+                                               qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1], 1));
                                        }
                                        if (arg > 2) {
                                                qfprintf(stdout, "[...]");
@@ -2070,7 +2070,7 @@ next_line:
 
                                else if (strcmp(args[0], "peer") == 0) {
                                        qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1]));
-                                       qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2]));
+                                       qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
 
                                        if (arg > 3) {
                                                qfprintf(stdout, "[...]");

diff --git a/src/tools.c b/src/tools.c
index f697eaccb976bc3bbbc3c12d4682073c06fc0d20..53958a996a01f7af1e2d8fb5d1ba5084d09e8d2d 100644 (file)
--- a/src/tools.c
+++ b/src/tools.c
@@ -77,7 +77,7 @@ extern void *__elf_aux_vector;
 #define RET0_UNLESS(__x) do { if (!(__x)) return 0; } while (0)
 
 /* Define the number of line of hash_word */
-#define NB_L_HASH_WORD 7
+#define NB_L_HASH_WORD 15
 
 /* enough to store NB_ITOA_STR integers of :
  *   2^64-1 = 18446744073709551615 or
@@ -5876,11 +5876,14 @@ const char *hash_anon(uint32_t scramble, const char *string2hash, const char *pr
 
 /* This function hashes or not an ip address ipstring, scramble is the anonymizing
  * key, returns the hashed ip with his port or ipstring when there is nothing to hash.
+ * Put hasport equal 0 to point out ipstring has no port, else put an other int.
+ * Without port, return a simple hash or ipstring.
  */
-const char *hash_ipanon(uint32_t scramble, char *ipstring)
+const char *hash_ipanon(uint32_t scramble, char *ipstring, int hasport)
 {
        char *errmsg = NULL;
        struct sockaddr_storage *sa;
+       struct sockaddr_storage ss;
        char addr[46];
        int port;
 
@@ -5889,57 +5892,72 @@ const char *hash_ipanon(uint32_t scramble, char *ipstring)
                 index_hash = 0;
        }
 
-       if (strncmp(ipstring, "localhost", 1) == 0) {
+       if (scramble == 0) {
+               return ipstring;
+       }
+       if (strcmp(ipstring, "localhost") == 0) {
                return ipstring;
        }
        else {
-               sa = str2sa_range(ipstring, NULL, NULL, NULL, NULL, NULL, &errmsg, NULL, NULL,
-                                 PA_O_PORT_OK | PA_O_STREAM | PA_O_XPRT | PA_O_CONNECT | PA_O_PORT_RANGE);
-               if (sa == NULL) {
-                       return ipstring;
+               if (hasport == 0) {
+                       memset(&ss, 0, sizeof(ss));
+                       if (str2ip2(ipstring, &ss, 1) == NULL) {
+                               return HA_ANON_STR(scramble, ipstring);
+                       }
+                       sa = &ss;
                }
                else {
-                       addr_to_str(sa, addr, sizeof(addr));
-                       port = get_host_port(sa);
+                       sa = str2sa_range(ipstring, NULL, NULL, NULL, NULL, NULL, &errmsg, NULL, NULL,
+                                         PA_O_PORT_OK | PA_O_STREAM | PA_O_XPRT | PA_O_CONNECT |
+                                         PA_O_PORT_RANGE | PA_O_RESOLVE);
+                       if (sa == NULL) {
+                               return HA_ANON_STR(scramble, ipstring);
+                       }
+               }
+               addr_to_str(sa, addr, sizeof(addr));
+               port = get_host_port(sa);
 
-                       switch(sa->ss_family) {
-                               case AF_INET:
-                                       if (strncmp(addr, "127", 3) == 0 || strncmp(addr, "255", 3) == 0 || strncmp(addr, "0", 1) == 0) {
-                                               return ipstring;
+               switch(sa->ss_family) {
+                       case AF_INET:
+                               if (strncmp(addr, "127", 3) == 0 || strncmp(addr, "255", 3) == 0 || strncmp(addr, "0", 1) == 0) {
+                                       return ipstring;
+                               }
+                               else {
+                                       if (port != 0) {
+                                               snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port);
+                                               return hash_word[index_hash];
                                        }
                                        else {
-                                               if (port != 0) {
-                                                       snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port);
-                                                       return hash_word[index_hash];
-                                               }
-                                               else {
-                                                       snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x)", HA_ANON(scramble, addr, strlen(addr)));
-                                                       return hash_word[index_hash];
-                                               }
+                                               snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x)", HA_ANON(scramble, addr, strlen(addr)));
+                                               return hash_word[index_hash];
                                        }
-                                       break;
+                               }
+                               break;
 
-                               case AF_INET6:
-                                       if (strcmp(addr, "::1") == 0) {
-                                               return ipstring;
+                       case AF_INET6:
+                               if (strcmp(addr, "::1") == 0) {
+                                       return ipstring;
+                               }
+                               else {
+                                       if (port != 0) {
+                                               snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port);
+                                               return hash_word[index_hash];
                                        }
                                        else {
-                                               if (port != 0) {
-                                                       snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port);
-                                                       return hash_word[index_hash];
-                                               }
-                                               else {
-                                                       snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x)", HA_ANON(scramble, addr, strlen(addr)));
-                                                       return hash_word[index_hash];
-                                               }
+                                               snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x)", HA_ANON(scramble, addr, strlen(addr)));
+                                               return hash_word[index_hash];
                                        }
-                                       break;
+                               }
+                               break;
 
-                               default:
-                                       return ipstring;
-                                       break;
-                       };
-               }
+                       case AF_UNIX:
+                               return HA_ANON_STR(scramble, ipstring);
+                               break;
+
+                       default:
+                               return ipstring;
+                               break;
+               };
        }
        return ipstring;
 }