1/* 2 * util/proxy_protocol.c - event notification 3 * 4 * Copyright (c) 2022, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * This file contains PROXY protocol functions. 40 */ 41#include "util/proxy_protocol.h" 42 43/** 44 * Internal struct initialized with function pointers for writing uint16 and 45 * uint32. 46 */ 47struct proxy_protocol_data { 48 void (*write_uint16)(void* buf, uint16_t data); 49 void (*write_uint32)(void* buf, uint32_t data); 50}; 51struct proxy_protocol_data pp_data; 52 53/** 54 * Internal lookup table; could be further generic like sldns_lookup_table 55 * for all the future generic stuff. 56 */ 57struct proxy_protocol_lookup_table { 58 int id; 59 const char *text; 60}; 61 62/** 63 * Internal parsing error text; could be exposed with pp_lookup_error. 64 */ 65static struct proxy_protocol_lookup_table pp_parse_errors_data[] = { 66 { PP_PARSE_NOERROR, "no parse error" }, 67 { PP_PARSE_SIZE, "not enough space for header" }, 68 { PP_PARSE_WRONG_HEADERv2, "could not match PROXYv2 header" }, 69 { PP_PARSE_UNKNOWN_CMD, "unknown command" }, 70 { PP_PARSE_UNKNOWN_FAM_PROT, "unknown family and protocol" }, 71}; 72 73void 74pp_init(void (*write_uint16)(void* buf, uint16_t data), 75 void (*write_uint32)(void* buf, uint32_t data)) { 76 pp_data.write_uint16 = write_uint16; 77 pp_data.write_uint32 = write_uint32; 78} 79 80const char* 81pp_lookup_error(enum pp_parse_errors error) { 82 return pp_parse_errors_data[error].text; 83} 84 85size_t 86pp2_write_to_buf(uint8_t* buf, size_t buflen, 87#ifdef INET6 88 struct sockaddr_storage* src, 89#else 90 struct sockaddr_in* src, 91#endif 92 int stream) 93{ 94 int af; 95 size_t expected_size; 96 if(!src) return 0; 97 af = (int)((struct sockaddr_in*)src)->sin_family; 98 expected_size = PP2_HEADER_SIZE + (af==AF_INET?12:36); 99 if(buflen < expected_size) { 100 return 0; 101 } 102 /* sig */ 103 memcpy(buf, PP2_SIG, PP2_SIG_LEN); 104 buf += PP2_SIG_LEN; 105 /* version and command */ 106 *buf = (PP2_VERSION << 4) | PP2_CMD_PROXY; 107 buf++; 108 switch(af) { 109 case AF_INET: 110 /* family and protocol */ 111 *buf = (PP2_AF_INET<<4) | 112 (stream?PP2_PROT_STREAM:PP2_PROT_DGRAM); 113 buf++; 114 /* length */ 115 (*pp_data.write_uint16)(buf, 12); 116 buf += 2; 117 /* src addr */ 118 memcpy(buf, 119 &((struct sockaddr_in*)src)->sin_addr.s_addr, 4); 120 buf += 4; 121 /* dst addr */ 122 (*pp_data.write_uint32)(buf, 0); 123 buf += 4; 124 /* src port */ 125 memcpy(buf, 126 &((struct sockaddr_in*)src)->sin_port, 2); 127 buf += 2; 128 /* dst addr */ 129 /* dst port */ 130 (*pp_data.write_uint16)(buf, 12); 131 break; 132#ifdef INET6 133 case AF_INET6: 134 /* family and protocol */ 135 *buf = (PP2_AF_INET6<<4) | 136 (stream?PP2_PROT_STREAM:PP2_PROT_DGRAM); 137 buf++; 138 /* length */ 139 (*pp_data.write_uint16)(buf, 36); 140 buf += 2; 141 /* src addr */ 142 memcpy(buf, 143 &((struct sockaddr_in6*)src)->sin6_addr, 16); 144 buf += 16; 145 /* dst addr */ 146 memset(buf, 0, 16); 147 buf += 16; 148 /* src port */ 149 memcpy(buf, &((struct sockaddr_in6*)src)->sin6_port, 2); 150 buf += 2; 151 /* dst port */ 152 (*pp_data.write_uint16)(buf, 0); 153 break; 154#endif /* INET6 */ 155 case AF_UNIX: 156 /* fallthrough */ 157 default: 158 return 0; 159 } 160 return expected_size; 161} 162 163int 164pp2_read_header(uint8_t* buf, size_t buflen) 165{ 166 size_t size; 167 struct pp2_header* header = (struct pp2_header*)buf; 168 /* Try to fail all the unsupported cases first. */ 169 if(buflen < PP2_HEADER_SIZE) { 170 return PP_PARSE_SIZE; 171 } 172 /* Check for PROXYv2 header */ 173 if(memcmp(header, PP2_SIG, PP2_SIG_LEN) != 0 || 174 ((header->ver_cmd & 0xF0)>>4) != PP2_VERSION) { 175 return PP_PARSE_WRONG_HEADERv2; 176 } 177 /* Check the length */ 178 size = PP2_HEADER_SIZE + ntohs(header->len); 179 if(buflen < size) { 180 return PP_PARSE_SIZE; 181 } 182 /* Check for supported commands */ 183 if((header->ver_cmd & 0xF) != PP2_CMD_LOCAL && 184 (header->ver_cmd & 0xF) != PP2_CMD_PROXY) { 185 return PP_PARSE_UNKNOWN_CMD; 186 } 187 /* Check for supported family and protocol */ 188 if(header->fam_prot != PP2_UNSPEC_UNSPEC && 189 header->fam_prot != PP2_INET_STREAM && 190 header->fam_prot != PP2_INET_DGRAM && 191 header->fam_prot != PP2_INET6_STREAM && 192 header->fam_prot != PP2_INET6_DGRAM && 193 header->fam_prot != PP2_UNIX_STREAM && 194 header->fam_prot != PP2_UNIX_DGRAM) { 195 return PP_PARSE_UNKNOWN_FAM_PROT; 196 } 197 /* We have a correct header */ 198 return PP_PARSE_NOERROR; 199} 200