blob: 054168a51286b7cf864e13f4686049dbb8ca9efe [file] [log] [blame]
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001/*
2 * General protocol-agnostic payload-based sample fetches and ACLs
3 *
4 * Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <stdlib.h>
14#include <string.h>
15
Willy Tarreaud716f9b2017-10-13 11:03:15 +020016#include <common/net_helper.h>
Willy Tarreaud4c33c82013-01-07 21:59:07 +010017#include <proto/acl.h>
18#include <proto/arg.h>
19#include <proto/channel.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010020#include <proto/pattern.h>
Willy Tarreaud4c33c82013-01-07 21:59:07 +010021#include <proto/payload.h>
22#include <proto/sample.h>
23
24
25/************************************************************************/
26/* All supported sample fetch functions must be declared here */
27/************************************************************************/
28
29/* wait for more data as long as possible, then return TRUE. This should be
30 * used with content inspection.
31 */
32static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +020033smp_fetch_wait_end(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010034{
Thierry FOURNIER0786d052015-05-11 15:42:45 +020035 if (!(smp->opt & SMP_OPT_FINAL)) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +010036 smp->flags |= SMP_F_MAY_CHANGE;
37 return 0;
38 }
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +020039 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +020040 smp->data.u.sint = 1;
Willy Tarreaud4c33c82013-01-07 21:59:07 +010041 return 1;
42}
43
44/* return the number of bytes in the request buffer */
45static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +020046smp_fetch_len(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010047{
Willy Tarreau22ec1ea2014-11-27 20:45:39 +010048 struct channel *chn;
49
Willy Tarreaube508f12016-03-10 11:47:01 +010050 if (!smp->strm)
51 return 0;
52
Thierry FOURNIER0786d052015-05-11 15:42:45 +020053 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +020054 smp->data.type = SMP_T_SINT;
Willy Tarreaufc0785d2018-06-19 07:19:56 +020055 smp->data.u.sint = ci_data(chn);
Willy Tarreaud4c33c82013-01-07 21:59:07 +010056 smp->flags = SMP_F_VOLATILE | SMP_F_MAY_CHANGE;
57 return 1;
58}
59
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053060/* Returns 0 if the client didn't send a SessionTicket Extension
61 * Returns 1 if the client sent SessionTicket Extension
62 * Returns 2 if the client also sent non-zero length SessionTicket
63 * Returns SMP_T_SINT data type
64 */
65static int
66smp_fetch_req_ssl_st_ext(const struct arg *args, struct sample *smp, const char *kw, void *private)
67{
68 int hs_len, ext_len, bleft;
69 struct channel *chn;
70 unsigned char *data;
71
Willy Tarreaube508f12016-03-10 11:47:01 +010072 if (!smp->strm)
73 goto not_ssl_hello;
74
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053075 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +020076 bleft = ci_data(chn);
77 data = (unsigned char *)ci_head(chn);
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053078
79 /* Check for SSL/TLS Handshake */
80 if (!bleft)
81 goto too_short;
82 if (*data != 0x16)
83 goto not_ssl_hello;
84
85 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
86 if (bleft < 3)
87 goto too_short;
88 if (data[1] < 0x03)
89 goto not_ssl_hello;
90
91 if (bleft < 5)
92 goto too_short;
93 hs_len = (data[3] << 8) + data[4];
94 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
95 goto not_ssl_hello; /* too short to have an extension */
96
97 data += 5; /* enter TLS handshake */
98 bleft -= 5;
99
100 /* Check for a complete client hello starting at <data> */
101 if (bleft < 1)
102 goto too_short;
103 if (data[0] != 0x01) /* msg_type = Client Hello */
104 goto not_ssl_hello;
105
106 /* Check the Hello's length */
107 if (bleft < 4)
108 goto too_short;
109 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
110 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
111 goto not_ssl_hello; /* too short to have an extension */
112
113 /* We want the full handshake here */
114 if (bleft < hs_len)
115 goto too_short;
116
117 data += 4;
118 /* Start of the ClientHello message */
119 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
120 goto not_ssl_hello;
121
122 ext_len = data[34]; /* session_id_len */
123 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
124 goto not_ssl_hello;
125
126 /* Jump to cipher suite */
127 hs_len -= 35 + ext_len;
128 data += 35 + ext_len;
129
130 if (hs_len < 4 || /* minimum one cipher */
131 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
132 ext_len > hs_len)
133 goto not_ssl_hello;
134
135 /* Jump to the compression methods */
136 hs_len -= 2 + ext_len;
137 data += 2 + ext_len;
138
139 if (hs_len < 2 || /* minimum one compression method */
140 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
141 goto not_ssl_hello;
142
143 /* Jump to the extensions */
144 hs_len -= 1 + data[0];
145 data += 1 + data[0];
146
147 if (hs_len < 2 || /* minimum one extension list length */
148 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
149 goto not_ssl_hello;
150
151 hs_len = ext_len; /* limit ourselves to the extension length */
152 data += 2;
153
154 while (hs_len >= 4) {
155 int ext_type, ext_len;
156
157 ext_type = (data[0] << 8) + data[1];
158 ext_len = (data[2] << 8) + data[3];
159
160 if (ext_len > hs_len - 4) /* Extension too long */
161 goto not_ssl_hello;
162
163 /* SesstionTicket extension */
164 if (ext_type == 35) {
165 smp->data.type = SMP_T_SINT;
166 /* SessionTicket also present */
167 if (ext_len > 0)
168 smp->data.u.sint = 2;
169 /* SessionTicket absent */
170 else
171 smp->data.u.sint = 1;
172 smp->flags = SMP_F_VOLATILE;
173 return 1;
174 }
175
176 hs_len -= 4 + ext_len;
177 data += 4 + ext_len;
178 }
179 /* SessionTicket Extension not found */
180 smp->data.type = SMP_T_SINT;
181 smp->data.u.sint = 0;
182 smp->flags = SMP_F_VOLATILE;
183 return 1;
184
Pradeep Jindalbb2acf52015-09-29 10:12:57 +0530185 too_short:
186 smp->flags = SMP_F_MAY_CHANGE;
187
188 not_ssl_hello:
189 return 0;
190}
191
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200192/* Returns TRUE if the client sent Supported Elliptic Curves Extension (0x000a)
193 * Mainly used to detect if client supports ECC cipher suites.
194 */
195static int
196smp_fetch_req_ssl_ec_ext(const struct arg *args, struct sample *smp, const char *kw, void *private)
197{
198 int hs_len, ext_len, bleft;
199 struct channel *chn;
200 unsigned char *data;
201
Willy Tarreaube508f12016-03-10 11:47:01 +0100202 if (!smp->strm)
203 goto not_ssl_hello;
204
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200205 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200206 bleft = ci_data(chn);
207 data = (unsigned char *)ci_head(chn);
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200208
209 /* Check for SSL/TLS Handshake */
210 if (!bleft)
211 goto too_short;
212 if (*data != 0x16)
213 goto not_ssl_hello;
214
215 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
216 if (bleft < 3)
217 goto too_short;
218 if (data[1] < 0x03)
219 goto not_ssl_hello;
220
221 if (bleft < 5)
222 goto too_short;
223 hs_len = (data[3] << 8) + data[4];
224 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
225 goto not_ssl_hello; /* too short to have an extension */
226
227 data += 5; /* enter TLS handshake */
228 bleft -= 5;
229
230 /* Check for a complete client hello starting at <data> */
231 if (bleft < 1)
232 goto too_short;
233 if (data[0] != 0x01) /* msg_type = Client Hello */
234 goto not_ssl_hello;
235
236 /* Check the Hello's length */
237 if (bleft < 4)
238 goto too_short;
239 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
240 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
241 goto not_ssl_hello; /* too short to have an extension */
242
243 /* We want the full handshake here */
244 if (bleft < hs_len)
245 goto too_short;
246
247 data += 4;
248 /* Start of the ClientHello message */
249 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
250 goto not_ssl_hello;
251
252 ext_len = data[34]; /* session_id_len */
253 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
254 goto not_ssl_hello;
255
256 /* Jump to cipher suite */
257 hs_len -= 35 + ext_len;
258 data += 35 + ext_len;
259
260 if (hs_len < 4 || /* minimum one cipher */
261 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
262 ext_len > hs_len)
263 goto not_ssl_hello;
264
265 /* Jump to the compression methods */
266 hs_len -= 2 + ext_len;
267 data += 2 + ext_len;
268
269 if (hs_len < 2 || /* minimum one compression method */
270 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
271 goto not_ssl_hello;
272
273 /* Jump to the extensions */
274 hs_len -= 1 + data[0];
275 data += 1 + data[0];
276
277 if (hs_len < 2 || /* minimum one extension list length */
278 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
279 goto not_ssl_hello;
280
281 hs_len = ext_len; /* limit ourselves to the extension length */
282 data += 2;
283
284 while (hs_len >= 4) {
285 int ext_type, ext_len;
286
287 ext_type = (data[0] << 8) + data[1];
288 ext_len = (data[2] << 8) + data[3];
289
290 if (ext_len > hs_len - 4) /* Extension too long */
291 goto not_ssl_hello;
292
293 /* Elliptic curves extension */
294 if (ext_type == 10) {
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200295 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200296 smp->data.u.sint = 1;
Nenad Merdanovic8a39a1f2015-07-15 12:51:11 +0200297 smp->flags = SMP_F_VOLATILE;
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200298 return 1;
299 }
300
301 hs_len -= 4 + ext_len;
302 data += 4 + ext_len;
303 }
304 /* server name not found */
305 goto not_ssl_hello;
306
307 too_short:
308 smp->flags = SMP_F_MAY_CHANGE;
309
310 not_ssl_hello:
311
312 return 0;
313}
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100314/* returns the type of SSL hello message (mainly used to detect an SSL hello) */
315static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200316smp_fetch_ssl_hello_type(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100317{
318 int hs_len;
319 int hs_type, bleft;
320 struct channel *chn;
321 const unsigned char *data;
322
Willy Tarreaube508f12016-03-10 11:47:01 +0100323 if (!smp->strm)
324 goto not_ssl_hello;
325
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200326 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200327 bleft = ci_data(chn);
328 data = (const unsigned char *)ci_head(chn);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100329
330 if (!bleft)
331 goto too_short;
332
333 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
334 /* SSLv3 header format */
335 if (bleft < 9)
336 goto too_short;
337
338 /* ssl version 3 */
339 if ((data[1] << 16) + data[2] < 0x00030000)
340 goto not_ssl_hello;
341
342 /* ssl message len must present handshake type and len */
343 if ((data[3] << 8) + data[4] < 4)
344 goto not_ssl_hello;
345
346 /* format introduced with SSLv3 */
347
348 hs_type = (int)data[5];
349 hs_len = ( data[6] << 16 ) + ( data[7] << 8 ) + data[8];
350
351 /* not a full handshake */
352 if (bleft < (9 + hs_len))
353 goto too_short;
354
355 }
356 else {
357 goto not_ssl_hello;
358 }
359
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200360 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200361 smp->data.u.sint = hs_type;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100362 smp->flags = SMP_F_VOLATILE;
363
364 return 1;
365
366 too_short:
367 smp->flags = SMP_F_MAY_CHANGE;
368
369 not_ssl_hello:
370
371 return 0;
372}
373
374/* Return the version of the SSL protocol in the request. It supports both
375 * SSLv3 (TLSv1) header format for any message, and SSLv2 header format for
376 * the hello message. The SSLv3 format is described in RFC 2246 p49, and the
377 * SSLv2 format is described here, and completed p67 of RFC 2246 :
378 * http://wp.netscape.com/eng/security/SSL_2.html
379 *
380 * Note: this decoder only works with non-wrapping data.
381 */
382static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200383smp_fetch_req_ssl_ver(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100384{
385 int version, bleft, msg_len;
386 const unsigned char *data;
Willy Tarreaube508f12016-03-10 11:47:01 +0100387 struct channel *req;
388
389 if (!smp->strm)
390 return 0;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100391
Willy Tarreaube508f12016-03-10 11:47:01 +0100392 req = &smp->strm->req;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100393 msg_len = 0;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200394 bleft = ci_data(req);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100395 if (!bleft)
396 goto too_short;
397
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200398 data = (const unsigned char *)ci_head(req);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100399 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
400 /* SSLv3 header format */
Lukas Tribusc93242c2015-11-05 13:59:30 +0100401 if (bleft < 11)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100402 goto too_short;
403
Lukas Tribusc93242c2015-11-05 13:59:30 +0100404 version = (data[1] << 16) + data[2]; /* record layer version: major, minor */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100405 msg_len = (data[3] << 8) + data[4]; /* record length */
406
407 /* format introduced with SSLv3 */
408 if (version < 0x00030000)
409 goto not_ssl;
410
Lukas Tribusc93242c2015-11-05 13:59:30 +0100411 /* message length between 6 and 2^14 + 2048 */
412 if (msg_len < 6 || msg_len > ((1<<14) + 2048))
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100413 goto not_ssl;
414
415 bleft -= 5; data += 5;
Lukas Tribusc93242c2015-11-05 13:59:30 +0100416
417 /* return the client hello client version, not the record layer version */
418 version = (data[4] << 16) + data[5]; /* client hello version: major, minor */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100419 } else {
420 /* SSLv2 header format, only supported for hello (msg type 1) */
421 int rlen, plen, cilen, silen, chlen;
422
423 if (*data & 0x80) {
424 if (bleft < 3)
425 goto too_short;
426 /* short header format : 15 bits for length */
427 rlen = ((data[0] & 0x7F) << 8) | data[1];
428 plen = 0;
429 bleft -= 2; data += 2;
430 } else {
431 if (bleft < 4)
432 goto too_short;
433 /* long header format : 14 bits for length + pad length */
434 rlen = ((data[0] & 0x3F) << 8) | data[1];
435 plen = data[2];
Willy Tarreau74967f62016-08-30 14:39:46 +0200436 bleft -= 3; data += 3;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100437 }
438
439 if (*data != 0x01)
440 goto not_ssl;
441 bleft--; data++;
442
443 if (bleft < 8)
444 goto too_short;
445 version = (data[0] << 16) + data[1]; /* version: major, minor */
446 cilen = (data[2] << 8) + data[3]; /* cipher len, multiple of 3 */
447 silen = (data[4] << 8) + data[5]; /* session_id_len: 0 or 16 */
448 chlen = (data[6] << 8) + data[7]; /* 16<=challenge length<=32 */
449
450 bleft -= 8; data += 8;
451 if (cilen % 3 != 0)
452 goto not_ssl;
453 if (silen && silen != 16)
454 goto not_ssl;
455 if (chlen < 16 || chlen > 32)
456 goto not_ssl;
457 if (rlen != 9 + cilen + silen + chlen)
458 goto not_ssl;
459
460 /* focus on the remaining data length */
461 msg_len = cilen + silen + chlen + plen;
462 }
463 /* We could recursively check that the buffer ends exactly on an SSL
464 * fragment boundary and that a possible next segment is still SSL,
465 * but that's a bit pointless. However, we could still check that
466 * all the part of the request which fits in a buffer is already
467 * there.
468 */
Willy Tarreauc9fa0482018-07-10 17:43:27 +0200469 if (msg_len > channel_recv_limit(req) + b_orig(&req->buf) - ci_head(req))
470 msg_len = channel_recv_limit(req) + b_orig(&req->buf) - ci_head(req);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100471
472 if (bleft < msg_len)
473 goto too_short;
474
475 /* OK that's enough. We have at least the whole message, and we have
476 * the protocol version.
477 */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200478 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200479 smp->data.u.sint = version;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100480 smp->flags = SMP_F_VOLATILE;
481 return 1;
482
483 too_short:
484 smp->flags = SMP_F_MAY_CHANGE;
485 not_ssl:
486 return 0;
487}
488
489/* Try to extract the Server Name Indication that may be presented in a TLS
490 * client hello handshake message. The format of the message is the following
491 * (cf RFC5246 + RFC6066) :
492 * TLS frame :
493 * - uint8 type = 0x16 (Handshake)
494 * - uint16 version >= 0x0301 (TLSv1)
495 * - uint16 length (frame length)
496 * - TLS handshake :
497 * - uint8 msg_type = 0x01 (ClientHello)
498 * - uint24 length (handshake message length)
499 * - ClientHello :
500 * - uint16 client_version >= 0x0301 (TLSv1)
501 * - uint8 Random[32] (4 first ones are timestamp)
502 * - SessionID :
503 * - uint8 session_id_len (0..32) (SessionID len in bytes)
504 * - uint8 session_id[session_id_len]
505 * - CipherSuite :
506 * - uint16 cipher_len >= 2 (Cipher length in bytes)
507 * - uint16 ciphers[cipher_len/2]
508 * - CompressionMethod :
509 * - uint8 compression_len >= 1 (# of supported methods)
510 * - uint8 compression_methods[compression_len]
511 * - optional client_extension_len (in bytes)
512 * - optional sequence of ClientHelloExtensions (as many bytes as above):
513 * - uint16 extension_type = 0 for server_name
514 * - uint16 extension_len
515 * - opaque extension_data[extension_len]
516 * - uint16 server_name_list_len (# of bytes here)
517 * - opaque server_names[server_name_list_len bytes]
518 * - uint8 name_type = 0 for host_name
519 * - uint16 name_len
520 * - opaque hostname[name_len bytes]
521 */
522static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200523smp_fetch_ssl_hello_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100524{
525 int hs_len, ext_len, bleft;
526 struct channel *chn;
527 unsigned char *data;
528
Willy Tarreaube508f12016-03-10 11:47:01 +0100529 if (!smp->strm)
530 goto not_ssl_hello;
531
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200532 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200533 bleft = ci_data(chn);
534 data = (unsigned char *)ci_head(chn);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100535
536 /* Check for SSL/TLS Handshake */
537 if (!bleft)
538 goto too_short;
539 if (*data != 0x16)
540 goto not_ssl_hello;
541
Lukas Tribus57d22972014-04-10 21:36:22 +0200542 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100543 if (bleft < 3)
544 goto too_short;
Lukas Tribus57d22972014-04-10 21:36:22 +0200545 if (data[1] < 0x03)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100546 goto not_ssl_hello;
547
548 if (bleft < 5)
549 goto too_short;
550 hs_len = (data[3] << 8) + data[4];
551 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
552 goto not_ssl_hello; /* too short to have an extension */
553
554 data += 5; /* enter TLS handshake */
555 bleft -= 5;
556
557 /* Check for a complete client hello starting at <data> */
558 if (bleft < 1)
559 goto too_short;
560 if (data[0] != 0x01) /* msg_type = Client Hello */
561 goto not_ssl_hello;
562
563 /* Check the Hello's length */
564 if (bleft < 4)
565 goto too_short;
566 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
567 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
568 goto not_ssl_hello; /* too short to have an extension */
569
570 /* We want the full handshake here */
571 if (bleft < hs_len)
572 goto too_short;
573
574 data += 4;
575 /* Start of the ClientHello message */
576 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
577 goto not_ssl_hello;
578
579 ext_len = data[34]; /* session_id_len */
580 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
581 goto not_ssl_hello;
582
583 /* Jump to cipher suite */
584 hs_len -= 35 + ext_len;
585 data += 35 + ext_len;
586
587 if (hs_len < 4 || /* minimum one cipher */
588 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
589 ext_len > hs_len)
590 goto not_ssl_hello;
591
592 /* Jump to the compression methods */
593 hs_len -= 2 + ext_len;
594 data += 2 + ext_len;
595
596 if (hs_len < 2 || /* minimum one compression method */
597 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
598 goto not_ssl_hello;
599
600 /* Jump to the extensions */
601 hs_len -= 1 + data[0];
602 data += 1 + data[0];
603
604 if (hs_len < 2 || /* minimum one extension list length */
605 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
606 goto not_ssl_hello;
607
608 hs_len = ext_len; /* limit ourselves to the extension length */
609 data += 2;
610
611 while (hs_len >= 4) {
612 int ext_type, name_type, srv_len, name_len;
613
614 ext_type = (data[0] << 8) + data[1];
615 ext_len = (data[2] << 8) + data[3];
616
617 if (ext_len > hs_len - 4) /* Extension too long */
618 goto not_ssl_hello;
619
620 if (ext_type == 0) { /* Server name */
621 if (ext_len < 2) /* need one list length */
622 goto not_ssl_hello;
623
624 srv_len = (data[4] << 8) + data[5];
625 if (srv_len < 4 || srv_len > hs_len - 6)
626 goto not_ssl_hello; /* at least 4 bytes per server name */
627
628 name_type = data[6];
629 name_len = (data[7] << 8) + data[8];
630
631 if (name_type == 0) { /* hostname */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200632 smp->data.type = SMP_T_STR;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200633 smp->data.u.str.area = (char *)data + 9;
634 smp->data.u.str.data = name_len;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100635 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100636 return 1;
637 }
638 }
639
640 hs_len -= 4 + ext_len;
641 data += 4 + ext_len;
642 }
643 /* server name not found */
644 goto not_ssl_hello;
645
646 too_short:
647 smp->flags = SMP_F_MAY_CHANGE;
648
649 not_ssl_hello:
650
651 return 0;
652}
653
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200654/* Fetch the request RDP cookie identified in <cname>:<clen>, or any cookie if
Willy Tarreaub169eba2013-12-16 15:14:43 +0100655 * <clen> is empty (cname is then ignored). It returns the data into sample <smp>
656 * of type SMP_T_CSTR. Note: this decoder only works with non-wrapping data.
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100657 */
658int
Willy Tarreau87b09662015-04-03 00:22:06 +0200659fetch_rdp_cookie_name(struct stream *s, struct sample *smp, const char *cname, int clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100660{
661 int bleft;
662 const unsigned char *data;
663
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100664 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200665 smp->data.type = SMP_T_STR;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100666
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200667 bleft = ci_data(&s->req);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100668 if (bleft <= 11)
669 goto too_short;
670
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200671 data = (const unsigned char *)ci_head(&s->req) + 11;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100672 bleft -= 11;
673
674 if (bleft <= 7)
675 goto too_short;
676
677 if (strncasecmp((const char *)data, "Cookie:", 7) != 0)
678 goto not_cookie;
679
680 data += 7;
681 bleft -= 7;
682
683 while (bleft > 0 && *data == ' ') {
684 data++;
685 bleft--;
686 }
687
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200688 if (clen) {
689 if (bleft <= clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100690 goto too_short;
691
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200692 if ((data[clen] != '=') ||
693 strncasecmp(cname, (const char *)data, clen) != 0)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100694 goto not_cookie;
695
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200696 data += clen + 1;
697 bleft -= clen + 1;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100698 } else {
699 while (bleft > 0 && *data != '=') {
700 if (*data == '\r' || *data == '\n')
701 goto not_cookie;
702 data++;
703 bleft--;
704 }
705
706 if (bleft < 1)
707 goto too_short;
708
709 if (*data != '=')
710 goto not_cookie;
711
712 data++;
713 bleft--;
714 }
715
716 /* data points to cookie value */
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200717 smp->data.u.str.area = (char *)data;
718 smp->data.u.str.data = 0;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100719
720 while (bleft > 0 && *data != '\r') {
721 data++;
722 bleft--;
723 }
724
725 if (bleft < 2)
726 goto too_short;
727
728 if (data[0] != '\r' || data[1] != '\n')
729 goto not_cookie;
730
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200731 smp->data.u.str.data = (char *)data - smp->data.u.str.area;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100732 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100733 return 1;
734
735 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100736 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100737 not_cookie:
738 return 0;
739}
740
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200741/* Fetch the request RDP cookie identified in the args, or any cookie if no arg
742 * is passed. It is usable both for ACL and for samples. Note: this decoder
743 * only works with non-wrapping data. Accepts either 0 or 1 argument. Argument
Willy Tarreaub169eba2013-12-16 15:14:43 +0100744 * is a string (cookie name), other types will lead to undefined behaviour. The
745 * returned sample has type SMP_T_CSTR.
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200746 */
747int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200748smp_fetch_rdp_cookie(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200749{
Willy Tarreaube508f12016-03-10 11:47:01 +0100750 if (!smp->strm)
751 return 0;
752
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200753 return fetch_rdp_cookie_name(smp->strm, smp,
754 args ? args->data.str.area : NULL,
755 args ? args->data.str.data : 0);
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200756}
757
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100758/* returns either 1 or 0 depending on whether an RDP cookie is found or not */
759static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200760smp_fetch_rdp_cookie_cnt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100761{
762 int ret;
763
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200764 ret = smp_fetch_rdp_cookie(args, smp, kw, private);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100765
766 if (smp->flags & SMP_F_MAY_CHANGE)
767 return 0;
768
769 smp->flags = SMP_F_VOLATILE;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200770 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200771 smp->data.u.sint = ret;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100772 return 1;
773}
774
775/* extracts part of a payload with offset and length at a given position */
776static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200777smp_fetch_payload_lv(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100778{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200779 unsigned int len_offset = arg_p[0].data.sint;
780 unsigned int len_size = arg_p[1].data.sint;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100781 unsigned int buf_offset;
782 unsigned int buf_size = 0;
783 struct channel *chn;
784 int i;
785
786 /* Format is (len offset, len size, buf offset) or (len offset, len size) */
787 /* by default buf offset == len offset + len size */
788 /* buf offset could be absolute or relative to len offset + len size if prefixed by + or - */
789
Willy Tarreaube508f12016-03-10 11:47:01 +0100790 if (!smp->strm)
791 return 0;
792
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200793 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200794 if (len_offset + len_size > ci_data(chn))
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100795 goto too_short;
796
797 for (i = 0; i < len_size; i++) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200798 buf_size = (buf_size << 8) + ((unsigned char *)ci_head(chn))[i + len_offset];
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100799 }
800
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200801 /* buf offset may be implicit, absolute or relative. If the LSB
802 * is set, then the offset is relative otherwise it is absolute.
803 */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100804 buf_offset = len_offset + len_size;
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200805 if (arg_p[2].type == ARGT_SINT) {
806 if (arg_p[2].data.sint & 1)
807 buf_offset += arg_p[2].data.sint >> 1;
808 else
809 buf_offset = arg_p[2].data.sint >> 1;
810 }
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100811
Willy Tarreaud7bdcb82015-09-24 16:33:10 +0200812 if (!buf_size || buf_size > global.tune.bufsize || buf_offset + buf_size > global.tune.bufsize) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100813 /* will never match */
814 smp->flags = 0;
815 return 0;
816 }
817
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200818 if (buf_offset + buf_size > ci_data(chn))
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100819 goto too_short;
820
821 /* init chunk as read only */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200822 smp->data.type = SMP_T_BIN;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100823 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200824 chunk_initlen(&smp->data.u.str, ci_head(chn) + buf_offset, 0, buf_size);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100825 return 1;
826
827 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100828 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100829 return 0;
830}
831
832/* extracts some payload at a fixed position and length */
833static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200834smp_fetch_payload(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100835{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200836 unsigned int buf_offset = arg_p[0].data.sint;
837 unsigned int buf_size = arg_p[1].data.sint;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100838 struct channel *chn;
839
Willy Tarreaube508f12016-03-10 11:47:01 +0100840 if (!smp->strm)
841 return 0;
842
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200843 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Felipe Guerreiro Barbosa Ruiz00f55522017-03-16 17:01:41 -0300844 if (buf_size > global.tune.bufsize || buf_offset + buf_size > global.tune.bufsize) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100845 /* will never match */
846 smp->flags = 0;
847 return 0;
848 }
849
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200850 if (buf_offset + buf_size > ci_data(chn))
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100851 goto too_short;
852
853 /* init chunk as read only */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200854 smp->data.type = SMP_T_BIN;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100855 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200856 chunk_initlen(&smp->data.u.str, ci_head(chn) + buf_offset, 0, buf_size ? buf_size : (ci_data(chn) - buf_offset));
Willy Tarreau3889fff2015-01-13 20:20:10 +0100857 if (!buf_size && channel_may_recv(chn) && !channel_input_closed(chn))
Willy Tarreau00f00842013-08-02 11:07:32 +0200858 smp->flags |= SMP_F_MAY_CHANGE;
859
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100860 return 1;
861
862 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100863 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100864 return 0;
865}
866
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100867/* This function is used to validate the arguments passed to a "payload_lv" fetch
868 * keyword. This keyword allows two positive integers and an optional signed one,
869 * with the second one being strictly positive and the third one being greater than
870 * the opposite of the two others if negative. It is assumed that the types are
871 * already the correct ones. Returns 0 on error, non-zero if OK. If <err_msg> is
872 * not NULL, it will be filled with a pointer to an error message in case of
873 * error, that the caller is responsible for freeing. The initial location must
874 * either be freeable or NULL.
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200875 *
876 * Note that offset2 is stored with SINT type, but its not directly usable as is.
877 * The value is contained in the 63 MSB and the LSB is used as a flag for marking
878 * the "relative" property of the value.
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100879 */
Thierry FOURNIER49f45af2014-12-08 19:50:43 +0100880int val_payload_lv(struct arg *arg, char **err_msg)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100881{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200882 int relative = 0;
883 const char *str;
884
885 if (arg[0].data.sint < 0) {
886 memprintf(err_msg, "payload offset1 must be positive");
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100887 return 0;
888 }
889
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200890 if (!arg[1].data.sint) {
891 memprintf(err_msg, "payload length must be > 0");
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100892 return 0;
893 }
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200894
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200895 if (arg[2].type == ARGT_STR && arg[2].data.str.data > 0) {
896 if (arg[2].data.str.area[0] == '+' || arg[2].data.str.area[0] == '-')
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200897 relative = 1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200898 str = arg[2].data.str.area;
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200899 arg[2].type = ARGT_SINT;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200900 arg[2].data.sint = read_int64(&str,
901 str + arg[2].data.str.data);
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200902 if (*str != '\0') {
903 memprintf(err_msg, "payload offset2 is not a number");
904 return 0;
905 }
906 if (arg[0].data.sint + arg[1].data.sint + arg[2].data.sint < 0) {
907 memprintf(err_msg, "payload offset2 too negative");
908 return 0;
909 }
910 if (relative)
911 arg[2].data.sint = ( arg[2].data.sint << 1 ) + 1;
912 }
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100913 return 1;
914}
915
Willy Tarreaud716f9b2017-10-13 11:03:15 +0200916/* extracts the parameter value of a distcc token */
917static int
918smp_fetch_distcc_param(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
919{
920 unsigned int match_tok = arg_p[0].data.sint;
921 unsigned int match_occ = arg_p[1].data.sint;
922 unsigned int token;
923 unsigned int param;
924 unsigned int body;
925 unsigned int ofs;
926 unsigned int occ;
927 struct channel *chn;
928 int i;
929
930 /* Format is (token[,occ]). occ starts at 1. */
931
932 if (!smp->strm)
933 return 0;
934
935 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
936
937 ofs = 0; occ = 0;
938 while (1) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200939 if (ofs + 12 > ci_data(chn)) {
Willy Tarreaud716f9b2017-10-13 11:03:15 +0200940 /* not there yet but could it at least fit ? */
Willy Tarreauc9fa0482018-07-10 17:43:27 +0200941 if (!chn->buf.size)
Willy Tarreaud716f9b2017-10-13 11:03:15 +0200942 goto too_short;
943
Willy Tarreauc9fa0482018-07-10 17:43:27 +0200944 if (ofs + 12 <= channel_recv_limit(chn) + b_orig(&chn->buf) - ci_head(chn))
Willy Tarreaud716f9b2017-10-13 11:03:15 +0200945 goto too_short;
946
947 goto no_match;
948 }
949
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200950 token = read_n32(ci_head(chn) + ofs);
Willy Tarreaud716f9b2017-10-13 11:03:15 +0200951 ofs += 4;
952
953 for (i = param = 0; i < 8; i++) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200954 int c = hex2i(ci_head(chn)[ofs + i]);
Willy Tarreaud716f9b2017-10-13 11:03:15 +0200955
956 if (c < 0)
957 goto no_match;
958 param = (param << 4) + c;
959 }
960 ofs += 8;
961
962 /* these tokens don't have a body */
963 if (token != 0x41524743 /* ARGC */ && token != 0x44495354 /* DIST */ &&
964 token != 0x4E46494C /* NFIL */ && token != 0x53544154 /* STAT */ &&
965 token != 0x444F4E45 /* DONE */)
966 body = param;
967 else
968 body = 0;
969
970 if (token == match_tok) {
971 occ++;
972 if (!match_occ || match_occ == occ) {
973 /* found */
974 smp->data.type = SMP_T_SINT;
975 smp->data.u.sint = param;
976 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
977 return 1;
978 }
979 }
980 ofs += body;
981 }
982
983 too_short:
984 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
985 return 0;
986 no_match:
987 /* will never match (end of buffer, or bad contents) */
988 smp->flags = 0;
989 return 0;
990
991}
992
993/* extracts the (possibly truncated) body of a distcc token */
994static int
995smp_fetch_distcc_body(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
996{
997 unsigned int match_tok = arg_p[0].data.sint;
998 unsigned int match_occ = arg_p[1].data.sint;
999 unsigned int token;
1000 unsigned int param;
1001 unsigned int ofs;
1002 unsigned int occ;
1003 unsigned int body;
1004 struct channel *chn;
1005 int i;
1006
1007 /* Format is (token[,occ]). occ starts at 1. */
1008
1009 if (!smp->strm)
1010 return 0;
1011
1012 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
1013
1014 ofs = 0; occ = 0;
1015 while (1) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001016 if (ofs + 12 > ci_data(chn)) {
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001017 if (!chn->buf.size)
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001018 goto too_short;
1019
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001020 if (ofs + 12 <= channel_recv_limit(chn) + b_orig(&chn->buf) - ci_head(chn))
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001021 goto too_short;
1022
1023 goto no_match;
1024 }
1025
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001026 token = read_n32(ci_head(chn) + ofs);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001027 ofs += 4;
1028
1029 for (i = param = 0; i < 8; i++) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001030 int c = hex2i(ci_head(chn)[ofs + i]);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001031
1032 if (c < 0)
1033 goto no_match;
1034 param = (param << 4) + c;
1035 }
1036 ofs += 8;
1037
1038 /* these tokens don't have a body */
1039 if (token != 0x41524743 /* ARGC */ && token != 0x44495354 /* DIST */ &&
1040 token != 0x4E46494C /* NFIL */ && token != 0x53544154 /* STAT */ &&
1041 token != 0x444F4E45 /* DONE */)
1042 body = param;
1043 else
1044 body = 0;
1045
1046 if (token == match_tok) {
1047 occ++;
1048 if (!match_occ || match_occ == occ) {
1049 /* found */
1050
1051 smp->data.type = SMP_T_BIN;
1052 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
1053
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001054 if (ofs + body > ci_head(chn) - b_orig(&chn->buf) + ci_data(chn)) {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001055 /* incomplete body */
1056
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001057 if (ofs + body > channel_recv_limit(chn) + b_orig(&chn->buf) - ci_head(chn)) {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001058 /* truncate it to whatever will fit */
1059 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001060 body = channel_recv_limit(chn) + b_orig(&chn->buf) - ci_head(chn) - ofs;
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001061 }
1062 }
1063
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001064 chunk_initlen(&smp->data.u.str, ci_head(chn) + ofs, 0, body);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001065 return 1;
1066 }
1067 }
1068 ofs += body;
1069 }
1070
1071 too_short:
1072 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
1073 return 0;
1074 no_match:
1075 /* will never match (end of buffer, or bad contents) */
1076 smp->flags = 0;
1077 return 0;
1078
1079}
1080
1081/* This function is used to validate the arguments passed to a "distcc_param" or
1082 * "distcc_body" sample fetch keyword. They take a mandatory token name of exactly
1083 * 4 characters, followed by an optional occurrence number starting at 1. It is
1084 * assumed that the types are already the correct ones. Returns 0 on error, non-
1085 * zero if OK. If <err_msg> is not NULL, it will be filled with a pointer to an
1086 * error message in case of error, that the caller is responsible for freeing.
1087 * The initial location must either be freeable or NULL.
1088 */
1089int val_distcc(struct arg *arg, char **err_msg)
1090{
1091 unsigned int token;
1092
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001093 if (arg[0].data.str.data != 4) {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001094 memprintf(err_msg, "token name must be exactly 4 characters");
1095 return 0;
1096 }
1097
1098 /* convert the token name to an unsigned int (one byte per character,
1099 * big endian format).
1100 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001101 token = (arg[0].data.str.area[0] << 24) + (arg[0].data.str.area[1] << 16) +
1102 (arg[0].data.str.area[2] << 8) + (arg[0].data.str.area[3] << 0);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001103
1104 arg[0].type = ARGT_SINT;
1105 arg[0].data.sint = token;
1106
1107 if (arg[1].type != ARGT_SINT) {
1108 arg[1].type = ARGT_SINT;
1109 arg[1].data.sint = 0;
1110 }
1111 return 1;
1112}
1113
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001114/************************************************************************/
1115/* All supported sample and ACL keywords must be declared here. */
1116/************************************************************************/
1117
1118/* Note: must not be declared <const> as its list will be overwritten.
1119 * Note: fetches that may return multiple types must be declared as the lowest
1120 * common denominator, the type that can be casted into all other ones. For
1121 * instance IPv4/IPv6 must be declared IPv4.
1122 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02001123static struct sample_fetch_kw_list smp_kws = {ILH, {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001124 { "distcc_body", smp_fetch_distcc_body, ARG2(1,STR,SINT), val_distcc, SMP_T_BIN, SMP_USE_L6REQ|SMP_USE_L6RES },
1125 { "distcc_param", smp_fetch_distcc_param, ARG2(1,STR,SINT), val_distcc, SMP_T_SINT, SMP_USE_L6REQ|SMP_USE_L6RES },
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001126 { "payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6REQ|SMP_USE_L6RES },
1127 { "payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6REQ|SMP_USE_L6RES },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001128 { "rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001129 { "rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_SINT, SMP_USE_L6REQ },
1130 { "rep_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
1131 { "req_len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
1132 { "req_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001133 { "req_ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001134 { "req_ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Willy Tarreaufa957342013-01-14 16:07:52 +01001135
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001136 { "req.len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001137 { "req.payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6REQ },
1138 { "req.payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001139 { "req.rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001140 { "req.rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_SINT, SMP_USE_L6REQ },
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +02001141 { "req.ssl_ec_ext", smp_fetch_req_ssl_ec_ext, 0, NULL, SMP_T_BOOL, SMP_USE_L6REQ },
Pradeep Jindalbb2acf52015-09-29 10:12:57 +05301142 { "req.ssl_st_ext", smp_fetch_req_ssl_st_ext, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001143 { "req.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001144 { "req.ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001145 { "req.ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
1146 { "res.len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001147 { "res.payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6RES },
1148 { "res.payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6RES },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001149 { "res.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001150 { "wait_end", smp_fetch_wait_end, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN },
1151 { /* END */ },
1152}};
1153
1154
1155/* Note: must not be declared <const> as its list will be overwritten.
1156 * Please take care of keeping this list alphabetically sorted.
1157 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02001158static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01001159 { "payload", "req.payload", PAT_MATCH_BIN },
1160 { "payload_lv", "req.payload_lv", PAT_MATCH_BIN },
1161 { "req_rdp_cookie", "req.rdp_cookie", PAT_MATCH_STR },
1162 { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", PAT_MATCH_INT },
1163 { "req_ssl_sni", "req.ssl_sni", PAT_MATCH_STR },
1164 { "req_ssl_ver", "req.ssl_ver", PAT_MATCH_INT, pat_parse_dotted_ver },
1165 { "req.ssl_ver", "req.ssl_ver", PAT_MATCH_INT, pat_parse_dotted_ver },
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001166 { /* END */ },
1167}};
1168
1169
1170__attribute__((constructor))
1171static void __payload_init(void)
1172{
1173 sample_register_fetches(&smp_kws);
1174 acl_register_keywords(&acl_kws);
1175}
1176
1177/*
1178 * Local variables:
1179 * c-indent-level: 8
1180 * c-basic-offset: 8
1181 * End:
1182 */