blob: a16f8c601b4a12dcc98a4e623f956ec5d37dcdf1 [file] [log] [blame]
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001/*
2 * General protocol-agnostic payload-based sample fetches and ACLs
3 *
4 * Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <stdlib.h>
14#include <string.h>
15
Willy Tarreau0108d902018-11-25 19:14:37 +010016#include <common/initcall.h>
Willy Tarreaud716f9b2017-10-13 11:03:15 +020017#include <common/net_helper.h>
Christopher Fauletf0216da2018-12-14 13:44:53 +010018#include <common/htx.h>
Willy Tarreaud4c33c82013-01-07 21:59:07 +010019#include <proto/acl.h>
20#include <proto/arg.h>
21#include <proto/channel.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010022#include <proto/pattern.h>
Willy Tarreaud4c33c82013-01-07 21:59:07 +010023#include <proto/payload.h>
24#include <proto/sample.h>
Christopher Fauletf0216da2018-12-14 13:44:53 +010025#include <proto/proto_http.h>
Willy Tarreaud4c33c82013-01-07 21:59:07 +010026
27
28/************************************************************************/
29/* All supported sample fetch functions must be declared here */
30/************************************************************************/
31
32/* wait for more data as long as possible, then return TRUE. This should be
33 * used with content inspection.
34 */
35static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +020036smp_fetch_wait_end(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010037{
Thierry FOURNIER0786d052015-05-11 15:42:45 +020038 if (!(smp->opt & SMP_OPT_FINAL)) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +010039 smp->flags |= SMP_F_MAY_CHANGE;
40 return 0;
41 }
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +020042 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +020043 smp->data.u.sint = 1;
Willy Tarreaud4c33c82013-01-07 21:59:07 +010044 return 1;
45}
46
47/* return the number of bytes in the request buffer */
48static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +020049smp_fetch_len(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010050{
Willy Tarreau22ec1ea2014-11-27 20:45:39 +010051 struct channel *chn;
52
Willy Tarreaube508f12016-03-10 11:47:01 +010053 if (!smp->strm)
54 return 0;
55
Thierry FOURNIER0786d052015-05-11 15:42:45 +020056 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +020057 smp->data.type = SMP_T_SINT;
Christopher Fauletf0216da2018-12-14 13:44:53 +010058 if (IS_HTX_SMP(smp)) {
59 struct htx *htx = htxbuf(&chn->buf);
60 smp->data.u.sint = htx->data - co_data(chn);
61 }
62 else
63 smp->data.u.sint = ci_data(chn);
Willy Tarreaud4c33c82013-01-07 21:59:07 +010064 smp->flags = SMP_F_VOLATILE | SMP_F_MAY_CHANGE;
65 return 1;
66}
67
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053068/* Returns 0 if the client didn't send a SessionTicket Extension
69 * Returns 1 if the client sent SessionTicket Extension
70 * Returns 2 if the client also sent non-zero length SessionTicket
71 * Returns SMP_T_SINT data type
72 */
73static int
74smp_fetch_req_ssl_st_ext(const struct arg *args, struct sample *smp, const char *kw, void *private)
75{
76 int hs_len, ext_len, bleft;
77 struct channel *chn;
78 unsigned char *data;
79
Willy Tarreaube508f12016-03-10 11:47:01 +010080 if (!smp->strm)
81 goto not_ssl_hello;
82
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053083 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +020084 bleft = ci_data(chn);
85 data = (unsigned char *)ci_head(chn);
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053086
87 /* Check for SSL/TLS Handshake */
88 if (!bleft)
89 goto too_short;
90 if (*data != 0x16)
91 goto not_ssl_hello;
92
93 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
94 if (bleft < 3)
95 goto too_short;
96 if (data[1] < 0x03)
97 goto not_ssl_hello;
98
99 if (bleft < 5)
100 goto too_short;
101 hs_len = (data[3] << 8) + data[4];
102 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
103 goto not_ssl_hello; /* too short to have an extension */
104
105 data += 5; /* enter TLS handshake */
106 bleft -= 5;
107
108 /* Check for a complete client hello starting at <data> */
109 if (bleft < 1)
110 goto too_short;
111 if (data[0] != 0x01) /* msg_type = Client Hello */
112 goto not_ssl_hello;
113
114 /* Check the Hello's length */
115 if (bleft < 4)
116 goto too_short;
117 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
118 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
119 goto not_ssl_hello; /* too short to have an extension */
120
121 /* We want the full handshake here */
122 if (bleft < hs_len)
123 goto too_short;
124
125 data += 4;
126 /* Start of the ClientHello message */
127 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
128 goto not_ssl_hello;
129
130 ext_len = data[34]; /* session_id_len */
131 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
132 goto not_ssl_hello;
133
134 /* Jump to cipher suite */
135 hs_len -= 35 + ext_len;
136 data += 35 + ext_len;
137
138 if (hs_len < 4 || /* minimum one cipher */
139 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
140 ext_len > hs_len)
141 goto not_ssl_hello;
142
143 /* Jump to the compression methods */
144 hs_len -= 2 + ext_len;
145 data += 2 + ext_len;
146
147 if (hs_len < 2 || /* minimum one compression method */
148 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
149 goto not_ssl_hello;
150
151 /* Jump to the extensions */
152 hs_len -= 1 + data[0];
153 data += 1 + data[0];
154
155 if (hs_len < 2 || /* minimum one extension list length */
156 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
157 goto not_ssl_hello;
158
159 hs_len = ext_len; /* limit ourselves to the extension length */
160 data += 2;
161
162 while (hs_len >= 4) {
163 int ext_type, ext_len;
164
165 ext_type = (data[0] << 8) + data[1];
166 ext_len = (data[2] << 8) + data[3];
167
168 if (ext_len > hs_len - 4) /* Extension too long */
169 goto not_ssl_hello;
170
171 /* SesstionTicket extension */
172 if (ext_type == 35) {
173 smp->data.type = SMP_T_SINT;
174 /* SessionTicket also present */
175 if (ext_len > 0)
176 smp->data.u.sint = 2;
177 /* SessionTicket absent */
178 else
179 smp->data.u.sint = 1;
180 smp->flags = SMP_F_VOLATILE;
181 return 1;
182 }
183
184 hs_len -= 4 + ext_len;
185 data += 4 + ext_len;
186 }
187 /* SessionTicket Extension not found */
188 smp->data.type = SMP_T_SINT;
189 smp->data.u.sint = 0;
190 smp->flags = SMP_F_VOLATILE;
191 return 1;
192
Pradeep Jindalbb2acf52015-09-29 10:12:57 +0530193 too_short:
194 smp->flags = SMP_F_MAY_CHANGE;
195
196 not_ssl_hello:
197 return 0;
198}
199
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200200/* Returns TRUE if the client sent Supported Elliptic Curves Extension (0x000a)
201 * Mainly used to detect if client supports ECC cipher suites.
202 */
203static int
204smp_fetch_req_ssl_ec_ext(const struct arg *args, struct sample *smp, const char *kw, void *private)
205{
206 int hs_len, ext_len, bleft;
207 struct channel *chn;
208 unsigned char *data;
209
Willy Tarreaube508f12016-03-10 11:47:01 +0100210 if (!smp->strm)
211 goto not_ssl_hello;
212
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200213 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200214 bleft = ci_data(chn);
215 data = (unsigned char *)ci_head(chn);
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200216
217 /* Check for SSL/TLS Handshake */
218 if (!bleft)
219 goto too_short;
220 if (*data != 0x16)
221 goto not_ssl_hello;
222
223 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
224 if (bleft < 3)
225 goto too_short;
226 if (data[1] < 0x03)
227 goto not_ssl_hello;
228
229 if (bleft < 5)
230 goto too_short;
231 hs_len = (data[3] << 8) + data[4];
232 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
233 goto not_ssl_hello; /* too short to have an extension */
234
235 data += 5; /* enter TLS handshake */
236 bleft -= 5;
237
238 /* Check for a complete client hello starting at <data> */
239 if (bleft < 1)
240 goto too_short;
241 if (data[0] != 0x01) /* msg_type = Client Hello */
242 goto not_ssl_hello;
243
244 /* Check the Hello's length */
245 if (bleft < 4)
246 goto too_short;
247 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
248 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
249 goto not_ssl_hello; /* too short to have an extension */
250
251 /* We want the full handshake here */
252 if (bleft < hs_len)
253 goto too_short;
254
255 data += 4;
256 /* Start of the ClientHello message */
257 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
258 goto not_ssl_hello;
259
260 ext_len = data[34]; /* session_id_len */
261 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
262 goto not_ssl_hello;
263
264 /* Jump to cipher suite */
265 hs_len -= 35 + ext_len;
266 data += 35 + ext_len;
267
268 if (hs_len < 4 || /* minimum one cipher */
269 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
270 ext_len > hs_len)
271 goto not_ssl_hello;
272
273 /* Jump to the compression methods */
274 hs_len -= 2 + ext_len;
275 data += 2 + ext_len;
276
277 if (hs_len < 2 || /* minimum one compression method */
278 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
279 goto not_ssl_hello;
280
281 /* Jump to the extensions */
282 hs_len -= 1 + data[0];
283 data += 1 + data[0];
284
285 if (hs_len < 2 || /* minimum one extension list length */
286 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
287 goto not_ssl_hello;
288
289 hs_len = ext_len; /* limit ourselves to the extension length */
290 data += 2;
291
292 while (hs_len >= 4) {
293 int ext_type, ext_len;
294
295 ext_type = (data[0] << 8) + data[1];
296 ext_len = (data[2] << 8) + data[3];
297
298 if (ext_len > hs_len - 4) /* Extension too long */
299 goto not_ssl_hello;
300
301 /* Elliptic curves extension */
302 if (ext_type == 10) {
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200303 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200304 smp->data.u.sint = 1;
Nenad Merdanovic8a39a1f2015-07-15 12:51:11 +0200305 smp->flags = SMP_F_VOLATILE;
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200306 return 1;
307 }
308
309 hs_len -= 4 + ext_len;
310 data += 4 + ext_len;
311 }
312 /* server name not found */
313 goto not_ssl_hello;
314
315 too_short:
316 smp->flags = SMP_F_MAY_CHANGE;
317
318 not_ssl_hello:
319
320 return 0;
321}
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100322/* returns the type of SSL hello message (mainly used to detect an SSL hello) */
323static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200324smp_fetch_ssl_hello_type(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100325{
326 int hs_len;
327 int hs_type, bleft;
328 struct channel *chn;
329 const unsigned char *data;
330
Willy Tarreaube508f12016-03-10 11:47:01 +0100331 if (!smp->strm)
332 goto not_ssl_hello;
333
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200334 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200335 bleft = ci_data(chn);
336 data = (const unsigned char *)ci_head(chn);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100337
338 if (!bleft)
339 goto too_short;
340
341 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
342 /* SSLv3 header format */
343 if (bleft < 9)
344 goto too_short;
345
346 /* ssl version 3 */
347 if ((data[1] << 16) + data[2] < 0x00030000)
348 goto not_ssl_hello;
349
350 /* ssl message len must present handshake type and len */
351 if ((data[3] << 8) + data[4] < 4)
352 goto not_ssl_hello;
353
354 /* format introduced with SSLv3 */
355
356 hs_type = (int)data[5];
357 hs_len = ( data[6] << 16 ) + ( data[7] << 8 ) + data[8];
358
359 /* not a full handshake */
360 if (bleft < (9 + hs_len))
361 goto too_short;
362
363 }
364 else {
365 goto not_ssl_hello;
366 }
367
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200368 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200369 smp->data.u.sint = hs_type;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100370 smp->flags = SMP_F_VOLATILE;
371
372 return 1;
373
374 too_short:
375 smp->flags = SMP_F_MAY_CHANGE;
376
377 not_ssl_hello:
378
379 return 0;
380}
381
382/* Return the version of the SSL protocol in the request. It supports both
383 * SSLv3 (TLSv1) header format for any message, and SSLv2 header format for
384 * the hello message. The SSLv3 format is described in RFC 2246 p49, and the
385 * SSLv2 format is described here, and completed p67 of RFC 2246 :
386 * http://wp.netscape.com/eng/security/SSL_2.html
387 *
388 * Note: this decoder only works with non-wrapping data.
389 */
390static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200391smp_fetch_req_ssl_ver(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100392{
393 int version, bleft, msg_len;
394 const unsigned char *data;
Willy Tarreaube508f12016-03-10 11:47:01 +0100395 struct channel *req;
396
397 if (!smp->strm)
398 return 0;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100399
Willy Tarreaube508f12016-03-10 11:47:01 +0100400 req = &smp->strm->req;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100401 msg_len = 0;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200402 bleft = ci_data(req);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100403 if (!bleft)
404 goto too_short;
405
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200406 data = (const unsigned char *)ci_head(req);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100407 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
408 /* SSLv3 header format */
Lukas Tribusc93242c2015-11-05 13:59:30 +0100409 if (bleft < 11)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100410 goto too_short;
411
Lukas Tribusc93242c2015-11-05 13:59:30 +0100412 version = (data[1] << 16) + data[2]; /* record layer version: major, minor */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100413 msg_len = (data[3] << 8) + data[4]; /* record length */
414
415 /* format introduced with SSLv3 */
416 if (version < 0x00030000)
417 goto not_ssl;
418
Lukas Tribusc93242c2015-11-05 13:59:30 +0100419 /* message length between 6 and 2^14 + 2048 */
420 if (msg_len < 6 || msg_len > ((1<<14) + 2048))
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100421 goto not_ssl;
422
423 bleft -= 5; data += 5;
Lukas Tribusc93242c2015-11-05 13:59:30 +0100424
425 /* return the client hello client version, not the record layer version */
426 version = (data[4] << 16) + data[5]; /* client hello version: major, minor */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100427 } else {
428 /* SSLv2 header format, only supported for hello (msg type 1) */
429 int rlen, plen, cilen, silen, chlen;
430
431 if (*data & 0x80) {
432 if (bleft < 3)
433 goto too_short;
434 /* short header format : 15 bits for length */
435 rlen = ((data[0] & 0x7F) << 8) | data[1];
436 plen = 0;
437 bleft -= 2; data += 2;
438 } else {
439 if (bleft < 4)
440 goto too_short;
441 /* long header format : 14 bits for length + pad length */
442 rlen = ((data[0] & 0x3F) << 8) | data[1];
443 plen = data[2];
Willy Tarreau74967f62016-08-30 14:39:46 +0200444 bleft -= 3; data += 3;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100445 }
446
447 if (*data != 0x01)
448 goto not_ssl;
449 bleft--; data++;
450
451 if (bleft < 8)
452 goto too_short;
453 version = (data[0] << 16) + data[1]; /* version: major, minor */
454 cilen = (data[2] << 8) + data[3]; /* cipher len, multiple of 3 */
455 silen = (data[4] << 8) + data[5]; /* session_id_len: 0 or 16 */
456 chlen = (data[6] << 8) + data[7]; /* 16<=challenge length<=32 */
457
458 bleft -= 8; data += 8;
459 if (cilen % 3 != 0)
460 goto not_ssl;
461 if (silen && silen != 16)
462 goto not_ssl;
463 if (chlen < 16 || chlen > 32)
464 goto not_ssl;
465 if (rlen != 9 + cilen + silen + chlen)
466 goto not_ssl;
467
468 /* focus on the remaining data length */
469 msg_len = cilen + silen + chlen + plen;
470 }
471 /* We could recursively check that the buffer ends exactly on an SSL
472 * fragment boundary and that a possible next segment is still SSL,
473 * but that's a bit pointless. However, we could still check that
474 * all the part of the request which fits in a buffer is already
475 * there.
476 */
Willy Tarreauc9fa0482018-07-10 17:43:27 +0200477 if (msg_len > channel_recv_limit(req) + b_orig(&req->buf) - ci_head(req))
478 msg_len = channel_recv_limit(req) + b_orig(&req->buf) - ci_head(req);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100479
480 if (bleft < msg_len)
481 goto too_short;
482
483 /* OK that's enough. We have at least the whole message, and we have
484 * the protocol version.
485 */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200486 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200487 smp->data.u.sint = version;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100488 smp->flags = SMP_F_VOLATILE;
489 return 1;
490
491 too_short:
492 smp->flags = SMP_F_MAY_CHANGE;
493 not_ssl:
494 return 0;
495}
496
497/* Try to extract the Server Name Indication that may be presented in a TLS
498 * client hello handshake message. The format of the message is the following
499 * (cf RFC5246 + RFC6066) :
500 * TLS frame :
501 * - uint8 type = 0x16 (Handshake)
502 * - uint16 version >= 0x0301 (TLSv1)
503 * - uint16 length (frame length)
504 * - TLS handshake :
505 * - uint8 msg_type = 0x01 (ClientHello)
506 * - uint24 length (handshake message length)
507 * - ClientHello :
508 * - uint16 client_version >= 0x0301 (TLSv1)
509 * - uint8 Random[32] (4 first ones are timestamp)
510 * - SessionID :
511 * - uint8 session_id_len (0..32) (SessionID len in bytes)
512 * - uint8 session_id[session_id_len]
513 * - CipherSuite :
514 * - uint16 cipher_len >= 2 (Cipher length in bytes)
515 * - uint16 ciphers[cipher_len/2]
516 * - CompressionMethod :
517 * - uint8 compression_len >= 1 (# of supported methods)
518 * - uint8 compression_methods[compression_len]
519 * - optional client_extension_len (in bytes)
520 * - optional sequence of ClientHelloExtensions (as many bytes as above):
521 * - uint16 extension_type = 0 for server_name
522 * - uint16 extension_len
523 * - opaque extension_data[extension_len]
524 * - uint16 server_name_list_len (# of bytes here)
525 * - opaque server_names[server_name_list_len bytes]
526 * - uint8 name_type = 0 for host_name
527 * - uint16 name_len
528 * - opaque hostname[name_len bytes]
529 */
530static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200531smp_fetch_ssl_hello_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100532{
533 int hs_len, ext_len, bleft;
534 struct channel *chn;
535 unsigned char *data;
536
Willy Tarreaube508f12016-03-10 11:47:01 +0100537 if (!smp->strm)
538 goto not_ssl_hello;
539
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200540 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200541 bleft = ci_data(chn);
542 data = (unsigned char *)ci_head(chn);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100543
544 /* Check for SSL/TLS Handshake */
545 if (!bleft)
546 goto too_short;
547 if (*data != 0x16)
548 goto not_ssl_hello;
549
Lukas Tribus57d22972014-04-10 21:36:22 +0200550 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100551 if (bleft < 3)
552 goto too_short;
Lukas Tribus57d22972014-04-10 21:36:22 +0200553 if (data[1] < 0x03)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100554 goto not_ssl_hello;
555
556 if (bleft < 5)
557 goto too_short;
558 hs_len = (data[3] << 8) + data[4];
559 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
560 goto not_ssl_hello; /* too short to have an extension */
561
562 data += 5; /* enter TLS handshake */
563 bleft -= 5;
564
565 /* Check for a complete client hello starting at <data> */
566 if (bleft < 1)
567 goto too_short;
568 if (data[0] != 0x01) /* msg_type = Client Hello */
569 goto not_ssl_hello;
570
571 /* Check the Hello's length */
572 if (bleft < 4)
573 goto too_short;
574 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
575 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
576 goto not_ssl_hello; /* too short to have an extension */
577
578 /* We want the full handshake here */
579 if (bleft < hs_len)
580 goto too_short;
581
582 data += 4;
583 /* Start of the ClientHello message */
584 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
585 goto not_ssl_hello;
586
587 ext_len = data[34]; /* session_id_len */
588 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
589 goto not_ssl_hello;
590
591 /* Jump to cipher suite */
592 hs_len -= 35 + ext_len;
593 data += 35 + ext_len;
594
595 if (hs_len < 4 || /* minimum one cipher */
596 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
597 ext_len > hs_len)
598 goto not_ssl_hello;
599
600 /* Jump to the compression methods */
601 hs_len -= 2 + ext_len;
602 data += 2 + ext_len;
603
604 if (hs_len < 2 || /* minimum one compression method */
605 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
606 goto not_ssl_hello;
607
608 /* Jump to the extensions */
609 hs_len -= 1 + data[0];
610 data += 1 + data[0];
611
612 if (hs_len < 2 || /* minimum one extension list length */
613 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
614 goto not_ssl_hello;
615
616 hs_len = ext_len; /* limit ourselves to the extension length */
617 data += 2;
618
619 while (hs_len >= 4) {
620 int ext_type, name_type, srv_len, name_len;
621
622 ext_type = (data[0] << 8) + data[1];
623 ext_len = (data[2] << 8) + data[3];
624
625 if (ext_len > hs_len - 4) /* Extension too long */
626 goto not_ssl_hello;
627
628 if (ext_type == 0) { /* Server name */
629 if (ext_len < 2) /* need one list length */
630 goto not_ssl_hello;
631
632 srv_len = (data[4] << 8) + data[5];
633 if (srv_len < 4 || srv_len > hs_len - 6)
634 goto not_ssl_hello; /* at least 4 bytes per server name */
635
636 name_type = data[6];
637 name_len = (data[7] << 8) + data[8];
638
639 if (name_type == 0) { /* hostname */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200640 smp->data.type = SMP_T_STR;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200641 smp->data.u.str.area = (char *)data + 9;
642 smp->data.u.str.data = name_len;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100643 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100644 return 1;
645 }
646 }
647
648 hs_len -= 4 + ext_len;
649 data += 4 + ext_len;
650 }
651 /* server name not found */
652 goto not_ssl_hello;
653
654 too_short:
655 smp->flags = SMP_F_MAY_CHANGE;
656
657 not_ssl_hello:
658
659 return 0;
660}
661
Alex Zorin4afdd132018-12-30 13:56:28 +1100662/* Try to extract the Application-Layer Protocol Negotiation (ALPN) protocol
663 * names that may be presented in a TLS client hello handshake message. As the
664 * message presents a list of protocol names in descending order of preference,
665 * it may return iteratively. The format of the message is the following
666 * (cf RFC5246 + RFC7301) :
667 * TLS frame :
668 * - uint8 type = 0x16 (Handshake)
669 * - uint16 version >= 0x0301 (TLSv1)
670 * - uint16 length (frame length)
671 * - TLS handshake :
672 * - uint8 msg_type = 0x01 (ClientHello)
673 * - uint24 length (handshake message length)
674 * - ClientHello :
675 * - uint16 client_version >= 0x0301 (TLSv1)
676 * - uint8 Random[32] (4 first ones are timestamp)
677 * - SessionID :
678 * - uint8 session_id_len (0..32) (SessionID len in bytes)
679 * - uint8 session_id[session_id_len]
680 * - CipherSuite :
681 * - uint16 cipher_len >= 2 (Cipher length in bytes)
682 * - uint16 ciphers[cipher_len/2]
683 * - CompressionMethod :
684 * - uint8 compression_len >= 1 (# of supported methods)
685 * - uint8 compression_methods[compression_len]
686 * - optional client_extension_len (in bytes)
687 * - optional sequence of ClientHelloExtensions (as many bytes as above):
688 * - uint16 extension_type = 16 for application_layer_protocol_negotiation
689 * - uint16 extension_len
690 * - opaque extension_data[extension_len]
691 * - uint16 protocol_names_len (# of bytes here)
692 * - opaque protocol_names[protocol_names_len bytes]
693 * - uint8 name_len
694 * - opaque protocol_name[name_len bytes]
695 */
696static int
697smp_fetch_ssl_hello_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
698{
699 int hs_len, ext_len, bleft;
700 struct channel *chn;
701 unsigned char *data;
702
703 if (!smp->strm)
704 goto not_ssl_hello;
705
706 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
707 bleft = ci_data(chn);
708 data = (unsigned char *)ci_head(chn);
709
710 /* Check for SSL/TLS Handshake */
711 if (!bleft)
712 goto too_short;
713 if (*data != 0x16)
714 goto not_ssl_hello;
715
716 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
717 if (bleft < 3)
718 goto too_short;
719 if (data[1] < 0x03)
720 goto not_ssl_hello;
721
722 if (bleft < 5)
723 goto too_short;
724 hs_len = (data[3] << 8) + data[4];
725 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
726 goto not_ssl_hello; /* too short to have an extension */
727
728 data += 5; /* enter TLS handshake */
729 bleft -= 5;
730
731 /* Check for a complete client hello starting at <data> */
732 if (bleft < 1)
733 goto too_short;
734 if (data[0] != 0x01) /* msg_type = Client Hello */
735 goto not_ssl_hello;
736
737 /* Check the Hello's length */
738 if (bleft < 4)
739 goto too_short;
740 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
741 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
742 goto not_ssl_hello; /* too short to have an extension */
743
744 /* We want the full handshake here */
745 if (bleft < hs_len)
746 goto too_short;
747
748 data += 4;
749 /* Start of the ClientHello message */
750 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
751 goto not_ssl_hello;
752
753 ext_len = data[34]; /* session_id_len */
754 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
755 goto not_ssl_hello;
756
757 /* Jump to cipher suite */
758 hs_len -= 35 + ext_len;
759 data += 35 + ext_len;
760
761 if (hs_len < 4 || /* minimum one cipher */
762 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
763 ext_len > hs_len)
764 goto not_ssl_hello;
765
766 /* Jump to the compression methods */
767 hs_len -= 2 + ext_len;
768 data += 2 + ext_len;
769
770 if (hs_len < 2 || /* minimum one compression method */
771 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
772 goto not_ssl_hello;
773
774 /* Jump to the extensions */
775 hs_len -= 1 + data[0];
776 data += 1 + data[0];
777
778 if (hs_len < 2 || /* minimum one extension list length */
779 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
780 goto not_ssl_hello;
781
782 hs_len = ext_len; /* limit ourselves to the extension length */
783 data += 2;
784
785 while (hs_len >= 4) {
786 int ext_type, name_len, name_offset;
787
788 ext_type = (data[0] << 8) + data[1];
789 ext_len = (data[2] << 8) + data[3];
790
791 if (ext_len > hs_len - 4) /* Extension too long */
792 goto not_ssl_hello;
793
794 if (ext_type == 16) { /* ALPN */
795 if (ext_len < 3) /* one list length [uint16] + at least one name length [uint8] */
796 goto not_ssl_hello;
797
798 /* Name cursor in ctx, must begin after protocol_names_len */
799 name_offset = smp->ctx.i < 6 ? 6 : smp->ctx.i;
800 name_len = data[name_offset];
801
802 if (name_len + name_offset - 3 > ext_len)
803 goto not_ssl_hello;
804
805 smp->data.type = SMP_T_STR;
806 smp->data.u.str.area = (char *)data + name_offset + 1; /* +1 to skip name_len */
807 smp->data.u.str.data = name_len;
808 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
809
810 /* May have more protocol names remaining */
811 if (name_len + name_offset - 3 < ext_len) {
812 smp->ctx.i = name_offset + name_len + 1;
813 smp->flags |= SMP_F_NOT_LAST;
814 }
815
816 return 1;
817 }
818
819 hs_len -= 4 + ext_len;
820 data += 4 + ext_len;
821 }
822 /* alpn not found */
823 goto not_ssl_hello;
824
825 too_short:
826 smp->flags = SMP_F_MAY_CHANGE;
827
828 not_ssl_hello:
829
830 return 0;
831}
832
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200833/* Fetch the request RDP cookie identified in <cname>:<clen>, or any cookie if
Willy Tarreaub169eba2013-12-16 15:14:43 +0100834 * <clen> is empty (cname is then ignored). It returns the data into sample <smp>
835 * of type SMP_T_CSTR. Note: this decoder only works with non-wrapping data.
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100836 */
837int
Willy Tarreau87b09662015-04-03 00:22:06 +0200838fetch_rdp_cookie_name(struct stream *s, struct sample *smp, const char *cname, int clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100839{
840 int bleft;
841 const unsigned char *data;
842
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100843 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200844 smp->data.type = SMP_T_STR;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100845
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200846 bleft = ci_data(&s->req);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100847 if (bleft <= 11)
848 goto too_short;
849
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200850 data = (const unsigned char *)ci_head(&s->req) + 11;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100851 bleft -= 11;
852
853 if (bleft <= 7)
854 goto too_short;
855
856 if (strncasecmp((const char *)data, "Cookie:", 7) != 0)
857 goto not_cookie;
858
859 data += 7;
860 bleft -= 7;
861
862 while (bleft > 0 && *data == ' ') {
863 data++;
864 bleft--;
865 }
866
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200867 if (clen) {
868 if (bleft <= clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100869 goto too_short;
870
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200871 if ((data[clen] != '=') ||
872 strncasecmp(cname, (const char *)data, clen) != 0)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100873 goto not_cookie;
874
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200875 data += clen + 1;
876 bleft -= clen + 1;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100877 } else {
878 while (bleft > 0 && *data != '=') {
879 if (*data == '\r' || *data == '\n')
880 goto not_cookie;
881 data++;
882 bleft--;
883 }
884
885 if (bleft < 1)
886 goto too_short;
887
888 if (*data != '=')
889 goto not_cookie;
890
891 data++;
892 bleft--;
893 }
894
895 /* data points to cookie value */
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200896 smp->data.u.str.area = (char *)data;
897 smp->data.u.str.data = 0;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100898
899 while (bleft > 0 && *data != '\r') {
900 data++;
901 bleft--;
902 }
903
904 if (bleft < 2)
905 goto too_short;
906
907 if (data[0] != '\r' || data[1] != '\n')
908 goto not_cookie;
909
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200910 smp->data.u.str.data = (char *)data - smp->data.u.str.area;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100911 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100912 return 1;
913
914 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100915 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100916 not_cookie:
917 return 0;
918}
919
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200920/* Fetch the request RDP cookie identified in the args, or any cookie if no arg
921 * is passed. It is usable both for ACL and for samples. Note: this decoder
922 * only works with non-wrapping data. Accepts either 0 or 1 argument. Argument
Willy Tarreaub169eba2013-12-16 15:14:43 +0100923 * is a string (cookie name), other types will lead to undefined behaviour. The
924 * returned sample has type SMP_T_CSTR.
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200925 */
926int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200927smp_fetch_rdp_cookie(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200928{
Willy Tarreaube508f12016-03-10 11:47:01 +0100929 if (!smp->strm)
930 return 0;
931
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200932 return fetch_rdp_cookie_name(smp->strm, smp,
933 args ? args->data.str.area : NULL,
934 args ? args->data.str.data : 0);
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200935}
936
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100937/* returns either 1 or 0 depending on whether an RDP cookie is found or not */
938static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200939smp_fetch_rdp_cookie_cnt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100940{
941 int ret;
942
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200943 ret = smp_fetch_rdp_cookie(args, smp, kw, private);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100944
945 if (smp->flags & SMP_F_MAY_CHANGE)
946 return 0;
947
948 smp->flags = SMP_F_VOLATILE;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200949 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200950 smp->data.u.sint = ret;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100951 return 1;
952}
953
954/* extracts part of a payload with offset and length at a given position */
955static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200956smp_fetch_payload_lv(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100957{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200958 unsigned int len_offset = arg_p[0].data.sint;
959 unsigned int len_size = arg_p[1].data.sint;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100960 unsigned int buf_offset;
961 unsigned int buf_size = 0;
962 struct channel *chn;
963 int i;
964
965 /* Format is (len offset, len size, buf offset) or (len offset, len size) */
966 /* by default buf offset == len offset + len size */
967 /* buf offset could be absolute or relative to len offset + len size if prefixed by + or - */
968
Willy Tarreaube508f12016-03-10 11:47:01 +0100969 if (!smp->strm)
970 return 0;
971
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200972 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200973 if (len_offset + len_size > ci_data(chn))
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100974 goto too_short;
975
976 for (i = 0; i < len_size; i++) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200977 buf_size = (buf_size << 8) + ((unsigned char *)ci_head(chn))[i + len_offset];
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100978 }
979
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200980 /* buf offset may be implicit, absolute or relative. If the LSB
981 * is set, then the offset is relative otherwise it is absolute.
982 */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100983 buf_offset = len_offset + len_size;
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200984 if (arg_p[2].type == ARGT_SINT) {
985 if (arg_p[2].data.sint & 1)
986 buf_offset += arg_p[2].data.sint >> 1;
987 else
988 buf_offset = arg_p[2].data.sint >> 1;
989 }
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100990
Willy Tarreaud7bdcb82015-09-24 16:33:10 +0200991 if (!buf_size || buf_size > global.tune.bufsize || buf_offset + buf_size > global.tune.bufsize) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100992 /* will never match */
993 smp->flags = 0;
994 return 0;
995 }
996
Willy Tarreaufc0785d2018-06-19 07:19:56 +0200997 if (buf_offset + buf_size > ci_data(chn))
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100998 goto too_short;
999
1000 /* init chunk as read only */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02001001 smp->data.type = SMP_T_BIN;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001002 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001003 chunk_initlen(&smp->data.u.str, ci_head(chn) + buf_offset, 0, buf_size);
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001004 return 1;
1005
1006 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001007 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001008 return 0;
1009}
1010
1011/* extracts some payload at a fixed position and length */
1012static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02001013smp_fetch_payload(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001014{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001015 unsigned int buf_offset = arg_p[0].data.sint;
1016 unsigned int buf_size = arg_p[1].data.sint;
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001017 struct channel *chn;
1018
Willy Tarreaube508f12016-03-10 11:47:01 +01001019 if (!smp->strm)
1020 return 0;
1021
Thierry FOURNIER0786d052015-05-11 15:42:45 +02001022 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Felipe Guerreiro Barbosa Ruiz00f55522017-03-16 17:01:41 -03001023 if (buf_size > global.tune.bufsize || buf_offset + buf_size > global.tune.bufsize) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001024 /* will never match */
1025 smp->flags = 0;
1026 return 0;
1027 }
1028
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001029 if (buf_offset + buf_size > ci_data(chn))
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001030 goto too_short;
1031
1032 /* init chunk as read only */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02001033 smp->data.type = SMP_T_BIN;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001034 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001035 chunk_initlen(&smp->data.u.str, ci_head(chn) + buf_offset, 0, buf_size ? buf_size : (ci_data(chn) - buf_offset));
Willy Tarreau3889fff2015-01-13 20:20:10 +01001036 if (!buf_size && channel_may_recv(chn) && !channel_input_closed(chn))
Willy Tarreau00f00842013-08-02 11:07:32 +02001037 smp->flags |= SMP_F_MAY_CHANGE;
1038
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001039 return 1;
1040
1041 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001042 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001043 return 0;
1044}
1045
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001046/* This function is used to validate the arguments passed to a "payload_lv" fetch
1047 * keyword. This keyword allows two positive integers and an optional signed one,
1048 * with the second one being strictly positive and the third one being greater than
1049 * the opposite of the two others if negative. It is assumed that the types are
1050 * already the correct ones. Returns 0 on error, non-zero if OK. If <err_msg> is
1051 * not NULL, it will be filled with a pointer to an error message in case of
1052 * error, that the caller is responsible for freeing. The initial location must
1053 * either be freeable or NULL.
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001054 *
1055 * Note that offset2 is stored with SINT type, but its not directly usable as is.
1056 * The value is contained in the 63 MSB and the LSB is used as a flag for marking
1057 * the "relative" property of the value.
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001058 */
Thierry FOURNIER49f45af2014-12-08 19:50:43 +01001059int val_payload_lv(struct arg *arg, char **err_msg)
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001060{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001061 int relative = 0;
1062 const char *str;
1063
1064 if (arg[0].data.sint < 0) {
1065 memprintf(err_msg, "payload offset1 must be positive");
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001066 return 0;
1067 }
1068
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001069 if (!arg[1].data.sint) {
1070 memprintf(err_msg, "payload length must be > 0");
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001071 return 0;
1072 }
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001073
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001074 if (arg[2].type == ARGT_STR && arg[2].data.str.data > 0) {
1075 if (arg[2].data.str.area[0] == '+' || arg[2].data.str.area[0] == '-')
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001076 relative = 1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001077 str = arg[2].data.str.area;
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001078 arg[2].type = ARGT_SINT;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001079 arg[2].data.sint = read_int64(&str,
1080 str + arg[2].data.str.data);
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001081 if (*str != '\0') {
1082 memprintf(err_msg, "payload offset2 is not a number");
1083 return 0;
1084 }
1085 if (arg[0].data.sint + arg[1].data.sint + arg[2].data.sint < 0) {
1086 memprintf(err_msg, "payload offset2 too negative");
1087 return 0;
1088 }
1089 if (relative)
1090 arg[2].data.sint = ( arg[2].data.sint << 1 ) + 1;
1091 }
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001092 return 1;
1093}
1094
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001095/* extracts the parameter value of a distcc token */
1096static int
1097smp_fetch_distcc_param(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
1098{
1099 unsigned int match_tok = arg_p[0].data.sint;
1100 unsigned int match_occ = arg_p[1].data.sint;
1101 unsigned int token;
1102 unsigned int param;
1103 unsigned int body;
1104 unsigned int ofs;
1105 unsigned int occ;
1106 struct channel *chn;
1107 int i;
1108
1109 /* Format is (token[,occ]). occ starts at 1. */
1110
1111 if (!smp->strm)
1112 return 0;
1113
1114 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
1115
1116 ofs = 0; occ = 0;
1117 while (1) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001118 if (ofs + 12 > ci_data(chn)) {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001119 /* not there yet but could it at least fit ? */
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001120 if (!chn->buf.size)
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001121 goto too_short;
1122
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001123 if (ofs + 12 <= channel_recv_limit(chn) + b_orig(&chn->buf) - ci_head(chn))
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001124 goto too_short;
1125
1126 goto no_match;
1127 }
1128
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001129 token = read_n32(ci_head(chn) + ofs);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001130 ofs += 4;
1131
1132 for (i = param = 0; i < 8; i++) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001133 int c = hex2i(ci_head(chn)[ofs + i]);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001134
1135 if (c < 0)
1136 goto no_match;
1137 param = (param << 4) + c;
1138 }
1139 ofs += 8;
1140
1141 /* these tokens don't have a body */
1142 if (token != 0x41524743 /* ARGC */ && token != 0x44495354 /* DIST */ &&
1143 token != 0x4E46494C /* NFIL */ && token != 0x53544154 /* STAT */ &&
1144 token != 0x444F4E45 /* DONE */)
1145 body = param;
1146 else
1147 body = 0;
1148
1149 if (token == match_tok) {
1150 occ++;
1151 if (!match_occ || match_occ == occ) {
1152 /* found */
1153 smp->data.type = SMP_T_SINT;
1154 smp->data.u.sint = param;
1155 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
1156 return 1;
1157 }
1158 }
1159 ofs += body;
1160 }
1161
1162 too_short:
1163 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
1164 return 0;
1165 no_match:
1166 /* will never match (end of buffer, or bad contents) */
1167 smp->flags = 0;
1168 return 0;
1169
1170}
1171
1172/* extracts the (possibly truncated) body of a distcc token */
1173static int
1174smp_fetch_distcc_body(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
1175{
1176 unsigned int match_tok = arg_p[0].data.sint;
1177 unsigned int match_occ = arg_p[1].data.sint;
1178 unsigned int token;
1179 unsigned int param;
1180 unsigned int ofs;
1181 unsigned int occ;
1182 unsigned int body;
1183 struct channel *chn;
1184 int i;
1185
1186 /* Format is (token[,occ]). occ starts at 1. */
1187
1188 if (!smp->strm)
1189 return 0;
1190
1191 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
1192
1193 ofs = 0; occ = 0;
1194 while (1) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001195 if (ofs + 12 > ci_data(chn)) {
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001196 if (!chn->buf.size)
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001197 goto too_short;
1198
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001199 if (ofs + 12 <= channel_recv_limit(chn) + b_orig(&chn->buf) - ci_head(chn))
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001200 goto too_short;
1201
1202 goto no_match;
1203 }
1204
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001205 token = read_n32(ci_head(chn) + ofs);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001206 ofs += 4;
1207
1208 for (i = param = 0; i < 8; i++) {
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001209 int c = hex2i(ci_head(chn)[ofs + i]);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001210
1211 if (c < 0)
1212 goto no_match;
1213 param = (param << 4) + c;
1214 }
1215 ofs += 8;
1216
1217 /* these tokens don't have a body */
1218 if (token != 0x41524743 /* ARGC */ && token != 0x44495354 /* DIST */ &&
1219 token != 0x4E46494C /* NFIL */ && token != 0x53544154 /* STAT */ &&
1220 token != 0x444F4E45 /* DONE */)
1221 body = param;
1222 else
1223 body = 0;
1224
1225 if (token == match_tok) {
1226 occ++;
1227 if (!match_occ || match_occ == occ) {
1228 /* found */
1229
1230 smp->data.type = SMP_T_BIN;
1231 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
1232
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001233 if (ofs + body > ci_head(chn) - b_orig(&chn->buf) + ci_data(chn)) {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001234 /* incomplete body */
1235
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001236 if (ofs + body > channel_recv_limit(chn) + b_orig(&chn->buf) - ci_head(chn)) {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001237 /* truncate it to whatever will fit */
1238 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreauc9fa0482018-07-10 17:43:27 +02001239 body = channel_recv_limit(chn) + b_orig(&chn->buf) - ci_head(chn) - ofs;
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001240 }
1241 }
1242
Willy Tarreaufc0785d2018-06-19 07:19:56 +02001243 chunk_initlen(&smp->data.u.str, ci_head(chn) + ofs, 0, body);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001244 return 1;
1245 }
1246 }
1247 ofs += body;
1248 }
1249
1250 too_short:
1251 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
1252 return 0;
1253 no_match:
1254 /* will never match (end of buffer, or bad contents) */
1255 smp->flags = 0;
1256 return 0;
1257
1258}
1259
1260/* This function is used to validate the arguments passed to a "distcc_param" or
1261 * "distcc_body" sample fetch keyword. They take a mandatory token name of exactly
1262 * 4 characters, followed by an optional occurrence number starting at 1. It is
1263 * assumed that the types are already the correct ones. Returns 0 on error, non-
1264 * zero if OK. If <err_msg> is not NULL, it will be filled with a pointer to an
1265 * error message in case of error, that the caller is responsible for freeing.
1266 * The initial location must either be freeable or NULL.
1267 */
1268int val_distcc(struct arg *arg, char **err_msg)
1269{
1270 unsigned int token;
1271
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001272 if (arg[0].data.str.data != 4) {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001273 memprintf(err_msg, "token name must be exactly 4 characters");
1274 return 0;
1275 }
1276
1277 /* convert the token name to an unsigned int (one byte per character,
1278 * big endian format).
1279 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001280 token = (arg[0].data.str.area[0] << 24) + (arg[0].data.str.area[1] << 16) +
1281 (arg[0].data.str.area[2] << 8) + (arg[0].data.str.area[3] << 0);
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001282
1283 arg[0].type = ARGT_SINT;
1284 arg[0].data.sint = token;
1285
1286 if (arg[1].type != ARGT_SINT) {
1287 arg[1].type = ARGT_SINT;
1288 arg[1].data.sint = 0;
1289 }
1290 return 1;
1291}
1292
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001293/************************************************************************/
1294/* All supported sample and ACL keywords must be declared here. */
1295/************************************************************************/
1296
1297/* Note: must not be declared <const> as its list will be overwritten.
1298 * Note: fetches that may return multiple types must be declared as the lowest
1299 * common denominator, the type that can be casted into all other ones. For
1300 * instance IPv4/IPv6 must be declared IPv4.
1301 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02001302static struct sample_fetch_kw_list smp_kws = {ILH, {
Willy Tarreaud716f9b2017-10-13 11:03:15 +02001303 { "distcc_body", smp_fetch_distcc_body, ARG2(1,STR,SINT), val_distcc, SMP_T_BIN, SMP_USE_L6REQ|SMP_USE_L6RES },
1304 { "distcc_param", smp_fetch_distcc_param, ARG2(1,STR,SINT), val_distcc, SMP_T_SINT, SMP_USE_L6REQ|SMP_USE_L6RES },
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001305 { "payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6REQ|SMP_USE_L6RES },
1306 { "payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6REQ|SMP_USE_L6RES },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001307 { "rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001308 { "rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_SINT, SMP_USE_L6REQ },
1309 { "rep_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
1310 { "req_len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
1311 { "req_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001312 { "req_ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001313 { "req_ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Willy Tarreaufa957342013-01-14 16:07:52 +01001314
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001315 { "req.len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001316 { "req.payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6REQ },
1317 { "req.payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001318 { "req.rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001319 { "req.rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_SINT, SMP_USE_L6REQ },
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +02001320 { "req.ssl_ec_ext", smp_fetch_req_ssl_ec_ext, 0, NULL, SMP_T_BOOL, SMP_USE_L6REQ },
Pradeep Jindalbb2acf52015-09-29 10:12:57 +05301321 { "req.ssl_st_ext", smp_fetch_req_ssl_st_ext, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001322 { "req.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01001323 { "req.ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_STR, SMP_USE_L6REQ },
Alex Zorin4afdd132018-12-30 13:56:28 +11001324 { "req.ssl_alpn", smp_fetch_ssl_hello_alpn, 0, NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001325 { "req.ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
1326 { "res.len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +02001327 { "res.payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6RES },
1328 { "res.payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6RES },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02001329 { "res.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001330 { "wait_end", smp_fetch_wait_end, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN },
1331 { /* END */ },
1332}};
1333
Willy Tarreau0108d902018-11-25 19:14:37 +01001334INITCALL1(STG_REGISTER, sample_register_fetches, &smp_kws);
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001335
1336/* Note: must not be declared <const> as its list will be overwritten.
1337 * Please take care of keeping this list alphabetically sorted.
1338 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02001339static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01001340 { "payload", "req.payload", PAT_MATCH_BIN },
1341 { "payload_lv", "req.payload_lv", PAT_MATCH_BIN },
1342 { "req_rdp_cookie", "req.rdp_cookie", PAT_MATCH_STR },
1343 { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", PAT_MATCH_INT },
1344 { "req_ssl_sni", "req.ssl_sni", PAT_MATCH_STR },
1345 { "req_ssl_ver", "req.ssl_ver", PAT_MATCH_INT, pat_parse_dotted_ver },
1346 { "req.ssl_ver", "req.ssl_ver", PAT_MATCH_INT, pat_parse_dotted_ver },
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001347 { /* END */ },
1348}};
1349
Willy Tarreau0108d902018-11-25 19:14:37 +01001350INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001351
1352/*
1353 * Local variables:
1354 * c-indent-level: 8
1355 * c-basic-offset: 8
1356 * End:
1357 */