Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 47e8eba9a7586b9d70003ee0e7a8191257180968 / . / src / payload.c
blob: de6395f04ee8dbd15f7b1301854ca155d4e9f5ec [file] [log] [blame]
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]1/*
2 * General protocol-agnostic payload-based sample fetches and ACLs
3 *
4 * Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <stdlib.h>
14#include <string.h>
15
16#include <proto/acl.h>
17#include <proto/arg.h>
18#include <proto/channel.h>
19#include <proto/payload.h>
20#include <proto/sample.h>
21
22
23/************************************************************************/
24/* All supported sample fetch functions must be declared here */
25/************************************************************************/
26
27/* wait for more data as long as possible, then return TRUE. This should be
28 * used with content inspection.
29 */
30static int
31smp_fetch_wait_end(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]32 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]33{
34 if (!(opt & SMP_OPT_FINAL)) {
35 smp->flags |= SMP_F_MAY_CHANGE;
36 return 0;
37 }
38 smp->type = SMP_T_BOOL;
39 smp->data.uint = 1;
40 return 1;
41}
42
43/* return the number of bytes in the request buffer */
44static int
Willy Tarreau47e8eba2013-09-11 23:28:46 +0200[diff] [blame^]45smp_fetch_len(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]46 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]47{
Willy Tarreau47e8eba2013-09-11 23:28:46 +0200[diff] [blame^]48 struct channel *chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
49
50 if (!s || !chn)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]51 return 0;
52
53 smp->type = SMP_T_UINT;
Willy Tarreau47e8eba2013-09-11 23:28:46 +0200[diff] [blame^]54 smp->data.uint = chn->buf->i;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]55 smp->flags = SMP_F_VOLATILE | SMP_F_MAY_CHANGE;
56 return 1;
57}
58
59/* returns the type of SSL hello message (mainly used to detect an SSL hello) */
60static int
61smp_fetch_ssl_hello_type(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]62 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]63{
64 int hs_len;
65 int hs_type, bleft;
66 struct channel *chn;
67 const unsigned char *data;
68
69 if (!s)
70 goto not_ssl_hello;
71
72 chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
73
74 bleft = chn->buf->i;
75 data = (const unsigned char *)chn->buf->p;
76
77 if (!bleft)
78 goto too_short;
79
80 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
81 /* SSLv3 header format */
82 if (bleft < 9)
83 goto too_short;
84
85 /* ssl version 3 */
86 if ((data[1] << 16) + data[2] < 0x00030000)
87 goto not_ssl_hello;
88
89 /* ssl message len must present handshake type and len */
90 if ((data[3] << 8) + data[4] < 4)
91 goto not_ssl_hello;
92
93 /* format introduced with SSLv3 */
94
95 hs_type = (int)data[5];
96 hs_len = ( data[6] << 16 ) + ( data[7] << 8 ) + data[8];
97
98 /* not a full handshake */
99 if (bleft < (9 + hs_len))
100 goto too_short;
101
102 }
103 else {
104 goto not_ssl_hello;
105 }
106
107 smp->type = SMP_T_UINT;
108 smp->data.uint = hs_type;
109 smp->flags = SMP_F_VOLATILE;
110
111 return 1;
112
113 too_short:
114 smp->flags = SMP_F_MAY_CHANGE;
115
116 not_ssl_hello:
117
118 return 0;
119}
120
121/* Return the version of the SSL protocol in the request. It supports both
122 * SSLv3 (TLSv1) header format for any message, and SSLv2 header format for
123 * the hello message. The SSLv3 format is described in RFC 2246 p49, and the
124 * SSLv2 format is described here, and completed p67 of RFC 2246 :
125 * http://wp.netscape.com/eng/security/SSL_2.html
126 *
127 * Note: this decoder only works with non-wrapping data.
128 */
129static int
130smp_fetch_req_ssl_ver(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]131 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]132{
133 int version, bleft, msg_len;
134 const unsigned char *data;
135
136 if (!s || !s->req)
137 return 0;
138
139 msg_len = 0;
140 bleft = s->req->buf->i;
141 if (!bleft)
142 goto too_short;
143
144 data = (const unsigned char *)s->req->buf->p;
145 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
146 /* SSLv3 header format */
147 if (bleft < 5)
148 goto too_short;
149
150 version = (data[1] << 16) + data[2]; /* version: major, minor */
151 msg_len = (data[3] << 8) + data[4]; /* record length */
152
153 /* format introduced with SSLv3 */
154 if (version < 0x00030000)
155 goto not_ssl;
156
157 /* message length between 1 and 2^14 + 2048 */
158 if (msg_len < 1 || msg_len > ((1<<14) + 2048))
159 goto not_ssl;
160
161 bleft -= 5; data += 5;
162 } else {
163 /* SSLv2 header format, only supported for hello (msg type 1) */
164 int rlen, plen, cilen, silen, chlen;
165
166 if (*data & 0x80) {
167 if (bleft < 3)
168 goto too_short;
169 /* short header format : 15 bits for length */
170 rlen = ((data[0] & 0x7F) << 8) | data[1];
171 plen = 0;
172 bleft -= 2; data += 2;
173 } else {
174 if (bleft < 4)
175 goto too_short;
176 /* long header format : 14 bits for length + pad length */
177 rlen = ((data[0] & 0x3F) << 8) | data[1];
178 plen = data[2];
179 bleft -= 3; data += 2;
180 }
181
182 if (*data != 0x01)
183 goto not_ssl;
184 bleft--; data++;
185
186 if (bleft < 8)
187 goto too_short;
188 version = (data[0] << 16) + data[1]; /* version: major, minor */
189 cilen = (data[2] << 8) + data[3]; /* cipher len, multiple of 3 */
190 silen = (data[4] << 8) + data[5]; /* session_id_len: 0 or 16 */
191 chlen = (data[6] << 8) + data[7]; /* 16<=challenge length<=32 */
192
193 bleft -= 8; data += 8;
194 if (cilen % 3 != 0)
195 goto not_ssl;
196 if (silen && silen != 16)
197 goto not_ssl;
198 if (chlen < 16 || chlen > 32)
199 goto not_ssl;
200 if (rlen != 9 + cilen + silen + chlen)
201 goto not_ssl;
202
203 /* focus on the remaining data length */
204 msg_len = cilen + silen + chlen + plen;
205 }
206 /* We could recursively check that the buffer ends exactly on an SSL
207 * fragment boundary and that a possible next segment is still SSL,
208 * but that's a bit pointless. However, we could still check that
209 * all the part of the request which fits in a buffer is already
210 * there.
211 */
212 if (msg_len > buffer_max_len(s->req) + s->req->buf->data - s->req->buf->p)
213 msg_len = buffer_max_len(s->req) + s->req->buf->data - s->req->buf->p;
214
215 if (bleft < msg_len)
216 goto too_short;
217
218 /* OK that's enough. We have at least the whole message, and we have
219 * the protocol version.
220 */
221 smp->type = SMP_T_UINT;
222 smp->data.uint = version;
223 smp->flags = SMP_F_VOLATILE;
224 return 1;
225
226 too_short:
227 smp->flags = SMP_F_MAY_CHANGE;
228 not_ssl:
229 return 0;
230}
231
232/* Try to extract the Server Name Indication that may be presented in a TLS
233 * client hello handshake message. The format of the message is the following
234 * (cf RFC5246 + RFC6066) :
235 * TLS frame :
236 * - uint8 type = 0x16 (Handshake)
237 * - uint16 version >= 0x0301 (TLSv1)
238 * - uint16 length (frame length)
239 * - TLS handshake :
240 * - uint8 msg_type = 0x01 (ClientHello)
241 * - uint24 length (handshake message length)
242 * - ClientHello :
243 * - uint16 client_version >= 0x0301 (TLSv1)
244 * - uint8 Random[32] (4 first ones are timestamp)
245 * - SessionID :
246 * - uint8 session_id_len (0..32) (SessionID len in bytes)
247 * - uint8 session_id[session_id_len]
248 * - CipherSuite :
249 * - uint16 cipher_len >= 2 (Cipher length in bytes)
250 * - uint16 ciphers[cipher_len/2]
251 * - CompressionMethod :
252 * - uint8 compression_len >= 1 (# of supported methods)
253 * - uint8 compression_methods[compression_len]
254 * - optional client_extension_len (in bytes)
255 * - optional sequence of ClientHelloExtensions (as many bytes as above):
256 * - uint16 extension_type = 0 for server_name
257 * - uint16 extension_len
258 * - opaque extension_data[extension_len]
259 * - uint16 server_name_list_len (# of bytes here)
260 * - opaque server_names[server_name_list_len bytes]
261 * - uint8 name_type = 0 for host_name
262 * - uint16 name_len
263 * - opaque hostname[name_len bytes]
264 */
265static int
266smp_fetch_ssl_hello_sni(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]267 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]268{
269 int hs_len, ext_len, bleft;
270 struct channel *chn;
271 unsigned char *data;
272
273 if (!s)
274 goto not_ssl_hello;
275
276 chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
277
278 bleft = chn->buf->i;
279 data = (unsigned char *)chn->buf->p;
280
281 /* Check for SSL/TLS Handshake */
282 if (!bleft)
283 goto too_short;
284 if (*data != 0x16)
285 goto not_ssl_hello;
286
287 /* Check for TLSv1 or later (SSL version >= 3.1) */
288 if (bleft < 3)
289 goto too_short;
290 if (data[1] < 0x03 || data[2] < 0x01)
291 goto not_ssl_hello;
292
293 if (bleft < 5)
294 goto too_short;
295 hs_len = (data[3] << 8) + data[4];
296 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
297 goto not_ssl_hello; /* too short to have an extension */
298
299 data += 5; /* enter TLS handshake */
300 bleft -= 5;
301
302 /* Check for a complete client hello starting at <data> */
303 if (bleft < 1)
304 goto too_short;
305 if (data[0] != 0x01) /* msg_type = Client Hello */
306 goto not_ssl_hello;
307
308 /* Check the Hello's length */
309 if (bleft < 4)
310 goto too_short;
311 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
312 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
313 goto not_ssl_hello; /* too short to have an extension */
314
315 /* We want the full handshake here */
316 if (bleft < hs_len)
317 goto too_short;
318
319 data += 4;
320 /* Start of the ClientHello message */
321 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
322 goto not_ssl_hello;
323
324 ext_len = data[34]; /* session_id_len */
325 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
326 goto not_ssl_hello;
327
328 /* Jump to cipher suite */
329 hs_len -= 35 + ext_len;
330 data += 35 + ext_len;
331
332 if (hs_len < 4 || /* minimum one cipher */
333 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
334 ext_len > hs_len)
335 goto not_ssl_hello;
336
337 /* Jump to the compression methods */
338 hs_len -= 2 + ext_len;
339 data += 2 + ext_len;
340
341 if (hs_len < 2 || /* minimum one compression method */
342 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
343 goto not_ssl_hello;
344
345 /* Jump to the extensions */
346 hs_len -= 1 + data[0];
347 data += 1 + data[0];
348
349 if (hs_len < 2 || /* minimum one extension list length */
350 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
351 goto not_ssl_hello;
352
353 hs_len = ext_len; /* limit ourselves to the extension length */
354 data += 2;
355
356 while (hs_len >= 4) {
357 int ext_type, name_type, srv_len, name_len;
358
359 ext_type = (data[0] << 8) + data[1];
360 ext_len = (data[2] << 8) + data[3];
361
362 if (ext_len > hs_len - 4) /* Extension too long */
363 goto not_ssl_hello;
364
365 if (ext_type == 0) { /* Server name */
366 if (ext_len < 2) /* need one list length */
367 goto not_ssl_hello;
368
369 srv_len = (data[4] << 8) + data[5];
370 if (srv_len < 4 || srv_len > hs_len - 6)
371 goto not_ssl_hello; /* at least 4 bytes per server name */
372
373 name_type = data[6];
374 name_len = (data[7] << 8) + data[8];
375
376 if (name_type == 0) { /* hostname */
377 smp->type = SMP_T_CSTR;
378 smp->data.str.str = (char *)data + 9;
379 smp->data.str.len = name_len;
380 smp->flags = SMP_F_VOLATILE;
381 return 1;
382 }
383 }
384
385 hs_len -= 4 + ext_len;
386 data += 4 + ext_len;
387 }
388 /* server name not found */
389 goto not_ssl_hello;
390
391 too_short:
392 smp->flags = SMP_F_MAY_CHANGE;
393
394 not_ssl_hello:
395
396 return 0;
397}
398
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200[diff] [blame]399/* Fetch the request RDP cookie identified in <cname>:<clen>, or any cookie if
400 * <clen> is empty (cname is then ignored). It returns the data into sample <smp>.
401 * Note: this decoder only works with non-wrapping data.
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]402 */
403int
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200[diff] [blame]404fetch_rdp_cookie_name(struct session *s, struct sample *smp, const char *cname, int clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]405{
406 int bleft;
407 const unsigned char *data;
408
409 if (!s || !s->req)
410 return 0;
411
412 smp->flags = 0;
413 smp->type = SMP_T_CSTR;
414
415 bleft = s->req->buf->i;
416 if (bleft <= 11)
417 goto too_short;
418
419 data = (const unsigned char *)s->req->buf->p + 11;
420 bleft -= 11;
421
422 if (bleft <= 7)
423 goto too_short;
424
425 if (strncasecmp((const char *)data, "Cookie:", 7) != 0)
426 goto not_cookie;
427
428 data += 7;
429 bleft -= 7;
430
431 while (bleft > 0 && *data == ' ') {
432 data++;
433 bleft--;
434 }
435
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200[diff] [blame]436 if (clen) {
437 if (bleft <= clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]438 goto too_short;
439
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200[diff] [blame]440 if ((data[clen] != '=') ||
441 strncasecmp(cname, (const char *)data, clen) != 0)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]442 goto not_cookie;
443
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200[diff] [blame]444 data += clen + 1;
445 bleft -= clen + 1;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]446 } else {
447 while (bleft > 0 && *data != '=') {
448 if (*data == '\r' || *data == '\n')
449 goto not_cookie;
450 data++;
451 bleft--;
452 }
453
454 if (bleft < 1)
455 goto too_short;
456
457 if (*data != '=')
458 goto not_cookie;
459
460 data++;
461 bleft--;
462 }
463
464 /* data points to cookie value */
465 smp->data.str.str = (char *)data;
466 smp->data.str.len = 0;
467
468 while (bleft > 0 && *data != '\r') {
469 data++;
470 bleft--;
471 }
472
473 if (bleft < 2)
474 goto too_short;
475
476 if (data[0] != '\r' || data[1] != '\n')
477 goto not_cookie;
478
479 smp->data.str.len = (char *)data - smp->data.str.str;
480 smp->flags = SMP_F_VOLATILE;
481 return 1;
482
483 too_short:
484 smp->flags = SMP_F_MAY_CHANGE;
485 not_cookie:
486 return 0;
487}
488
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200[diff] [blame]489/* Fetch the request RDP cookie identified in the args, or any cookie if no arg
490 * is passed. It is usable both for ACL and for samples. Note: this decoder
491 * only works with non-wrapping data. Accepts either 0 or 1 argument. Argument
492 * is a string (cookie name), other types will lead to undefined behaviour.
493 */
494int
495smp_fetch_rdp_cookie(struct proxy *px, struct session *s, void *l7, unsigned int opt,
496 const struct arg *args, struct sample *smp, const char *kw)
497{
498 return fetch_rdp_cookie_name(s, smp, args ? args->data.str.str : NULL, args ? args->data.str.len : 0);
499}
500
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]501/* returns either 1 or 0 depending on whether an RDP cookie is found or not */
502static int
503smp_fetch_rdp_cookie_cnt(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]504 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]505{
506 int ret;
507
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]508 ret = smp_fetch_rdp_cookie(px, s, l7, opt, args, smp, kw);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]509
510 if (smp->flags & SMP_F_MAY_CHANGE)
511 return 0;
512
513 smp->flags = SMP_F_VOLATILE;
514 smp->type = SMP_T_UINT;
515 smp->data.uint = ret;
516 return 1;
517}
518
519/* extracts part of a payload with offset and length at a given position */
520static int
521smp_fetch_payload_lv(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]522 const struct arg *arg_p, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]523{
524 unsigned int len_offset = arg_p[0].data.uint;
525 unsigned int len_size = arg_p[1].data.uint;
526 unsigned int buf_offset;
527 unsigned int buf_size = 0;
528 struct channel *chn;
529 int i;
530
531 /* Format is (len offset, len size, buf offset) or (len offset, len size) */
532 /* by default buf offset == len offset + len size */
533 /* buf offset could be absolute or relative to len offset + len size if prefixed by + or - */
534
535 if (!s)
536 return 0;
537
538 chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
539
540 if (!chn)
541 return 0;
542
543 if (len_offset + len_size > chn->buf->i)
544 goto too_short;
545
546 for (i = 0; i < len_size; i++) {
547 buf_size = (buf_size << 8) + ((unsigned char *)chn->buf->p)[i + len_offset];
548 }
549
550 /* buf offset may be implicit, absolute or relative */
551 buf_offset = len_offset + len_size;
552 if (arg_p[2].type == ARGT_UINT)
553 buf_offset = arg_p[2].data.uint;
554 else if (arg_p[2].type == ARGT_SINT)
555 buf_offset += arg_p[2].data.sint;
556
557 if (!buf_size || buf_size > chn->buf->size || buf_offset + buf_size > chn->buf->size) {
558 /* will never match */
559 smp->flags = 0;
560 return 0;
561 }
562
563 if (buf_offset + buf_size > chn->buf->i)
564 goto too_short;
565
566 /* init chunk as read only */
567 smp->type = SMP_T_CBIN;
568 chunk_initlen(&smp->data.str, chn->buf->p + buf_offset, 0, buf_size);
569 smp->flags = SMP_F_VOLATILE;
570 return 1;
571
572 too_short:
573 smp->flags = SMP_F_MAY_CHANGE;
574 return 0;
575}
576
577/* extracts some payload at a fixed position and length */
578static int
579smp_fetch_payload(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200[diff] [blame]580 const struct arg *arg_p, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]581{
582 unsigned int buf_offset = arg_p[0].data.uint;
583 unsigned int buf_size = arg_p[1].data.uint;
584 struct channel *chn;
585
586 if (!s)
587 return 0;
588
589 chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
590
591 if (!chn)
592 return 0;
593
Willy Tarreau00f00842013-08-02 11:07:32 +0200[diff] [blame]594 if (buf_size > chn->buf->size || buf_offset + buf_size > chn->buf->size) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]595 /* will never match */
596 smp->flags = 0;
597 return 0;
598 }
599
600 if (buf_offset + buf_size > chn->buf->i)
601 goto too_short;
602
603 /* init chunk as read only */
604 smp->type = SMP_T_CBIN;
Willy Tarreau00f00842013-08-02 11:07:32 +0200[diff] [blame]605 chunk_initlen(&smp->data.str, chn->buf->p + buf_offset, 0, buf_size ? buf_size : (chn->buf->i - buf_offset));
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]606 smp->flags = SMP_F_VOLATILE;
Willy Tarreau00f00842013-08-02 11:07:32 +0200[diff] [blame]607 if (!buf_size && !channel_full(chn) && !channel_input_closed(chn))
608 smp->flags |= SMP_F_MAY_CHANGE;
609
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]610 return 1;
611
612 too_short:
613 smp->flags = SMP_F_MAY_CHANGE;
614 return 0;
615}
616
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]617/* This function is used to validate the arguments passed to a "payload_lv" fetch
618 * keyword. This keyword allows two positive integers and an optional signed one,
619 * with the second one being strictly positive and the third one being greater than
620 * the opposite of the two others if negative. It is assumed that the types are
621 * already the correct ones. Returns 0 on error, non-zero if OK. If <err_msg> is
622 * not NULL, it will be filled with a pointer to an error message in case of
623 * error, that the caller is responsible for freeing. The initial location must
624 * either be freeable or NULL.
625 */
626static int val_payload_lv(struct arg *arg, char **err_msg)
627{
628 if (!arg[1].data.uint) {
629 memprintf(err_msg, "payload length must be > 0");
630 return 0;
631 }
632
633 if (arg[2].type == ARGT_SINT &&
634 (int)(arg[0].data.uint + arg[1].data.uint + arg[2].data.sint) < 0) {
635 memprintf(err_msg, "payload offset too negative");
636 return 0;
637 }
638 return 1;
639}
640
641/************************************************************************/
642/* All supported sample and ACL keywords must be declared here. */
643/************************************************************************/
644
645/* Note: must not be declared <const> as its list will be overwritten.
646 * Note: fetches that may return multiple types must be declared as the lowest
647 * common denominator, the type that can be casted into all other ones. For
648 * instance IPv4/IPv6 must be declared IPv4.
649 */
Willy Tarreaudc13c112013-06-21 23:16:39 +0200[diff] [blame]650static struct sample_fetch_kw_list smp_kws = {ILH, {
Willy Tarreau00f00842013-08-02 11:07:32 +0200[diff] [blame]651 { "payload", smp_fetch_payload, ARG2(2,UINT,UINT), NULL, SMP_T_CBIN, SMP_USE_L6REQ|SMP_USE_L6RES },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]652 { "payload_lv", smp_fetch_payload_lv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_USE_L6REQ|SMP_USE_L6RES },
653 { "rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_L6REQ },
654 { "rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_L6REQ },
655 { "rep_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_UINT, SMP_USE_L6RES },
Willy Tarreau47e8eba2013-09-11 23:28:46 +0200[diff] [blame^]656 { "req_len", smp_fetch_len, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]657 { "req_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
658 { "req_ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_CSTR, SMP_USE_L6REQ },
659 { "req_ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
Willy Tarreaufa957342013-01-14 16:07:52 +0100[diff] [blame]660
Willy Tarreau47e8eba2013-09-11 23:28:46 +0200[diff] [blame^]661 { "req.len", smp_fetch_len, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
Willy Tarreau00f00842013-08-02 11:07:32 +0200[diff] [blame]662 { "req.payload", smp_fetch_payload, ARG2(2,UINT,UINT), NULL, SMP_T_CBIN, SMP_USE_L6REQ },
Willy Tarreaufa957342013-01-14 16:07:52 +0100[diff] [blame]663 { "req.payload_lv", smp_fetch_payload_lv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_USE_L6REQ },
664 { "req.rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_L6REQ },
665 { "req.rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_L6REQ },
666 { "req.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
667 { "req.ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_CSTR, SMP_USE_L6REQ },
668 { "req.ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
Willy Tarreau47e8eba2013-09-11 23:28:46 +0200[diff] [blame^]669 { "res.len", smp_fetch_len, 0, NULL, SMP_T_UINT, SMP_USE_L6RES },
Willy Tarreau00f00842013-08-02 11:07:32 +0200[diff] [blame]670 { "res.payload", smp_fetch_payload, ARG2(2,UINT,UINT), NULL, SMP_T_CBIN, SMP_USE_L6RES },
Willy Tarreaufa957342013-01-14 16:07:52 +0100[diff] [blame]671 { "res.payload_lv", smp_fetch_payload_lv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_USE_L6RES },
672 { "res.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_UINT, SMP_USE_L6RES },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]673 { "wait_end", smp_fetch_wait_end, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN },
674 { /* END */ },
675}};
676
677
678/* Note: must not be declared <const> as its list will be overwritten.
679 * Please take care of keeping this list alphabetically sorted.
680 */
Willy Tarreaudc13c112013-06-21 23:16:39 +0200[diff] [blame]681static struct acl_kw_list acl_kws = {ILH, {
Willy Tarreaud86e29d2013-03-25 08:21:05 +0100[diff] [blame]682 { "payload", "req.payload", acl_parse_str, acl_match_str },
683 { "payload_lv", "req.payload_lv", acl_parse_str, acl_match_str },
Willy Tarreaud86e29d2013-03-25 08:21:05 +0100[diff] [blame]684 { "req_rdp_cookie", "req.rdp_cookie", acl_parse_str, acl_match_str },
685 { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", acl_parse_int, acl_match_int },
Willy Tarreaud86e29d2013-03-25 08:21:05 +0100[diff] [blame]686 { "req_ssl_sni", "req.ssl_sni", acl_parse_str, acl_match_str },
687 { "req_ssl_ver", "req.ssl_ver", acl_parse_dotted_ver, acl_match_int },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100[diff] [blame]688 { /* END */ },
689}};
690
691
692__attribute__((constructor))
693static void __payload_init(void)
694{
695 sample_register_fetches(&smp_kws);
696 acl_register_keywords(&acl_kws);
697}
698
699/*
700 * Local variables:
701 * c-indent-level: 8
702 * c-basic-offset: 8
703 * End:
704 */