Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 1 | /* |
| 2 | * Connection management functions |
| 3 | * |
| 4 | * Copyright 2000-2012 Willy Tarreau <w@1wt.eu> |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU General Public License |
| 8 | * as published by the Free Software Foundation; either version |
| 9 | * 2 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | */ |
| 12 | |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 13 | #include <errno.h> |
| 14 | |
Willy Tarreau | 119e50e | 2020-05-22 13:53:29 +0200 | [diff] [blame] | 15 | #include <common/cfgparse.h> |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 16 | #include <common/compat.h> |
| 17 | #include <common/config.h> |
Willy Tarreau | 0108d90 | 2018-11-25 19:14:37 +0100 | [diff] [blame] | 18 | #include <common/initcall.h> |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 19 | #include <common/namespace.h> |
Emmanuel Hocdet | 4399c75 | 2018-02-05 15:26:43 +0100 | [diff] [blame] | 20 | #include <common/hash.h> |
| 21 | #include <common/net_helper.h> |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 22 | |
Willy Tarreau | c578891 | 2012-08-24 18:12:41 +0200 | [diff] [blame] | 23 | #include <proto/connection.h> |
Willy Tarreau | dd2f85e | 2012-09-02 22:34:23 +0200 | [diff] [blame] | 24 | #include <proto/fd.h> |
Willy Tarreau | 5f1504f | 2012-10-04 23:55:57 +0200 | [diff] [blame] | 25 | #include <proto/frontend.h> |
Willy Tarreau | 2da156f | 2012-07-23 15:07:23 +0200 | [diff] [blame] | 26 | #include <proto/proto_tcp.h> |
Willy Tarreau | 2c6be84 | 2012-07-06 17:12:34 +0200 | [diff] [blame] | 27 | #include <proto/stream_interface.h> |
Emeric Brun | 4f60301 | 2017-01-05 15:11:44 +0100 | [diff] [blame] | 28 | #include <proto/sample.h> |
Emeric Brun | 4659195 | 2012-05-18 15:47:34 +0200 | [diff] [blame] | 29 | #include <proto/ssl_sock.h> |
Emeric Brun | 4659195 | 2012-05-18 15:47:34 +0200 | [diff] [blame] | 30 | |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 31 | #include <common/debug.h> |
| 32 | |
Willy Tarreau | 8ceae72 | 2018-11-26 11:58:30 +0100 | [diff] [blame] | 33 | DECLARE_POOL(pool_head_connection, "connection", sizeof(struct connection)); |
| 34 | DECLARE_POOL(pool_head_connstream, "conn_stream", sizeof(struct conn_stream)); |
Willy Tarreau | ff5d57b | 2019-07-17 18:37:02 +0200 | [diff] [blame] | 35 | DECLARE_POOL(pool_head_sockaddr, "sockaddr", sizeof(struct sockaddr_storage)); |
Geoff Simmons | 7185b78 | 2019-08-27 18:31:16 +0200 | [diff] [blame] | 36 | DECLARE_POOL(pool_head_authority, "authority", PP2_AUTHORITY_MAX); |
Willy Tarreau | 8ceae72 | 2018-11-26 11:58:30 +0100 | [diff] [blame] | 37 | |
Willy Tarreau | 13e1410 | 2016-12-22 20:25:26 +0100 | [diff] [blame] | 38 | struct xprt_ops *registered_xprt[XPRT_ENTRIES] = { NULL, }; |
Willy Tarreau | f2943dc | 2012-10-26 20:10:28 +0200 | [diff] [blame] | 39 | |
Christopher Faulet | 32f61c0 | 2018-04-10 14:33:41 +0200 | [diff] [blame] | 40 | /* List head of all known muxes for PROTO */ |
| 41 | struct mux_proto_list mux_proto_list = { |
| 42 | .list = LIST_HEAD_INIT(mux_proto_list.list) |
Willy Tarreau | 2386be6 | 2017-09-21 19:40:52 +0200 | [diff] [blame] | 43 | }; |
| 44 | |
Willy Tarreau | 119e50e | 2020-05-22 13:53:29 +0200 | [diff] [blame] | 45 | /* disables sending of proxy-protocol-v2's LOCAL command */ |
| 46 | static int pp2_never_send_local; |
| 47 | |
Olivier Houchard | 477902b | 2020-01-22 18:08:48 +0100 | [diff] [blame] | 48 | int conn_create_mux(struct connection *conn) |
| 49 | { |
Olivier Houchard | 477902b | 2020-01-22 18:08:48 +0100 | [diff] [blame] | 50 | if (conn_is_back(conn)) { |
| 51 | struct server *srv; |
| 52 | struct conn_stream *cs = conn->ctx; |
Christopher Faulet | 14cd316 | 2020-04-16 14:50:06 +0200 | [diff] [blame] | 53 | struct session *sess = conn->owner; |
Olivier Houchard | 477902b | 2020-01-22 18:08:48 +0100 | [diff] [blame] | 54 | |
| 55 | if (conn->flags & CO_FL_ERROR) |
| 56 | goto fail; |
Olivier Houchard | a8a415d | 2020-01-23 13:15:14 +0100 | [diff] [blame] | 57 | |
Christopher Faulet | 14cd316 | 2020-04-16 14:50:06 +0200 | [diff] [blame] | 58 | if (sess && obj_type(sess->origin) == OBJ_TYPE_CHECK) { |
| 59 | if (conn_install_mux_chk(conn, conn->ctx, conn->owner) < 0) |
| 60 | goto fail; |
| 61 | } |
| 62 | else if (conn_install_mux_be(conn, conn->ctx, conn->owner) < 0) |
Olivier Houchard | 477902b | 2020-01-22 18:08:48 +0100 | [diff] [blame] | 63 | goto fail; |
| 64 | srv = objt_server(conn->target); |
| 65 | if (srv && ((srv->proxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) && |
| 66 | conn->mux->avail_streams(conn) > 0) |
Olivier Houchard | f0d4dff | 2020-03-06 18:12:03 +0100 | [diff] [blame] | 67 | LIST_ADDQ(&srv->available_conns[tid], mt_list_to_list(&conn->list)); |
Olivier Houchard | 477902b | 2020-01-22 18:08:48 +0100 | [diff] [blame] | 68 | return 0; |
| 69 | fail: |
| 70 | /* let the upper layer know the connection failed */ |
| 71 | cs->data_cb->wake(cs); |
| 72 | return -1; |
| 73 | } else |
| 74 | return conn_complete_session(conn); |
| 75 | |
| 76 | } |
| 77 | |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 78 | /* I/O callback for fd-based connections. It calls the read/write handlers |
Willy Tarreau | 7a798e5 | 2016-04-14 11:13:20 +0200 | [diff] [blame] | 79 | * provided by the connection's sock_ops, which must be valid. |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 80 | */ |
Willy Tarreau | 7a798e5 | 2016-04-14 11:13:20 +0200 | [diff] [blame] | 81 | void conn_fd_handler(int fd) |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 82 | { |
Willy Tarreau | 8018471 | 2012-07-06 14:54:49 +0200 | [diff] [blame] | 83 | struct connection *conn = fdtab[fd].owner; |
Willy Tarreau | 9e272bf | 2012-10-03 21:04:48 +0200 | [diff] [blame] | 84 | unsigned int flags; |
Willy Tarreau | 8de5c4f | 2020-03-04 17:45:21 +0100 | [diff] [blame] | 85 | int need_wake = 0; |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 86 | |
Willy Tarreau | d80cb4e | 2018-01-20 19:30:13 +0100 | [diff] [blame] | 87 | if (unlikely(!conn)) { |
| 88 | activity[tid].conn_dead++; |
Willy Tarreau | 7a798e5 | 2016-04-14 11:13:20 +0200 | [diff] [blame] | 89 | return; |
Willy Tarreau | d80cb4e | 2018-01-20 19:30:13 +0100 | [diff] [blame] | 90 | } |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 91 | |
Willy Tarreau | 7d28149 | 2012-12-16 19:19:13 +0100 | [diff] [blame] | 92 | flags = conn->flags & ~CO_FL_ERROR; /* ensure to call the wake handler upon error */ |
Willy Tarreau | d29a066 | 2012-12-10 16:33:38 +0100 | [diff] [blame] | 93 | |
Willy Tarreau | b2a7ab0 | 2019-12-27 10:54:22 +0100 | [diff] [blame] | 94 | if (unlikely(conn->flags & CO_FL_WAIT_L4_CONN) && |
| 95 | ((fd_send_ready(fd) && fd_send_active(fd)) || |
| 96 | (fd_recv_ready(fd) && fd_recv_active(fd)))) { |
| 97 | /* Still waiting for a connection to establish and nothing was |
| 98 | * attempted yet to probe the connection. this will clear the |
| 99 | * CO_FL_WAIT_L4_CONN flag on success. |
| 100 | */ |
| 101 | if (!conn_fd_check(conn)) |
| 102 | goto leave; |
Willy Tarreau | 8de5c4f | 2020-03-04 17:45:21 +0100 | [diff] [blame] | 103 | need_wake = 1; |
Willy Tarreau | b2a7ab0 | 2019-12-27 10:54:22 +0100 | [diff] [blame] | 104 | } |
| 105 | |
Willy Tarreau | 8081abe | 2019-11-28 18:08:49 +0100 | [diff] [blame] | 106 | if (fd_send_ready(fd) && fd_send_active(fd)) { |
Willy Tarreau | 3c0cc49 | 2017-03-19 07:54:28 +0100 | [diff] [blame] | 107 | /* force reporting of activity by clearing the previous flags : |
| 108 | * we'll have at least ERROR or CONNECTED at the end of an I/O, |
| 109 | * both of which will be detected below. |
Willy Tarreau | 9e272bf | 2012-10-03 21:04:48 +0200 | [diff] [blame] | 110 | */ |
Willy Tarreau | 3c0cc49 | 2017-03-19 07:54:28 +0100 | [diff] [blame] | 111 | flags = 0; |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 112 | if (conn->subs && conn->subs->events & SUB_RETRY_SEND) { |
Willy Tarreau | 8de5c4f | 2020-03-04 17:45:21 +0100 | [diff] [blame] | 113 | need_wake = 0; // wake will be called after this I/O |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 114 | tasklet_wakeup(conn->subs->tasklet); |
| 115 | conn->subs->events &= ~SUB_RETRY_SEND; |
| 116 | if (!conn->subs->events) |
| 117 | conn->subs = NULL; |
Willy Tarreau | 8de5c4f | 2020-03-04 17:45:21 +0100 | [diff] [blame] | 118 | } |
Willy Tarreau | 667fefd | 2020-03-04 17:22:10 +0100 | [diff] [blame] | 119 | fd_stop_send(fd); |
Willy Tarreau | 9e272bf | 2012-10-03 21:04:48 +0200 | [diff] [blame] | 120 | } |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 121 | |
Willy Tarreau | 57ec32f | 2017-04-11 19:59:33 +0200 | [diff] [blame] | 122 | /* The data transfer starts here and stops on error and handshakes. Note |
| 123 | * that we must absolutely test conn->xprt at each step in case it suddenly |
| 124 | * changes due to a quick unexpected close(). |
| 125 | */ |
Willy Tarreau | 8081abe | 2019-11-28 18:08:49 +0100 | [diff] [blame] | 126 | if (fd_recv_ready(fd) && fd_recv_active(fd)) { |
Willy Tarreau | 3c0cc49 | 2017-03-19 07:54:28 +0100 | [diff] [blame] | 127 | /* force reporting of activity by clearing the previous flags : |
| 128 | * we'll have at least ERROR or CONNECTED at the end of an I/O, |
| 129 | * both of which will be detected below. |
Willy Tarreau | 9e272bf | 2012-10-03 21:04:48 +0200 | [diff] [blame] | 130 | */ |
Willy Tarreau | 3c0cc49 | 2017-03-19 07:54:28 +0100 | [diff] [blame] | 131 | flags = 0; |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 132 | if (conn->subs && conn->subs->events & SUB_RETRY_RECV) { |
Willy Tarreau | 8de5c4f | 2020-03-04 17:45:21 +0100 | [diff] [blame] | 133 | need_wake = 0; // wake will be called after this I/O |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 134 | tasklet_wakeup(conn->subs->tasklet); |
| 135 | conn->subs->events &= ~SUB_RETRY_RECV; |
| 136 | if (!conn->subs->events) |
| 137 | conn->subs = NULL; |
Willy Tarreau | 8de5c4f | 2020-03-04 17:45:21 +0100 | [diff] [blame] | 138 | } |
Willy Tarreau | 6f95f6e | 2020-03-04 18:33:19 +0100 | [diff] [blame] | 139 | else if (tasks_run_queue_cur >= 16*global.tune.runqueue_depth) { |
| 140 | /* In order to save syscalls especially with epoll, we |
| 141 | * prefer *not* to disable receiving and instead let |
| 142 | * the handler do its job. But if the run queue becomes |
| 143 | * high, the excess of events may cause extra wakeups |
| 144 | * and in this case we'd rather flow-control ourselves. |
| 145 | */ |
| 146 | fd_stop_recv(fd); |
| 147 | } |
Willy Tarreau | 9e272bf | 2012-10-03 21:04:48 +0200 | [diff] [blame] | 148 | } |
Willy Tarreau | 2da156f | 2012-07-23 15:07:23 +0200 | [diff] [blame] | 149 | |
Willy Tarreau | 2c6be84 | 2012-07-06 17:12:34 +0200 | [diff] [blame] | 150 | leave: |
Olivier Houchard | 477902b | 2020-01-22 18:08:48 +0100 | [diff] [blame] | 151 | /* If we don't yet have a mux, that means we were waiting for |
Ilya Shipitsin | ce7b00f | 2020-03-23 22:28:40 +0500 | [diff] [blame] | 152 | * information to create one, typically from the ALPN. If we're |
Olivier Houchard | 477902b | 2020-01-22 18:08:48 +0100 | [diff] [blame] | 153 | * done with the handshake, attempt to create one. |
Willy Tarreau | 8e3c6ce | 2017-08-28 15:46:01 +0200 | [diff] [blame] | 154 | */ |
Willy Tarreau | 911db9b | 2020-01-23 16:27:54 +0100 | [diff] [blame] | 155 | if (unlikely(!conn->mux) && !(conn->flags & CO_FL_WAIT_XPRT)) |
Olivier Houchard | 477902b | 2020-01-22 18:08:48 +0100 | [diff] [blame] | 156 | if (conn_create_mux(conn) < 0) |
| 157 | return; |
Willy Tarreau | 8e3c6ce | 2017-08-28 15:46:01 +0200 | [diff] [blame] | 158 | |
Willy Tarreau | 3c0cc49 | 2017-03-19 07:54:28 +0100 | [diff] [blame] | 159 | /* The wake callback is normally used to notify the data layer about |
| 160 | * data layer activity (successful send/recv), connection establishment, |
| 161 | * shutdown and fatal errors. We need to consider the following |
| 162 | * situations to wake up the data layer : |
Willy Tarreau | 0fbc318 | 2019-12-27 14:57:45 +0100 | [diff] [blame] | 163 | * - change among the CO_FL_NOTIFY_DONE flags : |
| 164 | * SOCK_{RD,WR}_SH, ERROR, |
Willy Tarreau | 3c0cc49 | 2017-03-19 07:54:28 +0100 | [diff] [blame] | 165 | * - absence of any of {L4,L6}_CONN and CONNECTED, indicating the |
| 166 | * end of handshake and transition to CONNECTED |
| 167 | * - raise of CONNECTED with HANDSHAKE down |
| 168 | * - end of HANDSHAKE with CONNECTED set |
| 169 | * - regular data layer activity |
| 170 | * |
| 171 | * Note that the wake callback is allowed to release the connection and |
| 172 | * the fd (and return < 0 in this case). |
Willy Tarreau | 2396c1c | 2012-10-03 21:12:16 +0200 | [diff] [blame] | 173 | */ |
Willy Tarreau | 8de5c4f | 2020-03-04 17:45:21 +0100 | [diff] [blame] | 174 | if ((need_wake || ((conn->flags ^ flags) & CO_FL_NOTIFY_DONE) || |
Willy Tarreau | 911db9b | 2020-01-23 16:27:54 +0100 | [diff] [blame] | 175 | ((flags & CO_FL_WAIT_XPRT) && !(conn->flags & CO_FL_WAIT_XPRT))) && |
Olivier Houchard | fe50bfb | 2019-05-27 12:09:19 +0200 | [diff] [blame] | 176 | conn->mux && conn->mux->wake && conn->mux->wake(conn) < 0) |
Willy Tarreau | 7a798e5 | 2016-04-14 11:13:20 +0200 | [diff] [blame] | 177 | return; |
Willy Tarreau | fd31e53 | 2012-07-23 18:24:25 +0200 | [diff] [blame] | 178 | |
Willy Tarreau | f9dabec | 2012-08-17 17:33:53 +0200 | [diff] [blame] | 179 | /* commit polling changes */ |
| 180 | conn_cond_update_polling(conn); |
Willy Tarreau | 7a798e5 | 2016-04-14 11:13:20 +0200 | [diff] [blame] | 181 | return; |
Willy Tarreau | 59f9839 | 2012-07-06 14:13:49 +0200 | [diff] [blame] | 182 | } |
Willy Tarreau | b5e2cbd | 2012-08-17 11:55:04 +0200 | [diff] [blame] | 183 | |
Willy Tarreau | 4970e5a | 2019-12-27 10:40:21 +0100 | [diff] [blame] | 184 | /* This is the callback which is set when a connection establishment is pending |
| 185 | * and we have nothing to send. It may update the FD polling status to indicate |
| 186 | * !READY. It returns 0 if it fails in a fatal way or needs to poll to go |
| 187 | * further, otherwise it returns non-zero and removes the CO_FL_WAIT_L4_CONN |
| 188 | * flag from the connection's flags. In case of error, it sets CO_FL_ERROR and |
| 189 | * leaves the error code in errno. |
| 190 | */ |
| 191 | int conn_fd_check(struct connection *conn) |
| 192 | { |
| 193 | struct sockaddr_storage *addr; |
| 194 | int fd = conn->handle.fd; |
| 195 | |
| 196 | if (conn->flags & CO_FL_ERROR) |
| 197 | return 0; |
| 198 | |
| 199 | if (!conn_ctrl_ready(conn)) |
| 200 | return 0; |
| 201 | |
| 202 | if (!(conn->flags & CO_FL_WAIT_L4_CONN)) |
| 203 | return 1; /* strange we were called while ready */ |
| 204 | |
| 205 | if (!fd_send_ready(fd)) |
| 206 | return 0; |
| 207 | |
| 208 | /* Here we have 2 cases : |
| 209 | * - modern pollers, able to report ERR/HUP. If these ones return any |
| 210 | * of these flags then it's likely a failure, otherwise it possibly |
| 211 | * is a success (i.e. there may have been data received just before |
| 212 | * the error was reported). |
| 213 | * - select, which doesn't report these and with which it's always |
| 214 | * necessary either to try connect() again or to check for SO_ERROR. |
| 215 | * In order to simplify everything, we double-check using connect() as |
| 216 | * soon as we meet either of these delicate situations. Note that |
| 217 | * SO_ERROR would clear the error after reporting it! |
| 218 | */ |
| 219 | if (cur_poller.flags & HAP_POLL_F_ERRHUP) { |
| 220 | /* modern poller, able to report ERR/HUP */ |
| 221 | if ((fdtab[fd].ev & (FD_POLL_IN|FD_POLL_ERR|FD_POLL_HUP)) == FD_POLL_IN) |
| 222 | goto done; |
| 223 | if ((fdtab[fd].ev & (FD_POLL_OUT|FD_POLL_ERR|FD_POLL_HUP)) == FD_POLL_OUT) |
| 224 | goto done; |
| 225 | if (!(fdtab[fd].ev & (FD_POLL_ERR|FD_POLL_HUP))) |
| 226 | goto wait; |
| 227 | /* error present, fall through common error check path */ |
| 228 | } |
| 229 | |
| 230 | /* Use connect() to check the state of the socket. This has the double |
| 231 | * advantage of *not* clearing the error (so that health checks can |
| 232 | * still use getsockopt(SO_ERROR)) and giving us the following info : |
| 233 | * - error |
| 234 | * - connecting (EALREADY, EINPROGRESS) |
| 235 | * - connected (EISCONN, 0) |
| 236 | */ |
| 237 | addr = conn->dst; |
| 238 | if ((conn->flags & CO_FL_SOCKS4) && obj_type(conn->target) == OBJ_TYPE_SERVER) |
| 239 | addr = &objt_server(conn->target)->socks4_addr; |
| 240 | |
| 241 | if (connect(fd, (const struct sockaddr *)addr, get_addr_len(addr)) == -1) { |
| 242 | if (errno == EALREADY || errno == EINPROGRESS) |
| 243 | goto wait; |
| 244 | |
| 245 | if (errno && errno != EISCONN) |
| 246 | goto out_error; |
| 247 | } |
| 248 | |
| 249 | done: |
| 250 | /* The FD is ready now, we'll mark the connection as complete and |
| 251 | * forward the event to the transport layer which will notify the |
| 252 | * data layer. |
| 253 | */ |
| 254 | conn->flags &= ~CO_FL_WAIT_L4_CONN; |
| 255 | fd_may_send(fd); |
| 256 | fd_cond_recv(fd); |
| 257 | errno = 0; // make health checks happy |
| 258 | return 1; |
| 259 | |
| 260 | out_error: |
| 261 | /* Write error on the file descriptor. Report it to the connection |
| 262 | * and disable polling on this FD. |
| 263 | */ |
| 264 | fdtab[fd].linger_risk = 0; |
| 265 | conn->flags |= CO_FL_ERROR | CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH; |
Willy Tarreau | 5d4d180 | 2020-02-21 09:58:29 +0100 | [diff] [blame] | 266 | conn_stop_polling(conn); |
Willy Tarreau | 4970e5a | 2019-12-27 10:40:21 +0100 | [diff] [blame] | 267 | return 0; |
| 268 | |
| 269 | wait: |
Willy Tarreau | 4970e5a | 2019-12-27 10:40:21 +0100 | [diff] [blame] | 270 | fd_cant_send(fd); |
Willy Tarreau | d1d14c3 | 2020-02-21 10:34:19 +0100 | [diff] [blame] | 271 | fd_want_send(fd); |
Willy Tarreau | 4970e5a | 2019-12-27 10:40:21 +0100 | [diff] [blame] | 272 | return 0; |
| 273 | } |
| 274 | |
Willy Tarreau | ff3e648 | 2015-03-12 23:56:52 +0100 | [diff] [blame] | 275 | /* Send a message over an established connection. It makes use of send() and |
| 276 | * returns the same return code and errno. If the socket layer is not ready yet |
| 277 | * then -1 is returned and ENOTSOCK is set into errno. If the fd is not marked |
| 278 | * as ready, or if EAGAIN or ENOTCONN is returned, then we return 0. It returns |
| 279 | * EMSGSIZE if called with a zero length message. The purpose is to simplify |
| 280 | * some rare attempts to directly write on the socket from above the connection |
| 281 | * (typically send_proxy). In case of EAGAIN, the fd is marked as "cant_send". |
| 282 | * It automatically retries on EINTR. Other errors cause the connection to be |
| 283 | * marked as in error state. It takes similar arguments as send() except the |
| 284 | * first one which is the connection instead of the file descriptor. Note, |
| 285 | * MSG_DONTWAIT and MSG_NOSIGNAL are forced on the flags. |
| 286 | */ |
| 287 | int conn_sock_send(struct connection *conn, const void *buf, int len, int flags) |
| 288 | { |
| 289 | int ret; |
| 290 | |
| 291 | ret = -1; |
| 292 | errno = ENOTSOCK; |
| 293 | |
| 294 | if (conn->flags & CO_FL_SOCK_WR_SH) |
| 295 | goto fail; |
| 296 | |
| 297 | if (!conn_ctrl_ready(conn)) |
| 298 | goto fail; |
| 299 | |
| 300 | errno = EMSGSIZE; |
| 301 | if (!len) |
| 302 | goto fail; |
| 303 | |
Willy Tarreau | 585744b | 2017-08-24 14:31:19 +0200 | [diff] [blame] | 304 | if (!fd_send_ready(conn->handle.fd)) |
Willy Tarreau | ff3e648 | 2015-03-12 23:56:52 +0100 | [diff] [blame] | 305 | goto wait; |
| 306 | |
| 307 | do { |
Willy Tarreau | 585744b | 2017-08-24 14:31:19 +0200 | [diff] [blame] | 308 | ret = send(conn->handle.fd, buf, len, flags | MSG_DONTWAIT | MSG_NOSIGNAL); |
Willy Tarreau | ff3e648 | 2015-03-12 23:56:52 +0100 | [diff] [blame] | 309 | } while (ret < 0 && errno == EINTR); |
| 310 | |
| 311 | |
Willy Tarreau | ccf3f6d | 2019-09-05 17:05:05 +0200 | [diff] [blame] | 312 | if (ret > 0) { |
| 313 | if (conn->flags & CO_FL_WAIT_L4_CONN) { |
| 314 | conn->flags &= ~CO_FL_WAIT_L4_CONN; |
| 315 | fd_may_send(conn->handle.fd); |
| 316 | fd_cond_recv(conn->handle.fd); |
| 317 | } |
Willy Tarreau | ff3e648 | 2015-03-12 23:56:52 +0100 | [diff] [blame] | 318 | return ret; |
Willy Tarreau | ccf3f6d | 2019-09-05 17:05:05 +0200 | [diff] [blame] | 319 | } |
Willy Tarreau | ff3e648 | 2015-03-12 23:56:52 +0100 | [diff] [blame] | 320 | |
| 321 | if (ret == 0 || errno == EAGAIN || errno == ENOTCONN) { |
| 322 | wait: |
Willy Tarreau | 585744b | 2017-08-24 14:31:19 +0200 | [diff] [blame] | 323 | fd_cant_send(conn->handle.fd); |
Willy Tarreau | ff3e648 | 2015-03-12 23:56:52 +0100 | [diff] [blame] | 324 | return 0; |
| 325 | } |
| 326 | fail: |
| 327 | conn->flags |= CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH | CO_FL_ERROR; |
| 328 | return ret; |
| 329 | } |
| 330 | |
Willy Tarreau | ee1a6fc | 2020-01-17 07:52:13 +0100 | [diff] [blame] | 331 | /* Called from the upper layer, to subscribe <es> to events <event_type>. The |
| 332 | * event subscriber <es> is not allowed to change from a previous call as long |
| 333 | * as at least one event is still subscribed. The <event_type> must only be a |
| 334 | * combination of SUB_RETRY_RECV and SUB_RETRY_SEND. It always returns 0. |
| 335 | */ |
| 336 | int conn_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, struct wait_event *es) |
Olivier Houchard | 83a0cd8 | 2018-09-28 17:57:58 +0200 | [diff] [blame] | 337 | { |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 338 | BUG_ON(event_type & ~(SUB_RETRY_SEND|SUB_RETRY_RECV)); |
Willy Tarreau | ee1a6fc | 2020-01-17 07:52:13 +0100 | [diff] [blame] | 339 | BUG_ON(conn->subs && conn->subs != es); |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 340 | |
Willy Tarreau | ee1a6fc | 2020-01-17 07:52:13 +0100 | [diff] [blame] | 341 | es->events &= ~event_type; |
| 342 | if (!es->events) |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 343 | conn->subs = NULL; |
| 344 | |
Willy Tarreau | d1d14c3 | 2020-02-21 10:34:19 +0100 | [diff] [blame] | 345 | if (conn_ctrl_ready(conn)) { |
| 346 | if (event_type & SUB_RETRY_RECV) |
| 347 | fd_stop_recv(conn->handle.fd); |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 348 | |
Willy Tarreau | d1d14c3 | 2020-02-21 10:34:19 +0100 | [diff] [blame] | 349 | if (event_type & SUB_RETRY_SEND) |
| 350 | fd_stop_send(conn->handle.fd); |
| 351 | } |
Olivier Houchard | 83a0cd8 | 2018-09-28 17:57:58 +0200 | [diff] [blame] | 352 | return 0; |
| 353 | } |
| 354 | |
Willy Tarreau | 7e59c0a | 2020-02-28 14:24:49 +0100 | [diff] [blame] | 355 | /* Called from the upper layer, to subscribe <es> to events <event_type>. |
| 356 | * The <es> struct is not allowed to differ from the one passed during a |
| 357 | * previous call to subscribe(). If the FD is ready, the wait_event is |
| 358 | * immediately woken up and the subcription is cancelled. It always |
| 359 | * returns zero. |
Willy Tarreau | ee1a6fc | 2020-01-17 07:52:13 +0100 | [diff] [blame] | 360 | */ |
| 361 | int conn_subscribe(struct connection *conn, void *xprt_ctx, int event_type, struct wait_event *es) |
Olivier Houchard | 6ff2039 | 2018-07-17 18:46:31 +0200 | [diff] [blame] | 362 | { |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 363 | BUG_ON(event_type & ~(SUB_RETRY_SEND|SUB_RETRY_RECV)); |
Willy Tarreau | ee1a6fc | 2020-01-17 07:52:13 +0100 | [diff] [blame] | 364 | BUG_ON(conn->subs && conn->subs != es); |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 365 | |
Willy Tarreau | 7e59c0a | 2020-02-28 14:24:49 +0100 | [diff] [blame] | 366 | if (conn->subs && (conn->subs->events & event_type) == event_type) |
| 367 | return 0; |
| 368 | |
Willy Tarreau | ee1a6fc | 2020-01-17 07:52:13 +0100 | [diff] [blame] | 369 | conn->subs = es; |
| 370 | es->events |= event_type; |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 371 | |
Willy Tarreau | d1d14c3 | 2020-02-21 10:34:19 +0100 | [diff] [blame] | 372 | if (conn_ctrl_ready(conn)) { |
Willy Tarreau | 7e59c0a | 2020-02-28 14:24:49 +0100 | [diff] [blame] | 373 | if (event_type & SUB_RETRY_RECV) { |
| 374 | if (fd_recv_ready(conn->handle.fd)) { |
| 375 | tasklet_wakeup(es->tasklet); |
| 376 | es->events &= ~SUB_RETRY_RECV; |
| 377 | if (!es->events) |
| 378 | conn->subs = NULL; |
| 379 | } |
| 380 | else |
| 381 | fd_want_recv(conn->handle.fd); |
| 382 | } |
Willy Tarreau | 7872d1f | 2020-01-10 07:06:05 +0100 | [diff] [blame] | 383 | |
Willy Tarreau | 7e59c0a | 2020-02-28 14:24:49 +0100 | [diff] [blame] | 384 | if (event_type & SUB_RETRY_SEND) { |
| 385 | if (fd_send_ready(conn->handle.fd)) { |
| 386 | tasklet_wakeup(es->tasklet); |
| 387 | es->events &= ~SUB_RETRY_SEND; |
| 388 | if (!es->events) |
| 389 | conn->subs = NULL; |
| 390 | } |
| 391 | else |
| 392 | fd_want_send(conn->handle.fd); |
| 393 | } |
Willy Tarreau | d1d14c3 | 2020-02-21 10:34:19 +0100 | [diff] [blame] | 394 | } |
Olivier Houchard | 83a0cd8 | 2018-09-28 17:57:58 +0200 | [diff] [blame] | 395 | return 0; |
Olivier Houchard | 6ff2039 | 2018-07-17 18:46:31 +0200 | [diff] [blame] | 396 | } |
| 397 | |
Willy Tarreau | d85c485 | 2015-03-13 00:40:28 +0100 | [diff] [blame] | 398 | /* Drains possibly pending incoming data on the file descriptor attached to the |
| 399 | * connection and update the connection's flags accordingly. This is used to |
| 400 | * know whether we need to disable lingering on close. Returns non-zero if it |
| 401 | * is safe to close without disabling lingering, otherwise zero. The SOCK_RD_SH |
| 402 | * flag may also be updated if the incoming shutdown was reported by the drain() |
| 403 | * function. |
| 404 | */ |
| 405 | int conn_sock_drain(struct connection *conn) |
| 406 | { |
Willy Tarreau | e215bba | 2018-08-24 14:31:53 +0200 | [diff] [blame] | 407 | int turns = 2; |
| 408 | int len; |
| 409 | |
Willy Tarreau | d85c485 | 2015-03-13 00:40:28 +0100 | [diff] [blame] | 410 | if (!conn_ctrl_ready(conn)) |
| 411 | return 1; |
| 412 | |
| 413 | if (conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH)) |
| 414 | return 1; |
| 415 | |
Willy Tarreau | e215bba | 2018-08-24 14:31:53 +0200 | [diff] [blame] | 416 | if (fdtab[conn->handle.fd].ev & (FD_POLL_ERR|FD_POLL_HUP)) |
| 417 | goto shut; |
Willy Tarreau | d85c485 | 2015-03-13 00:40:28 +0100 | [diff] [blame] | 418 | |
Willy Tarreau | e215bba | 2018-08-24 14:31:53 +0200 | [diff] [blame] | 419 | if (!fd_recv_ready(conn->handle.fd)) |
| 420 | return 0; |
Willy Tarreau | d85c485 | 2015-03-13 00:40:28 +0100 | [diff] [blame] | 421 | |
Willy Tarreau | e215bba | 2018-08-24 14:31:53 +0200 | [diff] [blame] | 422 | if (conn->ctrl->drain) { |
Willy Tarreau | 585744b | 2017-08-24 14:31:19 +0200 | [diff] [blame] | 423 | if (conn->ctrl->drain(conn->handle.fd) <= 0) |
Willy Tarreau | d85c485 | 2015-03-13 00:40:28 +0100 | [diff] [blame] | 424 | return 0; |
Willy Tarreau | e215bba | 2018-08-24 14:31:53 +0200 | [diff] [blame] | 425 | goto shut; |
| 426 | } |
| 427 | |
| 428 | /* no drain function defined, use the generic one */ |
| 429 | |
| 430 | while (turns) { |
| 431 | #ifdef MSG_TRUNC_CLEARS_INPUT |
| 432 | len = recv(conn->handle.fd, NULL, INT_MAX, MSG_DONTWAIT | MSG_NOSIGNAL | MSG_TRUNC); |
| 433 | if (len == -1 && errno == EFAULT) |
| 434 | #endif |
| 435 | len = recv(conn->handle.fd, trash.area, trash.size, |
| 436 | MSG_DONTWAIT | MSG_NOSIGNAL); |
| 437 | |
| 438 | if (len == 0) |
| 439 | goto shut; |
| 440 | |
| 441 | if (len < 0) { |
| 442 | if (errno == EAGAIN) { |
| 443 | /* connection not closed yet */ |
| 444 | fd_cant_recv(conn->handle.fd); |
| 445 | break; |
| 446 | } |
| 447 | if (errno == EINTR) /* oops, try again */ |
| 448 | continue; |
| 449 | /* other errors indicate a dead connection, fine. */ |
| 450 | goto shut; |
| 451 | } |
| 452 | /* OK we read some data, let's try again once */ |
| 453 | turns--; |
Willy Tarreau | d85c485 | 2015-03-13 00:40:28 +0100 | [diff] [blame] | 454 | } |
| 455 | |
Willy Tarreau | e215bba | 2018-08-24 14:31:53 +0200 | [diff] [blame] | 456 | /* some data are still present, give up */ |
| 457 | return 0; |
| 458 | |
| 459 | shut: |
| 460 | /* we're certain the connection was shut down */ |
| 461 | fdtab[conn->handle.fd].linger_risk = 0; |
Willy Tarreau | d85c485 | 2015-03-13 00:40:28 +0100 | [diff] [blame] | 462 | conn->flags |= CO_FL_SOCK_RD_SH; |
| 463 | return 1; |
| 464 | } |
| 465 | |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 466 | /* |
| 467 | * Get data length from tlv |
| 468 | */ |
Tim Duesterhus | ba837ec | 2020-03-05 23:11:02 +0100 | [diff] [blame] | 469 | static inline size_t get_tlv_length(const struct tlv *src) |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 470 | { |
| 471 | return (src->length_hi << 8) | src->length_lo; |
| 472 | } |
| 473 | |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 474 | /* This handshake handler waits a PROXY protocol header at the beginning of the |
| 475 | * raw data stream. The header looks like this : |
| 476 | * |
| 477 | * "PROXY" <SP> PROTO <SP> SRC3 <SP> DST3 <SP> SRC4 <SP> <DST4> "\r\n" |
| 478 | * |
| 479 | * There must be exactly one space between each field. Fields are : |
| 480 | * - PROTO : layer 4 protocol, which must be "TCP4" or "TCP6". |
| 481 | * - SRC3 : layer 3 (eg: IP) source address in standard text form |
| 482 | * - DST3 : layer 3 (eg: IP) destination address in standard text form |
| 483 | * - SRC4 : layer 4 (eg: TCP port) source address in standard text form |
| 484 | * - DST4 : layer 4 (eg: TCP port) destination address in standard text form |
| 485 | * |
| 486 | * This line MUST be at the beginning of the buffer and MUST NOT wrap. |
| 487 | * |
| 488 | * The header line is small and in all cases smaller than the smallest normal |
| 489 | * TCP MSS. So it MUST always be delivered as one segment, which ensures we |
| 490 | * can safely use MSG_PEEK and avoid buffering. |
| 491 | * |
| 492 | * Once the data is fetched, the values are set in the connection's address |
| 493 | * fields, and data are removed from the socket's buffer. The function returns |
| 494 | * zero if it needs to wait for more data or if it fails, or 1 if it completed |
| 495 | * and removed itself. |
| 496 | */ |
| 497 | int conn_recv_proxy(struct connection *conn, int flag) |
| 498 | { |
| 499 | char *line, *end; |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 500 | struct proxy_hdr_v2 *hdr_v2; |
| 501 | const char v2sig[] = PP2_SIGNATURE; |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 502 | size_t total_v2_len; |
Tim Duesterhus | ba837ec | 2020-03-05 23:11:02 +0100 | [diff] [blame] | 503 | size_t tlv_offset = 0; |
Willy Tarreau | b406b87 | 2018-08-22 05:20:32 +0200 | [diff] [blame] | 504 | int ret; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 505 | |
Willy Tarreau | 3c72872 | 2014-01-23 13:50:42 +0100 | [diff] [blame] | 506 | if (!conn_ctrl_ready(conn)) |
Willy Tarreau | f79c817 | 2013-10-21 16:30:56 +0200 | [diff] [blame] | 507 | goto fail; |
| 508 | |
Willy Tarreau | ca79f59 | 2019-07-17 19:04:47 +0200 | [diff] [blame] | 509 | if (!sockaddr_alloc(&conn->src) || !sockaddr_alloc(&conn->dst)) |
| 510 | goto fail; |
| 511 | |
Willy Tarreau | 585744b | 2017-08-24 14:31:19 +0200 | [diff] [blame] | 512 | if (!fd_recv_ready(conn->handle.fd)) |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 513 | goto not_ready; |
Willy Tarreau | fd803bb | 2014-01-20 15:13:07 +0100 | [diff] [blame] | 514 | |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 515 | while (1) { |
Willy Tarreau | b406b87 | 2018-08-22 05:20:32 +0200 | [diff] [blame] | 516 | ret = recv(conn->handle.fd, trash.area, trash.size, MSG_PEEK); |
| 517 | if (ret < 0) { |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 518 | if (errno == EINTR) |
| 519 | continue; |
| 520 | if (errno == EAGAIN) { |
Willy Tarreau | 585744b | 2017-08-24 14:31:19 +0200 | [diff] [blame] | 521 | fd_cant_recv(conn->handle.fd); |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 522 | goto not_ready; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 523 | } |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 524 | goto recv_abort; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 525 | } |
Willy Tarreau | b406b87 | 2018-08-22 05:20:32 +0200 | [diff] [blame] | 526 | trash.data = ret; |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 527 | break; |
| 528 | } |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 529 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 530 | if (!trash.data) { |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 531 | /* client shutdown */ |
| 532 | conn->err_code = CO_ER_PRX_EMPTY; |
| 533 | goto fail; |
| 534 | } |
| 535 | |
Willy Tarreau | c192b0a | 2020-01-23 09:11:58 +0100 | [diff] [blame] | 536 | conn->flags &= ~CO_FL_WAIT_L4_CONN; |
| 537 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 538 | if (trash.data < 6) |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 539 | goto missing; |
| 540 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 541 | line = trash.area; |
| 542 | end = trash.area + trash.data; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 543 | |
| 544 | /* Decode a possible proxy request, fail early if it does not match */ |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 545 | if (strncmp(line, "PROXY ", 6) != 0) |
| 546 | goto not_v1; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 547 | |
| 548 | line += 6; |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 549 | if (trash.data < 9) /* shortest possible line */ |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 550 | goto missing; |
| 551 | |
David CARLIER | 42ff05e | 2016-03-24 09:22:36 +0000 | [diff] [blame] | 552 | if (memcmp(line, "TCP4 ", 5) == 0) { |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 553 | u32 src3, dst3, sport, dport; |
| 554 | |
| 555 | line += 5; |
| 556 | |
| 557 | src3 = inetaddr_host_lim_ret(line, end, &line); |
| 558 | if (line == end) |
| 559 | goto missing; |
| 560 | if (*line++ != ' ') |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 561 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 562 | |
| 563 | dst3 = inetaddr_host_lim_ret(line, end, &line); |
| 564 | if (line == end) |
| 565 | goto missing; |
| 566 | if (*line++ != ' ') |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 567 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 568 | |
| 569 | sport = read_uint((const char **)&line, end); |
| 570 | if (line == end) |
| 571 | goto missing; |
| 572 | if (*line++ != ' ') |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 573 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 574 | |
| 575 | dport = read_uint((const char **)&line, end); |
| 576 | if (line > end - 2) |
| 577 | goto missing; |
| 578 | if (*line++ != '\r') |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 579 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 580 | if (*line++ != '\n') |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 581 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 582 | |
| 583 | /* update the session's addresses and mark them set */ |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 584 | ((struct sockaddr_in *)conn->src)->sin_family = AF_INET; |
| 585 | ((struct sockaddr_in *)conn->src)->sin_addr.s_addr = htonl(src3); |
| 586 | ((struct sockaddr_in *)conn->src)->sin_port = htons(sport); |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 587 | |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 588 | ((struct sockaddr_in *)conn->dst)->sin_family = AF_INET; |
| 589 | ((struct sockaddr_in *)conn->dst)->sin_addr.s_addr = htonl(dst3); |
| 590 | ((struct sockaddr_in *)conn->dst)->sin_port = htons(dport); |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 591 | conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; |
| 592 | } |
David CARLIER | 42ff05e | 2016-03-24 09:22:36 +0000 | [diff] [blame] | 593 | else if (memcmp(line, "TCP6 ", 5) == 0) { |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 594 | u32 sport, dport; |
| 595 | char *src_s; |
| 596 | char *dst_s, *sport_s, *dport_s; |
| 597 | struct in6_addr src3, dst3; |
| 598 | |
| 599 | line += 5; |
| 600 | |
| 601 | src_s = line; |
| 602 | dst_s = sport_s = dport_s = NULL; |
| 603 | while (1) { |
| 604 | if (line > end - 2) { |
| 605 | goto missing; |
| 606 | } |
| 607 | else if (*line == '\r') { |
| 608 | *line = 0; |
| 609 | line++; |
| 610 | if (*line++ != '\n') |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 611 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 612 | break; |
| 613 | } |
| 614 | |
| 615 | if (*line == ' ') { |
| 616 | *line = 0; |
| 617 | if (!dst_s) |
| 618 | dst_s = line + 1; |
| 619 | else if (!sport_s) |
| 620 | sport_s = line + 1; |
| 621 | else if (!dport_s) |
| 622 | dport_s = line + 1; |
| 623 | } |
| 624 | line++; |
| 625 | } |
| 626 | |
| 627 | if (!dst_s || !sport_s || !dport_s) |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 628 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 629 | |
| 630 | sport = read_uint((const char **)&sport_s,dport_s - 1); |
| 631 | if (*sport_s != 0) |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 632 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 633 | |
| 634 | dport = read_uint((const char **)&dport_s,line - 2); |
| 635 | if (*dport_s != 0) |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 636 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 637 | |
| 638 | if (inet_pton(AF_INET6, src_s, (void *)&src3) != 1) |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 639 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 640 | |
| 641 | if (inet_pton(AF_INET6, dst_s, (void *)&dst3) != 1) |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 642 | goto bad_header; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 643 | |
| 644 | /* update the session's addresses and mark them set */ |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 645 | ((struct sockaddr_in6 *)conn->src)->sin6_family = AF_INET6; |
| 646 | memcpy(&((struct sockaddr_in6 *)conn->src)->sin6_addr, &src3, sizeof(struct in6_addr)); |
| 647 | ((struct sockaddr_in6 *)conn->src)->sin6_port = htons(sport); |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 648 | |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 649 | ((struct sockaddr_in6 *)conn->dst)->sin6_family = AF_INET6; |
| 650 | memcpy(&((struct sockaddr_in6 *)conn->dst)->sin6_addr, &dst3, sizeof(struct in6_addr)); |
| 651 | ((struct sockaddr_in6 *)conn->dst)->sin6_port = htons(dport); |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 652 | conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; |
| 653 | } |
Willy Tarreau | 4c20d29 | 2014-06-14 11:41:36 +0200 | [diff] [blame] | 654 | else if (memcmp(line, "UNKNOWN\r\n", 9) == 0) { |
| 655 | /* This can be a UNIX socket forwarded by an haproxy upstream */ |
| 656 | line += 9; |
| 657 | } |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 658 | else { |
Willy Tarreau | 4c20d29 | 2014-06-14 11:41:36 +0200 | [diff] [blame] | 659 | /* The protocol does not match something known (TCP4/TCP6/UNKNOWN) */ |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 660 | conn->err_code = CO_ER_PRX_BAD_PROTO; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 661 | goto fail; |
| 662 | } |
| 663 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 664 | trash.data = line - trash.area; |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 665 | goto eat_header; |
| 666 | |
| 667 | not_v1: |
| 668 | /* try PPv2 */ |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 669 | if (trash.data < PP2_HEADER_LEN) |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 670 | goto missing; |
| 671 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 672 | hdr_v2 = (struct proxy_hdr_v2 *) trash.area; |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 673 | |
| 674 | if (memcmp(hdr_v2->sig, v2sig, PP2_SIGNATURE_LEN) != 0 || |
| 675 | (hdr_v2->ver_cmd & PP2_VERSION_MASK) != PP2_VERSION) { |
| 676 | conn->err_code = CO_ER_PRX_NOT_HDR; |
| 677 | goto fail; |
| 678 | } |
| 679 | |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 680 | total_v2_len = PP2_HEADER_LEN + ntohs(hdr_v2->len); |
| 681 | if (trash.data < total_v2_len) |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 682 | goto missing; |
| 683 | |
| 684 | switch (hdr_v2->ver_cmd & PP2_CMD_MASK) { |
| 685 | case 0x01: /* PROXY command */ |
| 686 | switch (hdr_v2->fam) { |
| 687 | case 0x11: /* TCPv4 */ |
KOVACS Krisztian | efd3aa9 | 2014-11-19 10:53:20 +0100 | [diff] [blame] | 688 | if (ntohs(hdr_v2->len) < PP2_ADDR_LEN_INET) |
| 689 | goto bad_header; |
| 690 | |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 691 | ((struct sockaddr_in *)conn->src)->sin_family = AF_INET; |
| 692 | ((struct sockaddr_in *)conn->src)->sin_addr.s_addr = hdr_v2->addr.ip4.src_addr; |
| 693 | ((struct sockaddr_in *)conn->src)->sin_port = hdr_v2->addr.ip4.src_port; |
| 694 | ((struct sockaddr_in *)conn->dst)->sin_family = AF_INET; |
| 695 | ((struct sockaddr_in *)conn->dst)->sin_addr.s_addr = hdr_v2->addr.ip4.dst_addr; |
| 696 | ((struct sockaddr_in *)conn->dst)->sin_port = hdr_v2->addr.ip4.dst_port; |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 697 | conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; |
KOVACS Krisztian | 7209c20 | 2015-07-03 14:09:10 +0200 | [diff] [blame] | 698 | tlv_offset = PP2_HEADER_LEN + PP2_ADDR_LEN_INET; |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 699 | break; |
| 700 | case 0x21: /* TCPv6 */ |
KOVACS Krisztian | efd3aa9 | 2014-11-19 10:53:20 +0100 | [diff] [blame] | 701 | if (ntohs(hdr_v2->len) < PP2_ADDR_LEN_INET6) |
| 702 | goto bad_header; |
| 703 | |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 704 | ((struct sockaddr_in6 *)conn->src)->sin6_family = AF_INET6; |
| 705 | memcpy(&((struct sockaddr_in6 *)conn->src)->sin6_addr, hdr_v2->addr.ip6.src_addr, 16); |
| 706 | ((struct sockaddr_in6 *)conn->src)->sin6_port = hdr_v2->addr.ip6.src_port; |
| 707 | ((struct sockaddr_in6 *)conn->dst)->sin6_family = AF_INET6; |
| 708 | memcpy(&((struct sockaddr_in6 *)conn->dst)->sin6_addr, hdr_v2->addr.ip6.dst_addr, 16); |
| 709 | ((struct sockaddr_in6 *)conn->dst)->sin6_port = hdr_v2->addr.ip6.dst_port; |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 710 | conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; |
KOVACS Krisztian | 7209c20 | 2015-07-03 14:09:10 +0200 | [diff] [blame] | 711 | tlv_offset = PP2_HEADER_LEN + PP2_ADDR_LEN_INET6; |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 712 | break; |
| 713 | } |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 714 | |
| 715 | /* TLV parsing */ |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 716 | while (tlv_offset < total_v2_len) { |
| 717 | struct tlv *tlv_packet; |
Tim Duesterhus | ba837ec | 2020-03-05 23:11:02 +0100 | [diff] [blame] | 718 | size_t tlv_len; |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 719 | |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 720 | /* Verify that we have at least TLV_HEADER_SIZE bytes left */ |
| 721 | if (tlv_offset + TLV_HEADER_SIZE > total_v2_len) |
| 722 | goto bad_header; |
| 723 | |
| 724 | tlv_packet = (struct tlv *) &trash.area[tlv_offset]; |
| 725 | tlv_len = get_tlv_length(tlv_packet); |
| 726 | tlv_offset += tlv_len + TLV_HEADER_SIZE; |
| 727 | |
| 728 | /* Verify that the TLV length does not exceed the total PROXYv2 length */ |
| 729 | if (tlv_offset > total_v2_len) |
| 730 | goto bad_header; |
| 731 | |
| 732 | switch (tlv_packet->type) { |
| 733 | case PP2_TYPE_CRC32C: { |
| 734 | uint32_t n_crc32c; |
| 735 | |
| 736 | /* Verify that this TLV is exactly 4 bytes long */ |
| 737 | if (tlv_len != 4) |
| 738 | goto bad_header; |
| 739 | |
| 740 | n_crc32c = read_n32(tlv_packet->value); |
| 741 | write_n32(tlv_packet->value, 0); // compute with CRC==0 |
| 742 | |
| 743 | if (hash_crc32c(trash.area, total_v2_len) != n_crc32c) |
| 744 | goto bad_header; |
| 745 | break; |
| 746 | } |
Willy Tarreau | e573323 | 2019-05-22 19:24:06 +0200 | [diff] [blame] | 747 | #ifdef USE_NS |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 748 | case PP2_TYPE_NETNS: { |
| 749 | const struct netns_entry *ns; |
| 750 | |
| 751 | ns = netns_store_lookup((char*)tlv_packet->value, tlv_len); |
| 752 | if (ns) |
| 753 | conn->proxy_netns = ns; |
| 754 | break; |
| 755 | } |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 756 | #endif |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 757 | case PP2_TYPE_AUTHORITY: { |
| 758 | if (tlv_len > PP2_AUTHORITY_MAX) |
| 759 | goto bad_header; |
| 760 | conn->proxy_authority = pool_alloc(pool_head_authority); |
| 761 | if (conn->proxy_authority == NULL) |
| 762 | goto fail; |
| 763 | memcpy(conn->proxy_authority, (const char *)tlv_packet->value, tlv_len); |
| 764 | conn->proxy_authority_len = tlv_len; |
| 765 | break; |
| 766 | } |
Tim Duesterhus | d1b15b6 | 2020-03-13 12:34:23 +0100 | [diff] [blame] | 767 | case PP2_TYPE_UNIQUE_ID: { |
| 768 | const struct ist tlv = ist2((const char *)tlv_packet->value, tlv_len); |
| 769 | |
| 770 | if (tlv.len > UNIQUEID_LEN) |
| 771 | goto bad_header; |
Tim Duesterhus | 2b7f6c2 | 2020-03-14 13:07:05 +0100 | [diff] [blame] | 772 | conn->proxy_unique_id = ist2(pool_alloc(pool_head_uniqueid), 0); |
Tim Duesterhus | d1b15b6 | 2020-03-13 12:34:23 +0100 | [diff] [blame] | 773 | if (!isttest(conn->proxy_unique_id)) |
| 774 | goto fail; |
| 775 | if (istcpy(&conn->proxy_unique_id, tlv, UNIQUEID_LEN) < 0) { |
| 776 | /* This is technically unreachable, because we verified above |
| 777 | * that the TLV value fits. |
| 778 | */ |
| 779 | goto fail; |
| 780 | } |
| 781 | break; |
| 782 | } |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 783 | default: |
| 784 | break; |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 785 | } |
| 786 | } |
| 787 | |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 788 | /* Verify that the PROXYv2 header ends at a TLV boundary. |
| 789 | * This is technically unreachable, because the TLV parsing already |
| 790 | * verifies that a TLV does not exceed the total length and also |
| 791 | * that there is space for a TLV header. |
| 792 | */ |
| 793 | if (tlv_offset != total_v2_len) |
| 794 | goto bad_header; |
| 795 | |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 796 | /* unsupported protocol, keep local connection address */ |
| 797 | break; |
| 798 | case 0x00: /* LOCAL command */ |
| 799 | /* keep local connection address for LOCAL */ |
| 800 | break; |
| 801 | default: |
| 802 | goto bad_header; /* not a supported command */ |
| 803 | } |
| 804 | |
Tim Duesterhus | 488ee7f | 2020-03-05 22:55:20 +0100 | [diff] [blame] | 805 | trash.data = total_v2_len; |
Willy Tarreau | 7799267 | 2014-06-14 11:06:17 +0200 | [diff] [blame] | 806 | goto eat_header; |
| 807 | |
| 808 | eat_header: |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 809 | /* remove the PROXY line from the request. For this we re-read the |
| 810 | * exact line at once. If we don't get the exact same result, we |
| 811 | * fail. |
| 812 | */ |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 813 | while (1) { |
Tim Duesterhus | a8692f3 | 2020-03-13 12:34:25 +0100 | [diff] [blame] | 814 | ssize_t len2 = recv(conn->handle.fd, trash.area, trash.data, 0); |
| 815 | |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 816 | if (len2 < 0 && errno == EINTR) |
| 817 | continue; |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 818 | if (len2 != trash.data) |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 819 | goto recv_abort; |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 820 | break; |
| 821 | } |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 822 | |
| 823 | conn->flags &= ~flag; |
Emeric Brun | 4f60301 | 2017-01-05 15:11:44 +0100 | [diff] [blame] | 824 | conn->flags |= CO_FL_RCVD_PROXY; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 825 | return 1; |
| 826 | |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 827 | not_ready: |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 828 | return 0; |
| 829 | |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 830 | missing: |
| 831 | /* Missing data. Since we're using MSG_PEEK, we can only poll again if |
| 832 | * we have not read anything. Otherwise we need to fail because we won't |
| 833 | * be able to poll anymore. |
| 834 | */ |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 835 | conn->err_code = CO_ER_PRX_TRUNCATED; |
| 836 | goto fail; |
| 837 | |
| 838 | bad_header: |
| 839 | /* This is not a valid proxy protocol header */ |
| 840 | conn->err_code = CO_ER_PRX_BAD_HDR; |
| 841 | goto fail; |
| 842 | |
| 843 | recv_abort: |
| 844 | conn->err_code = CO_ER_PRX_ABORT; |
Willy Tarreau | 26f4a04 | 2013-12-04 23:44:10 +0100 | [diff] [blame] | 845 | conn->flags |= CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH; |
Willy Tarreau | 8e3bf69 | 2012-12-03 15:41:18 +0100 | [diff] [blame] | 846 | goto fail; |
| 847 | |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 848 | fail: |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 849 | conn->flags |= CO_FL_ERROR; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 850 | return 0; |
| 851 | } |
| 852 | |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 853 | /* This handshake handler waits a NetScaler Client IP insertion header |
Bertrand Jacquin | 72fa1ec | 2017-12-12 01:17:23 +0000 | [diff] [blame] | 854 | * at the beginning of the raw data stream. The header format is |
| 855 | * described in doc/netscaler-client-ip-insertion-protocol.txt |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 856 | * |
| 857 | * This line MUST be at the beginning of the buffer and MUST NOT be |
| 858 | * fragmented. |
| 859 | * |
| 860 | * The header line is small and in all cases smaller than the smallest normal |
| 861 | * TCP MSS. So it MUST always be delivered as one segment, which ensures we |
| 862 | * can safely use MSG_PEEK and avoid buffering. |
| 863 | * |
| 864 | * Once the data is fetched, the values are set in the connection's address |
| 865 | * fields, and data are removed from the socket's buffer. The function returns |
| 866 | * zero if it needs to wait for more data or if it fails, or 1 if it completed |
| 867 | * and removed itself. |
| 868 | */ |
| 869 | int conn_recv_netscaler_cip(struct connection *conn, int flag) |
| 870 | { |
| 871 | char *line; |
Bertrand Jacquin | 7d668f9 | 2017-12-13 01:23:39 +0000 | [diff] [blame] | 872 | uint32_t hdr_len; |
Willy Tarreau | 0ca24aa | 2019-03-29 17:35:32 +0100 | [diff] [blame] | 873 | uint8_t ip_ver; |
Willy Tarreau | b406b87 | 2018-08-22 05:20:32 +0200 | [diff] [blame] | 874 | int ret; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 875 | |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 876 | if (!conn_ctrl_ready(conn)) |
| 877 | goto fail; |
| 878 | |
Olivier Houchard | 1a9dbe5 | 2020-01-22 15:31:09 +0100 | [diff] [blame] | 879 | if (!sockaddr_alloc(&conn->src) || !sockaddr_alloc(&conn->dst)) |
| 880 | goto fail; |
| 881 | |
Willy Tarreau | 585744b | 2017-08-24 14:31:19 +0200 | [diff] [blame] | 882 | if (!fd_recv_ready(conn->handle.fd)) |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 883 | goto not_ready; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 884 | |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 885 | while (1) { |
Willy Tarreau | b406b87 | 2018-08-22 05:20:32 +0200 | [diff] [blame] | 886 | ret = recv(conn->handle.fd, trash.area, trash.size, MSG_PEEK); |
| 887 | if (ret < 0) { |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 888 | if (errno == EINTR) |
| 889 | continue; |
| 890 | if (errno == EAGAIN) { |
Willy Tarreau | 585744b | 2017-08-24 14:31:19 +0200 | [diff] [blame] | 891 | fd_cant_recv(conn->handle.fd); |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 892 | goto not_ready; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 893 | } |
| 894 | goto recv_abort; |
| 895 | } |
Willy Tarreau | b406b87 | 2018-08-22 05:20:32 +0200 | [diff] [blame] | 896 | trash.data = ret; |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 897 | break; |
| 898 | } |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 899 | |
Willy Tarreau | c192b0a | 2020-01-23 09:11:58 +0100 | [diff] [blame] | 900 | conn->flags &= ~CO_FL_WAIT_L4_CONN; |
| 901 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 902 | if (!trash.data) { |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 903 | /* client shutdown */ |
| 904 | conn->err_code = CO_ER_CIP_EMPTY; |
| 905 | goto fail; |
| 906 | } |
| 907 | |
| 908 | /* Fail if buffer length is not large enough to contain |
Bertrand Jacquin | 72fa1ec | 2017-12-12 01:17:23 +0000 | [diff] [blame] | 909 | * CIP magic, header length or |
| 910 | * CIP magic, CIP length, CIP type, header length */ |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 911 | if (trash.data < 12) |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 912 | goto missing; |
| 913 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 914 | line = trash.area; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 915 | |
| 916 | /* Decode a possible NetScaler Client IP request, fail early if |
| 917 | * it does not match */ |
Willy Tarreau | 1ac83af | 2020-02-25 10:06:49 +0100 | [diff] [blame] | 918 | if (ntohl(read_u32(line)) != __objt_listener(conn->target)->bind_conf->ns_cip_magic) |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 919 | goto bad_magic; |
| 920 | |
Bertrand Jacquin | 72fa1ec | 2017-12-12 01:17:23 +0000 | [diff] [blame] | 921 | /* Legacy CIP protocol */ |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 922 | if ((trash.area[8] & 0xD0) == 0x40) { |
Willy Tarreau | 1ac83af | 2020-02-25 10:06:49 +0100 | [diff] [blame] | 923 | hdr_len = ntohl(read_u32((line+4))); |
Bertrand Jacquin | 72fa1ec | 2017-12-12 01:17:23 +0000 | [diff] [blame] | 924 | line += 8; |
| 925 | } |
| 926 | /* Standard CIP protocol */ |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 927 | else if (trash.area[8] == 0x00) { |
Willy Tarreau | 1ac83af | 2020-02-25 10:06:49 +0100 | [diff] [blame] | 928 | hdr_len = ntohs(read_u32((line+10))); |
Bertrand Jacquin | 72fa1ec | 2017-12-12 01:17:23 +0000 | [diff] [blame] | 929 | line += 12; |
| 930 | } |
| 931 | /* Unknown CIP protocol */ |
| 932 | else { |
| 933 | conn->err_code = CO_ER_CIP_BAD_PROTO; |
| 934 | goto fail; |
| 935 | } |
| 936 | |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 937 | /* Fail if buffer length is not large enough to contain |
Bertrand Jacquin | 72fa1ec | 2017-12-12 01:17:23 +0000 | [diff] [blame] | 938 | * a minimal IP header */ |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 939 | if (trash.data < 20) |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 940 | goto missing; |
| 941 | |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 942 | /* Get IP version from the first four bits */ |
Willy Tarreau | 0ca24aa | 2019-03-29 17:35:32 +0100 | [diff] [blame] | 943 | ip_ver = (*line & 0xf0) >> 4; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 944 | |
Willy Tarreau | 0ca24aa | 2019-03-29 17:35:32 +0100 | [diff] [blame] | 945 | if (ip_ver == 4) { |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 946 | struct ip *hdr_ip4; |
David Carlier | 3015a2e | 2016-07-04 22:51:33 +0100 | [diff] [blame] | 947 | struct my_tcphdr *hdr_tcp; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 948 | |
| 949 | hdr_ip4 = (struct ip *)line; |
| 950 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 951 | if (trash.data < 40 || trash.data < hdr_len) { |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 952 | /* Fail if buffer length is not large enough to contain |
Bertrand Jacquin | 67de5a2 | 2017-12-13 01:15:05 +0000 | [diff] [blame] | 953 | * IPv4 header, TCP header */ |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 954 | goto missing; |
Bertrand Jacquin | b387591 | 2017-12-13 00:58:51 +0000 | [diff] [blame] | 955 | } |
| 956 | else if (hdr_ip4->ip_p != IPPROTO_TCP) { |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 957 | /* The protocol does not include a TCP header */ |
| 958 | conn->err_code = CO_ER_CIP_BAD_PROTO; |
| 959 | goto fail; |
Bertrand Jacquin | b387591 | 2017-12-13 00:58:51 +0000 | [diff] [blame] | 960 | } |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 961 | |
David Carlier | 3015a2e | 2016-07-04 22:51:33 +0100 | [diff] [blame] | 962 | hdr_tcp = (struct my_tcphdr *)(line + (hdr_ip4->ip_hl * 4)); |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 963 | |
| 964 | /* update the session's addresses and mark them set */ |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 965 | ((struct sockaddr_in *)conn->src)->sin_family = AF_INET; |
| 966 | ((struct sockaddr_in *)conn->src)->sin_addr.s_addr = hdr_ip4->ip_src.s_addr; |
| 967 | ((struct sockaddr_in *)conn->src)->sin_port = hdr_tcp->source; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 968 | |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 969 | ((struct sockaddr_in *)conn->dst)->sin_family = AF_INET; |
| 970 | ((struct sockaddr_in *)conn->dst)->sin_addr.s_addr = hdr_ip4->ip_dst.s_addr; |
| 971 | ((struct sockaddr_in *)conn->dst)->sin_port = hdr_tcp->dest; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 972 | |
| 973 | conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; |
| 974 | } |
Willy Tarreau | 0ca24aa | 2019-03-29 17:35:32 +0100 | [diff] [blame] | 975 | else if (ip_ver == 6) { |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 976 | struct ip6_hdr *hdr_ip6; |
David Carlier | 3015a2e | 2016-07-04 22:51:33 +0100 | [diff] [blame] | 977 | struct my_tcphdr *hdr_tcp; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 978 | |
| 979 | hdr_ip6 = (struct ip6_hdr *)line; |
| 980 | |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 981 | if (trash.data < 60 || trash.data < hdr_len) { |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 982 | /* Fail if buffer length is not large enough to contain |
Bertrand Jacquin | 67de5a2 | 2017-12-13 01:15:05 +0000 | [diff] [blame] | 983 | * IPv6 header, TCP header */ |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 984 | goto missing; |
Bertrand Jacquin | b387591 | 2017-12-13 00:58:51 +0000 | [diff] [blame] | 985 | } |
| 986 | else if (hdr_ip6->ip6_nxt != IPPROTO_TCP) { |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 987 | /* The protocol does not include a TCP header */ |
| 988 | conn->err_code = CO_ER_CIP_BAD_PROTO; |
| 989 | goto fail; |
Bertrand Jacquin | b387591 | 2017-12-13 00:58:51 +0000 | [diff] [blame] | 990 | } |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 991 | |
David Carlier | 3015a2e | 2016-07-04 22:51:33 +0100 | [diff] [blame] | 992 | hdr_tcp = (struct my_tcphdr *)(line + sizeof(struct ip6_hdr)); |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 993 | |
| 994 | /* update the session's addresses and mark them set */ |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 995 | ((struct sockaddr_in6 *)conn->src)->sin6_family = AF_INET6; |
| 996 | ((struct sockaddr_in6 *)conn->src)->sin6_addr = hdr_ip6->ip6_src; |
| 997 | ((struct sockaddr_in6 *)conn->src)->sin6_port = hdr_tcp->source; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 998 | |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 999 | ((struct sockaddr_in6 *)conn->dst)->sin6_family = AF_INET6; |
| 1000 | ((struct sockaddr_in6 *)conn->dst)->sin6_addr = hdr_ip6->ip6_dst; |
| 1001 | ((struct sockaddr_in6 *)conn->dst)->sin6_port = hdr_tcp->dest; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 1002 | |
| 1003 | conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; |
| 1004 | } |
| 1005 | else { |
| 1006 | /* The protocol does not match something known (IPv4/IPv6) */ |
| 1007 | conn->err_code = CO_ER_CIP_BAD_PROTO; |
| 1008 | goto fail; |
| 1009 | } |
| 1010 | |
Bertrand Jacquin | 7d668f9 | 2017-12-13 01:23:39 +0000 | [diff] [blame] | 1011 | line += hdr_len; |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 1012 | trash.data = line - trash.area; |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 1013 | |
| 1014 | /* remove the NetScaler Client IP header from the request. For this |
| 1015 | * we re-read the exact line at once. If we don't get the exact same |
| 1016 | * result, we fail. |
| 1017 | */ |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 1018 | while (1) { |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 1019 | int len2 = recv(conn->handle.fd, trash.area, trash.data, 0); |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 1020 | if (len2 < 0 && errno == EINTR) |
| 1021 | continue; |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 1022 | if (len2 != trash.data) |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 1023 | goto recv_abort; |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 1024 | break; |
| 1025 | } |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 1026 | |
| 1027 | conn->flags &= ~flag; |
| 1028 | return 1; |
| 1029 | |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 1030 | not_ready: |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 1031 | return 0; |
| 1032 | |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 1033 | missing: |
| 1034 | /* Missing data. Since we're using MSG_PEEK, we can only poll again if |
| 1035 | * we have not read anything. Otherwise we need to fail because we won't |
| 1036 | * be able to poll anymore. |
| 1037 | */ |
| 1038 | conn->err_code = CO_ER_CIP_TRUNCATED; |
| 1039 | goto fail; |
| 1040 | |
| 1041 | bad_magic: |
| 1042 | conn->err_code = CO_ER_CIP_BAD_MAGIC; |
| 1043 | goto fail; |
| 1044 | |
| 1045 | recv_abort: |
| 1046 | conn->err_code = CO_ER_CIP_ABORT; |
| 1047 | conn->flags |= CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH; |
| 1048 | goto fail; |
| 1049 | |
| 1050 | fail: |
Bertrand Jacquin | 93b227d | 2016-06-04 15:11:10 +0100 | [diff] [blame] | 1051 | conn->flags |= CO_FL_ERROR; |
| 1052 | return 0; |
| 1053 | } |
| 1054 | |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1055 | |
| 1056 | int conn_send_socks4_proxy_request(struct connection *conn) |
| 1057 | { |
| 1058 | struct socks4_request req_line; |
| 1059 | |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1060 | if (!conn_ctrl_ready(conn)) |
| 1061 | goto out_error; |
| 1062 | |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 1063 | if (!conn_get_dst(conn)) |
| 1064 | goto out_error; |
| 1065 | |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1066 | req_line.version = 0x04; |
| 1067 | req_line.command = 0x01; |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 1068 | req_line.port = get_net_port(conn->dst); |
| 1069 | req_line.ip = is_inet_addr(conn->dst); |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1070 | memcpy(req_line.user_id, "HAProxy\0", 8); |
| 1071 | |
| 1072 | if (conn->send_proxy_ofs > 0) { |
| 1073 | /* |
| 1074 | * This is the first call to send the request |
| 1075 | */ |
| 1076 | conn->send_proxy_ofs = -(int)sizeof(req_line); |
| 1077 | } |
| 1078 | |
| 1079 | if (conn->send_proxy_ofs < 0) { |
| 1080 | int ret = 0; |
| 1081 | |
| 1082 | /* we are sending the socks4_req_line here. If the data layer |
| 1083 | * has a pending write, we'll also set MSG_MORE. |
| 1084 | */ |
| 1085 | ret = conn_sock_send( |
| 1086 | conn, |
| 1087 | ((char *)(&req_line)) + (sizeof(req_line)+conn->send_proxy_ofs), |
| 1088 | -conn->send_proxy_ofs, |
Willy Tarreau | 19bc201 | 2020-02-21 08:46:19 +0100 | [diff] [blame] | 1089 | (conn->subs && conn->subs->events & SUB_RETRY_SEND) ? MSG_MORE : 0); |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1090 | |
| 1091 | DPRINTF(stderr, "SOCKS PROXY HS FD[%04X]: Before send remain is [%d], sent [%d]\n", |
| 1092 | conn->handle.fd, -conn->send_proxy_ofs, ret); |
| 1093 | |
| 1094 | if (ret < 0) { |
| 1095 | goto out_error; |
| 1096 | } |
| 1097 | |
| 1098 | conn->send_proxy_ofs += ret; /* becomes zero once complete */ |
| 1099 | if (conn->send_proxy_ofs != 0) { |
| 1100 | goto out_wait; |
| 1101 | } |
| 1102 | } |
| 1103 | |
| 1104 | /* OK we've the whole request sent */ |
| 1105 | conn->flags &= ~CO_FL_SOCKS4_SEND; |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1106 | |
| 1107 | /* The connection is ready now, simply return and let the connection |
| 1108 | * handler notify upper layers if needed. |
| 1109 | */ |
Willy Tarreau | c192b0a | 2020-01-23 09:11:58 +0100 | [diff] [blame] | 1110 | conn->flags &= ~CO_FL_WAIT_L4_CONN; |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1111 | |
| 1112 | if (conn->flags & CO_FL_SEND_PROXY) { |
| 1113 | /* |
| 1114 | * Get the send_proxy_ofs ready for the send_proxy due to we are |
| 1115 | * reusing the "send_proxy_ofs", and SOCKS4 handshake should be done |
| 1116 | * before sending PROXY Protocol. |
| 1117 | */ |
| 1118 | conn->send_proxy_ofs = 1; |
| 1119 | } |
| 1120 | return 1; |
| 1121 | |
| 1122 | out_error: |
| 1123 | /* Write error on the file descriptor */ |
| 1124 | conn->flags |= CO_FL_ERROR; |
| 1125 | if (conn->err_code == CO_ER_NONE) { |
| 1126 | conn->err_code = CO_ER_SOCKS4_SEND; |
| 1127 | } |
| 1128 | return 0; |
| 1129 | |
| 1130 | out_wait: |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1131 | return 0; |
| 1132 | } |
| 1133 | |
| 1134 | int conn_recv_socks4_proxy_response(struct connection *conn) |
| 1135 | { |
| 1136 | char line[SOCKS4_HS_RSP_LEN]; |
| 1137 | int ret; |
| 1138 | |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1139 | if (!conn_ctrl_ready(conn)) |
| 1140 | goto fail; |
| 1141 | |
| 1142 | if (!fd_recv_ready(conn->handle.fd)) |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 1143 | goto not_ready; |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1144 | |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 1145 | while (1) { |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1146 | /* SOCKS4 Proxy will response with 8 bytes, 0x00 | 0x5A | 0x00 0x00 | 0x00 0x00 0x00 0x00 |
| 1147 | * Try to peek into it, before all 8 bytes ready. |
| 1148 | */ |
| 1149 | ret = recv(conn->handle.fd, line, SOCKS4_HS_RSP_LEN, MSG_PEEK); |
| 1150 | |
| 1151 | if (ret == 0) { |
| 1152 | /* the socket has been closed or shutdown for send */ |
| 1153 | DPRINTF(stderr, "SOCKS PROXY HS FD[%04X]: Received ret[%d], errno[%d], looks like the socket has been closed or shutdown for send\n", |
| 1154 | conn->handle.fd, ret, errno); |
| 1155 | if (conn->err_code == CO_ER_NONE) { |
| 1156 | conn->err_code = CO_ER_SOCKS4_RECV; |
| 1157 | } |
| 1158 | goto fail; |
| 1159 | } |
| 1160 | |
| 1161 | if (ret > 0) { |
| 1162 | if (ret == SOCKS4_HS_RSP_LEN) { |
| 1163 | DPRINTF(stderr, "SOCKS PROXY HS FD[%04X]: Received 8 bytes, the response is [%02X|%02X|%02X %02X|%02X %02X %02X %02X]\n", |
| 1164 | conn->handle.fd, line[0], line[1], line[2], line[3], line[4], line[5], line[6], line[7]); |
| 1165 | }else{ |
| 1166 | DPRINTF(stderr, "SOCKS PROXY HS FD[%04X]: Received ret[%d], first byte is [%02X], last bye is [%02X]\n", conn->handle.fd, ret, line[0], line[ret-1]); |
| 1167 | } |
| 1168 | } else { |
| 1169 | DPRINTF(stderr, "SOCKS PROXY HS FD[%04X]: Received ret[%d], errno[%d]\n", conn->handle.fd, ret, errno); |
| 1170 | } |
| 1171 | |
| 1172 | if (ret < 0) { |
| 1173 | if (errno == EINTR) { |
| 1174 | continue; |
| 1175 | } |
| 1176 | if (errno == EAGAIN) { |
| 1177 | fd_cant_recv(conn->handle.fd); |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 1178 | goto not_ready; |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1179 | } |
| 1180 | goto recv_abort; |
| 1181 | } |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 1182 | break; |
| 1183 | } |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1184 | |
Willy Tarreau | c192b0a | 2020-01-23 09:11:58 +0100 | [diff] [blame] | 1185 | conn->flags &= ~CO_FL_WAIT_L4_CONN; |
| 1186 | |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1187 | if (ret < SOCKS4_HS_RSP_LEN) { |
| 1188 | /* Missing data. Since we're using MSG_PEEK, we can only poll again if |
| 1189 | * we are not able to read enough data. |
| 1190 | */ |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 1191 | goto not_ready; |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1192 | } |
| 1193 | |
| 1194 | /* |
| 1195 | * Base on the SOCSK4 protocol: |
| 1196 | * |
| 1197 | * +----+----+----+----+----+----+----+----+ |
| 1198 | * | VN | CD | DSTPORT | DSTIP | |
| 1199 | * +----+----+----+----+----+----+----+----+ |
| 1200 | * # of bytes: 1 1 2 4 |
| 1201 | * VN is the version of the reply code and should be 0. CD is the result |
| 1202 | * code with one of the following values: |
| 1203 | * 90: request granted |
| 1204 | * 91: request rejected or failed |
Ilya Shipitsin | ce7b00f | 2020-03-23 22:28:40 +0500 | [diff] [blame] | 1205 | * 92: request rejected because SOCKS server cannot connect to identd on the client |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1206 | * 93: request rejected because the client program and identd report different user-ids |
| 1207 | * The remaining fields are ignored. |
| 1208 | */ |
| 1209 | if (line[1] != 90) { |
| 1210 | conn->flags &= ~CO_FL_SOCKS4_RECV; |
| 1211 | |
| 1212 | DPRINTF(stderr, "SOCKS PROXY HS FD[%04X]: FAIL, the response is [%02X|%02X|%02X %02X|%02X %02X %02X %02X]\n", |
| 1213 | conn->handle.fd, line[0], line[1], line[2], line[3], line[4], line[5], line[6], line[7]); |
| 1214 | if (conn->err_code == CO_ER_NONE) { |
| 1215 | conn->err_code = CO_ER_SOCKS4_DENY; |
| 1216 | } |
| 1217 | goto fail; |
| 1218 | } |
| 1219 | |
| 1220 | /* remove the 8 bytes response from the stream */ |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 1221 | while (1) { |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1222 | ret = recv(conn->handle.fd, line, SOCKS4_HS_RSP_LEN, 0); |
| 1223 | if (ret < 0 && errno == EINTR) { |
| 1224 | continue; |
| 1225 | } |
| 1226 | if (ret != SOCKS4_HS_RSP_LEN) { |
| 1227 | if (conn->err_code == CO_ER_NONE) { |
| 1228 | conn->err_code = CO_ER_SOCKS4_RECV; |
| 1229 | } |
| 1230 | goto fail; |
| 1231 | } |
Willy Tarreau | 157788c | 2020-02-11 10:08:05 +0100 | [diff] [blame] | 1232 | break; |
| 1233 | } |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1234 | |
| 1235 | conn->flags &= ~CO_FL_SOCKS4_RECV; |
| 1236 | return 1; |
| 1237 | |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 1238 | not_ready: |
Willy Tarreau | 6499b9d | 2019-06-03 08:17:30 +0200 | [diff] [blame] | 1239 | return 0; |
| 1240 | |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1241 | recv_abort: |
| 1242 | if (conn->err_code == CO_ER_NONE) { |
| 1243 | conn->err_code = CO_ER_SOCKS4_ABORT; |
| 1244 | } |
| 1245 | conn->flags |= (CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH); |
| 1246 | goto fail; |
| 1247 | |
| 1248 | fail: |
Alexander Liu | 2a54bb7 | 2019-05-22 19:44:48 +0800 | [diff] [blame] | 1249 | conn->flags |= CO_FL_ERROR; |
| 1250 | return 0; |
| 1251 | } |
| 1252 | |
Ilya Shipitsin | ca56fce | 2018-09-15 00:50:05 +0500 | [diff] [blame] | 1253 | /* Note: <remote> is explicitly allowed to be NULL */ |
Tim Duesterhus | cf6e0c8 | 2020-03-13 12:34:24 +0100 | [diff] [blame] | 1254 | int make_proxy_line(char *buf, int buf_len, struct server *srv, struct connection *remote, struct stream *strm) |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1255 | { |
| 1256 | int ret = 0; |
| 1257 | |
| 1258 | if (srv && (srv->pp_opts & SRV_PP_V2)) { |
Tim Duesterhus | cf6e0c8 | 2020-03-13 12:34:24 +0100 | [diff] [blame] | 1259 | ret = make_proxy_line_v2(buf, buf_len, srv, remote, strm); |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1260 | } |
| 1261 | else { |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 1262 | if (remote && conn_get_src(remote) && conn_get_dst(remote)) |
| 1263 | ret = make_proxy_line_v1(buf, buf_len, remote->src, remote->dst); |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1264 | else |
| 1265 | ret = make_proxy_line_v1(buf, buf_len, NULL, NULL); |
| 1266 | } |
| 1267 | |
| 1268 | return ret; |
| 1269 | } |
| 1270 | |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1271 | /* Makes a PROXY protocol line from the two addresses. The output is sent to |
| 1272 | * buffer <buf> for a maximum size of <buf_len> (including the trailing zero). |
| 1273 | * It returns the number of bytes composing this line (including the trailing |
| 1274 | * LF), or zero in case of failure (eg: not enough space). It supports TCP4, |
Willy Tarreau | 2e1401a | 2013-10-01 11:41:55 +0200 | [diff] [blame] | 1275 | * TCP6 and "UNKNOWN" formats. If any of <src> or <dst> is null, UNKNOWN is |
| 1276 | * emitted as well. |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1277 | */ |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1278 | int make_proxy_line_v1(char *buf, int buf_len, struct sockaddr_storage *src, struct sockaddr_storage *dst) |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1279 | { |
| 1280 | int ret = 0; |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1281 | char * protocol; |
| 1282 | char src_str[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN)]; |
| 1283 | char dst_str[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN)]; |
| 1284 | in_port_t src_port; |
| 1285 | in_port_t dst_port; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1286 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1287 | if ( !src |
| 1288 | || !dst |
| 1289 | || (src->ss_family != AF_INET && src->ss_family != AF_INET6) |
| 1290 | || (dst->ss_family != AF_INET && dst->ss_family != AF_INET6)) { |
| 1291 | /* unknown family combination */ |
| 1292 | ret = snprintf(buf, buf_len, "PROXY UNKNOWN\r\n"); |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1293 | if (ret >= buf_len) |
| 1294 | return 0; |
| 1295 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1296 | return ret; |
| 1297 | } |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1298 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1299 | /* IPv4 for both src and dst */ |
| 1300 | if (src->ss_family == AF_INET && dst->ss_family == AF_INET) { |
| 1301 | protocol = "TCP4"; |
| 1302 | if (!inet_ntop(AF_INET, &((struct sockaddr_in *)src)->sin_addr, src_str, sizeof(src_str))) |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1303 | return 0; |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1304 | src_port = ((struct sockaddr_in *)src)->sin_port; |
| 1305 | if (!inet_ntop(AF_INET, &((struct sockaddr_in *)dst)->sin_addr, dst_str, sizeof(dst_str))) |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1306 | return 0; |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1307 | dst_port = ((struct sockaddr_in *)dst)->sin_port; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1308 | } |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1309 | /* IPv6 for at least one of src and dst */ |
| 1310 | else { |
| 1311 | struct in6_addr tmp; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1312 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1313 | protocol = "TCP6"; |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1314 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1315 | if (src->ss_family == AF_INET) { |
| 1316 | /* Convert src to IPv6 */ |
| 1317 | v4tov6(&tmp, &((struct sockaddr_in *)src)->sin_addr); |
| 1318 | src_port = ((struct sockaddr_in *)src)->sin_port; |
| 1319 | } |
| 1320 | else { |
| 1321 | tmp = ((struct sockaddr_in6 *)src)->sin6_addr; |
| 1322 | src_port = ((struct sockaddr_in6 *)src)->sin6_port; |
| 1323 | } |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1324 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1325 | if (!inet_ntop(AF_INET6, &tmp, src_str, sizeof(src_str))) |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1326 | return 0; |
| 1327 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1328 | if (dst->ss_family == AF_INET) { |
| 1329 | /* Convert dst to IPv6 */ |
| 1330 | v4tov6(&tmp, &((struct sockaddr_in *)dst)->sin_addr); |
| 1331 | dst_port = ((struct sockaddr_in *)dst)->sin_port; |
| 1332 | } |
| 1333 | else { |
| 1334 | tmp = ((struct sockaddr_in6 *)dst)->sin6_addr; |
| 1335 | dst_port = ((struct sockaddr_in6 *)dst)->sin6_port; |
| 1336 | } |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1337 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1338 | if (!inet_ntop(AF_INET6, &tmp, dst_str, sizeof(dst_str))) |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1339 | return 0; |
| 1340 | } |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1341 | |
| 1342 | ret = snprintf(buf, buf_len, "PROXY %s %s %s %u %u\r\n", protocol, src_str, dst_str, ntohs(src_port), ntohs(dst_port)); |
| 1343 | if (ret >= buf_len) |
| 1344 | return 0; |
| 1345 | |
Willy Tarreau | e1e4a61 | 2012-10-05 00:10:55 +0200 | [diff] [blame] | 1346 | return ret; |
| 1347 | } |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1348 | |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 1349 | static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const char *value) |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1350 | { |
| 1351 | struct tlv *tlv; |
| 1352 | |
| 1353 | if (!dest || (length + sizeof(*tlv) > dest_len)) |
| 1354 | return 0; |
| 1355 | |
| 1356 | tlv = (struct tlv *)dest; |
| 1357 | |
| 1358 | tlv->type = type; |
| 1359 | tlv->length_hi = length >> 8; |
| 1360 | tlv->length_lo = length & 0x00ff; |
| 1361 | memcpy(tlv->value, value, length); |
| 1362 | return length + sizeof(*tlv); |
| 1363 | } |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1364 | |
Ilya Shipitsin | ca56fce | 2018-09-15 00:50:05 +0500 | [diff] [blame] | 1365 | /* Note: <remote> is explicitly allowed to be NULL */ |
Tim Duesterhus | cf6e0c8 | 2020-03-13 12:34:24 +0100 | [diff] [blame] | 1366 | int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote, struct stream *strm) |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1367 | { |
Willy Tarreau | 8fccfa2 | 2014-06-14 08:28:06 +0200 | [diff] [blame] | 1368 | const char pp2_signature[] = PP2_SIGNATURE; |
Emmanuel Hocdet | 4399c75 | 2018-02-05 15:26:43 +0100 | [diff] [blame] | 1369 | void *tlv_crc32c_p = NULL; |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1370 | int ret = 0; |
Willy Tarreau | 8fccfa2 | 2014-06-14 08:28:06 +0200 | [diff] [blame] | 1371 | struct proxy_hdr_v2 *hdr = (struct proxy_hdr_v2 *)buf; |
Vincent Bernat | 6e61589 | 2016-05-18 16:17:44 +0200 | [diff] [blame] | 1372 | struct sockaddr_storage null_addr = { .ss_family = 0 }; |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1373 | struct sockaddr_storage *src = &null_addr; |
| 1374 | struct sockaddr_storage *dst = &null_addr; |
Emmanuel Hocdet | 404d978 | 2017-10-24 10:55:14 +0200 | [diff] [blame] | 1375 | const char *value; |
| 1376 | int value_len; |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1377 | |
| 1378 | if (buf_len < PP2_HEADER_LEN) |
| 1379 | return 0; |
Willy Tarreau | 8fccfa2 | 2014-06-14 08:28:06 +0200 | [diff] [blame] | 1380 | memcpy(hdr->sig, pp2_signature, PP2_SIGNATURE_LEN); |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1381 | |
Willy Tarreau | 226572f | 2019-07-17 14:46:00 +0200 | [diff] [blame] | 1382 | if (remote && conn_get_src(remote) && conn_get_dst(remote)) { |
| 1383 | src = remote->src; |
| 1384 | dst = remote->dst; |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1385 | } |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 1386 | |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1387 | /* At least one of src or dst is not of AF_INET or AF_INET6 */ |
| 1388 | if ( !src |
| 1389 | || !dst |
Willy Tarreau | 119e50e | 2020-05-22 13:53:29 +0200 | [diff] [blame] | 1390 | || (!pp2_never_send_local && conn_is_back(remote)) // locally initiated connection |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1391 | || (src->ss_family != AF_INET && src->ss_family != AF_INET6) |
| 1392 | || (dst->ss_family != AF_INET && dst->ss_family != AF_INET6)) { |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1393 | if (buf_len < PP2_HDR_LEN_UNSPEC) |
| 1394 | return 0; |
Willy Tarreau | 8fccfa2 | 2014-06-14 08:28:06 +0200 | [diff] [blame] | 1395 | hdr->ver_cmd = PP2_VERSION | PP2_CMD_LOCAL; |
| 1396 | hdr->fam = PP2_FAM_UNSPEC | PP2_TRANS_UNSPEC; |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1397 | ret = PP2_HDR_LEN_UNSPEC; |
| 1398 | } |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1399 | else { |
Willy Tarreau | 02c8803 | 2020-04-14 12:54:10 +0200 | [diff] [blame] | 1400 | hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1401 | /* IPv4 for both src and dst */ |
| 1402 | if (src->ss_family == AF_INET && dst->ss_family == AF_INET) { |
| 1403 | if (buf_len < PP2_HDR_LEN_INET) |
| 1404 | return 0; |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1405 | hdr->fam = PP2_FAM_INET | PP2_TRANS_STREAM; |
| 1406 | hdr->addr.ip4.src_addr = ((struct sockaddr_in *)src)->sin_addr.s_addr; |
| 1407 | hdr->addr.ip4.src_port = ((struct sockaddr_in *)src)->sin_port; |
| 1408 | hdr->addr.ip4.dst_addr = ((struct sockaddr_in *)dst)->sin_addr.s_addr; |
| 1409 | hdr->addr.ip4.dst_port = ((struct sockaddr_in *)dst)->sin_port; |
| 1410 | ret = PP2_HDR_LEN_INET; |
| 1411 | } |
| 1412 | /* IPv6 for at least one of src and dst */ |
| 1413 | else { |
| 1414 | struct in6_addr tmp; |
| 1415 | |
| 1416 | if (buf_len < PP2_HDR_LEN_INET6) |
| 1417 | return 0; |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1418 | hdr->fam = PP2_FAM_INET6 | PP2_TRANS_STREAM; |
| 1419 | if (src->ss_family == AF_INET) { |
| 1420 | v4tov6(&tmp, &((struct sockaddr_in *)src)->sin_addr); |
| 1421 | memcpy(hdr->addr.ip6.src_addr, &tmp, 16); |
| 1422 | hdr->addr.ip6.src_port = ((struct sockaddr_in *)src)->sin_port; |
| 1423 | } |
| 1424 | else { |
| 1425 | memcpy(hdr->addr.ip6.src_addr, &((struct sockaddr_in6 *)src)->sin6_addr, 16); |
| 1426 | hdr->addr.ip6.src_port = ((struct sockaddr_in6 *)src)->sin6_port; |
| 1427 | } |
| 1428 | if (dst->ss_family == AF_INET) { |
| 1429 | v4tov6(&tmp, &((struct sockaddr_in *)dst)->sin_addr); |
| 1430 | memcpy(hdr->addr.ip6.dst_addr, &tmp, 16); |
William Dauchy | bd8bf67 | 2020-01-26 19:06:39 +0100 | [diff] [blame] | 1431 | hdr->addr.ip6.dst_port = ((struct sockaddr_in *)dst)->sin_port; |
Tim Duesterhus | 7fec021 | 2018-07-27 18:46:13 +0200 | [diff] [blame] | 1432 | } |
| 1433 | else { |
| 1434 | memcpy(hdr->addr.ip6.dst_addr, &((struct sockaddr_in6 *)dst)->sin6_addr, 16); |
| 1435 | hdr->addr.ip6.dst_port = ((struct sockaddr_in6 *)dst)->sin6_port; |
| 1436 | } |
| 1437 | |
| 1438 | ret = PP2_HDR_LEN_INET6; |
| 1439 | } |
| 1440 | } |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1441 | |
Emmanuel Hocdet | 4399c75 | 2018-02-05 15:26:43 +0100 | [diff] [blame] | 1442 | if (srv->pp_opts & SRV_PP_V2_CRC32C) { |
| 1443 | uint32_t zero_crc32c = 0; |
Tim Duesterhus | a8692f3 | 2020-03-13 12:34:25 +0100 | [diff] [blame] | 1444 | |
Emmanuel Hocdet | 4399c75 | 2018-02-05 15:26:43 +0100 | [diff] [blame] | 1445 | if ((buf_len - ret) < sizeof(struct tlv)) |
| 1446 | return 0; |
| 1447 | tlv_crc32c_p = (void *)((struct tlv *)&buf[ret])->value; |
| 1448 | ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_CRC32C, sizeof(zero_crc32c), (const char *)&zero_crc32c); |
| 1449 | } |
| 1450 | |
Ilya Shipitsin | ca56fce | 2018-09-15 00:50:05 +0500 | [diff] [blame] | 1451 | if (remote && conn_get_alpn(remote, &value, &value_len)) { |
Emmanuel Hocdet | 404d978 | 2017-10-24 10:55:14 +0200 | [diff] [blame] | 1452 | if ((buf_len - ret) < sizeof(struct tlv)) |
| 1453 | return 0; |
Emmanuel Hocdet | 571c7ac | 2017-10-31 18:24:05 +0100 | [diff] [blame] | 1454 | ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_ALPN, value_len, value); |
Emmanuel Hocdet | 404d978 | 2017-10-24 10:55:14 +0200 | [diff] [blame] | 1455 | } |
| 1456 | |
Emmanuel Hocdet | 253c3b7 | 2018-02-01 18:29:59 +0100 | [diff] [blame] | 1457 | if (srv->pp_opts & SRV_PP_V2_AUTHORITY) { |
Emmanuel Hocdet | 8a4ffa0 | 2019-08-29 11:54:51 +0200 | [diff] [blame] | 1458 | value = NULL; |
| 1459 | if (remote && remote->proxy_authority) { |
| 1460 | value = remote->proxy_authority; |
| 1461 | value_len = remote->proxy_authority_len; |
| 1462 | } |
| 1463 | #ifdef USE_OPENSSL |
| 1464 | else { |
Jerome Magnin | 78891c7 | 2019-09-02 09:53:41 +0200 | [diff] [blame] | 1465 | if ((value = ssl_sock_get_sni(remote))) |
Emmanuel Hocdet | 8a4ffa0 | 2019-08-29 11:54:51 +0200 | [diff] [blame] | 1466 | value_len = strlen(value); |
| 1467 | } |
| 1468 | #endif |
Emmanuel Hocdet | 253c3b7 | 2018-02-01 18:29:59 +0100 | [diff] [blame] | 1469 | if (value) { |
| 1470 | if ((buf_len - ret) < sizeof(struct tlv)) |
| 1471 | return 0; |
Emmanuel Hocdet | 8a4ffa0 | 2019-08-29 11:54:51 +0200 | [diff] [blame] | 1472 | ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_AUTHORITY, value_len, value); |
Emmanuel Hocdet | 253c3b7 | 2018-02-01 18:29:59 +0100 | [diff] [blame] | 1473 | } |
| 1474 | } |
| 1475 | |
Tim Duesterhus | cf6e0c8 | 2020-03-13 12:34:24 +0100 | [diff] [blame] | 1476 | if (srv->pp_opts & SRV_PP_V2_UNIQUE_ID) { |
| 1477 | struct session* sess = strm_sess(strm); |
| 1478 | struct ist unique_id = stream_generate_unique_id(strm, &sess->fe->format_unique_id); |
| 1479 | |
| 1480 | value = unique_id.ptr; |
| 1481 | value_len = unique_id.len; |
| 1482 | |
| 1483 | if (value_len >= 0) { |
| 1484 | if ((buf_len - ret) < sizeof(struct tlv)) |
| 1485 | return 0; |
| 1486 | ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_UNIQUE_ID, value_len, value); |
| 1487 | } |
| 1488 | } |
| 1489 | |
Emmanuel Hocdet | 8a4ffa0 | 2019-08-29 11:54:51 +0200 | [diff] [blame] | 1490 | #ifdef USE_OPENSSL |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1491 | if (srv->pp_opts & SRV_PP_V2_SSL) { |
Emmanuel Hocdet | 404d978 | 2017-10-24 10:55:14 +0200 | [diff] [blame] | 1492 | struct tlv_ssl *tlv; |
| 1493 | int ssl_tlv_len = 0; |
Tim Duesterhus | a8692f3 | 2020-03-13 12:34:25 +0100 | [diff] [blame] | 1494 | |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1495 | if ((buf_len - ret) < sizeof(struct tlv_ssl)) |
| 1496 | return 0; |
| 1497 | tlv = (struct tlv_ssl *)&buf[ret]; |
| 1498 | memset(tlv, 0, sizeof(struct tlv_ssl)); |
| 1499 | ssl_tlv_len += sizeof(struct tlv_ssl); |
| 1500 | tlv->tlv.type = PP2_TYPE_SSL; |
| 1501 | if (ssl_sock_is_ssl(remote)) { |
| 1502 | tlv->client |= PP2_CLIENT_SSL; |
Emmanuel Hocdet | 01da571 | 2017-10-13 16:59:49 +0200 | [diff] [blame] | 1503 | value = ssl_sock_get_proto_version(remote); |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1504 | if (value) { |
Emmanuel Hocdet | 8c0c34b | 2018-02-28 12:02:14 +0100 | [diff] [blame] | 1505 | ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len-ret-ssl_tlv_len), PP2_SUBTYPE_SSL_VERSION, strlen(value), value); |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1506 | } |
Dave McCowan | 328fb58 | 2014-07-30 10:39:13 -0400 | [diff] [blame] | 1507 | if (ssl_sock_get_cert_used_sess(remote)) { |
| 1508 | tlv->client |= PP2_CLIENT_CERT_SESS; |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1509 | tlv->verify = htonl(ssl_sock_get_verify_result(remote)); |
Dave McCowan | 328fb58 | 2014-07-30 10:39:13 -0400 | [diff] [blame] | 1510 | if (ssl_sock_get_cert_used_conn(remote)) |
| 1511 | tlv->client |= PP2_CLIENT_CERT_CONN; |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1512 | } |
| 1513 | if (srv->pp_opts & SRV_PP_V2_SSL_CN) { |
Willy Tarreau | 83061a8 | 2018-07-13 11:56:34 +0200 | [diff] [blame] | 1514 | struct buffer *cn_trash = get_trash_chunk(); |
Willy Tarreau | 3b9a0c9 | 2014-07-19 06:37:33 +0200 | [diff] [blame] | 1515 | if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) { |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 1516 | ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_SUBTYPE_SSL_CN, |
| 1517 | cn_trash->data, |
| 1518 | cn_trash->area); |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1519 | } |
| 1520 | } |
Emmanuel Hocdet | fa8d0f1 | 2018-02-01 15:53:52 +0100 | [diff] [blame] | 1521 | if (srv->pp_opts & SRV_PP_V2_SSL_KEY_ALG) { |
Willy Tarreau | 83061a8 | 2018-07-13 11:56:34 +0200 | [diff] [blame] | 1522 | struct buffer *pkey_trash = get_trash_chunk(); |
Emmanuel Hocdet | fa8d0f1 | 2018-02-01 15:53:52 +0100 | [diff] [blame] | 1523 | if (ssl_sock_get_pkey_algo(remote, pkey_trash) > 0) { |
Willy Tarreau | 843b7cb | 2018-07-13 10:54:26 +0200 | [diff] [blame] | 1524 | ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_SUBTYPE_SSL_KEY_ALG, |
| 1525 | pkey_trash->data, |
| 1526 | pkey_trash->area); |
Emmanuel Hocdet | fa8d0f1 | 2018-02-01 15:53:52 +0100 | [diff] [blame] | 1527 | } |
| 1528 | } |
| 1529 | if (srv->pp_opts & SRV_PP_V2_SSL_SIG_ALG) { |
| 1530 | value = ssl_sock_get_cert_sig(remote); |
| 1531 | if (value) { |
| 1532 | ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_SUBTYPE_SSL_SIG_ALG, strlen(value), value); |
| 1533 | } |
| 1534 | } |
| 1535 | if (srv->pp_opts & SRV_PP_V2_SSL_CIPHER) { |
| 1536 | value = ssl_sock_get_cipher_name(remote); |
| 1537 | if (value) { |
| 1538 | ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_SUBTYPE_SSL_CIPHER, strlen(value), value); |
| 1539 | } |
| 1540 | } |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1541 | } |
| 1542 | tlv->tlv.length_hi = (uint16_t)(ssl_tlv_len - sizeof(struct tlv)) >> 8; |
| 1543 | tlv->tlv.length_lo = (uint16_t)(ssl_tlv_len - sizeof(struct tlv)) & 0x00ff; |
| 1544 | ret += ssl_tlv_len; |
| 1545 | } |
| 1546 | #endif |
| 1547 | |
Willy Tarreau | e573323 | 2019-05-22 19:24:06 +0200 | [diff] [blame] | 1548 | #ifdef USE_NS |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 1549 | if (remote && (remote->proxy_netns)) { |
| 1550 | if ((buf_len - ret) < sizeof(struct tlv)) |
| 1551 | return 0; |
Emmanuel Hocdet | 571c7ac | 2017-10-31 18:24:05 +0100 | [diff] [blame] | 1552 | ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_NETNS, remote->proxy_netns->name_len, remote->proxy_netns->node.key); |
KOVACS Krisztian | b3e54fe | 2014-11-17 15:11:45 +0100 | [diff] [blame] | 1553 | } |
| 1554 | #endif |
| 1555 | |
Willy Tarreau | 8fccfa2 | 2014-06-14 08:28:06 +0200 | [diff] [blame] | 1556 | hdr->len = htons((uint16_t)(ret - PP2_HEADER_LEN)); |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1557 | |
Emmanuel Hocdet | 4399c75 | 2018-02-05 15:26:43 +0100 | [diff] [blame] | 1558 | if (tlv_crc32c_p) { |
| 1559 | write_u32(tlv_crc32c_p, htonl(hash_crc32c(buf, ret))); |
| 1560 | } |
| 1561 | |
David S | afb7683 | 2014-05-08 23:42:08 -0400 | [diff] [blame] | 1562 | return ret; |
| 1563 | } |
Emeric Brun | 4f60301 | 2017-01-05 15:11:44 +0100 | [diff] [blame] | 1564 | |
Willy Tarreau | 119e50e | 2020-05-22 13:53:29 +0200 | [diff] [blame] | 1565 | /* returns 0 on success */ |
| 1566 | static int cfg_parse_pp2_never_send_local(char **args, int section_type, struct proxy *curpx, |
| 1567 | struct proxy *defpx, const char *file, int line, |
| 1568 | char **err) |
| 1569 | { |
| 1570 | if (too_many_args(0, args, err, NULL)) |
| 1571 | return -1; |
| 1572 | pp2_never_send_local = 1; |
| 1573 | return 0; |
| 1574 | } |
| 1575 | |
Willy Tarreau | 60ca10a | 2017-08-18 15:26:54 +0200 | [diff] [blame] | 1576 | /* return the major HTTP version as 1 or 2 depending on how the request arrived |
| 1577 | * before being processed. |
| 1578 | */ |
| 1579 | static int |
| 1580 | smp_fetch_fc_http_major(const struct arg *args, struct sample *smp, const char *kw, void *private) |
| 1581 | { |
Jérôme Magnin | 8657742 | 2018-12-07 09:03:11 +0100 | [diff] [blame] | 1582 | struct connection *conn = (kw[0] != 'b') ? objt_conn(smp->sess->origin) : |
| 1583 | smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL; |
Willy Tarreau | 60ca10a | 2017-08-18 15:26:54 +0200 | [diff] [blame] | 1584 | |
| 1585 | smp->data.type = SMP_T_SINT; |
| 1586 | smp->data.u.sint = (conn && strcmp(conn_get_mux_name(conn), "H2") == 0) ? 2 : 1; |
| 1587 | return 1; |
| 1588 | } |
| 1589 | |
Emeric Brun | 4f60301 | 2017-01-05 15:11:44 +0100 | [diff] [blame] | 1590 | /* fetch if the received connection used a PROXY protocol header */ |
| 1591 | int smp_fetch_fc_rcvd_proxy(const struct arg *args, struct sample *smp, const char *kw, void *private) |
| 1592 | { |
| 1593 | struct connection *conn; |
| 1594 | |
| 1595 | conn = objt_conn(smp->sess->origin); |
| 1596 | if (!conn) |
| 1597 | return 0; |
| 1598 | |
Willy Tarreau | 911db9b | 2020-01-23 16:27:54 +0100 | [diff] [blame] | 1599 | if (conn->flags & CO_FL_WAIT_XPRT) { |
Emeric Brun | 4f60301 | 2017-01-05 15:11:44 +0100 | [diff] [blame] | 1600 | smp->flags |= SMP_F_MAY_CHANGE; |
| 1601 | return 0; |
| 1602 | } |
| 1603 | |
| 1604 | smp->flags = 0; |
| 1605 | smp->data.type = SMP_T_BOOL; |
| 1606 | smp->data.u.sint = (conn->flags & CO_FL_RCVD_PROXY) ? 1 : 0; |
| 1607 | |
| 1608 | return 1; |
| 1609 | } |
| 1610 | |
Geoff Simmons | 7185b78 | 2019-08-27 18:31:16 +0200 | [diff] [blame] | 1611 | /* fetch the authority TLV from a PROXY protocol header */ |
| 1612 | int smp_fetch_fc_pp_authority(const struct arg *args, struct sample *smp, const char *kw, void *private) |
| 1613 | { |
| 1614 | struct connection *conn; |
| 1615 | |
| 1616 | conn = objt_conn(smp->sess->origin); |
| 1617 | if (!conn) |
| 1618 | return 0; |
| 1619 | |
Willy Tarreau | 911db9b | 2020-01-23 16:27:54 +0100 | [diff] [blame] | 1620 | if (conn->flags & CO_FL_WAIT_XPRT) { |
Geoff Simmons | 7185b78 | 2019-08-27 18:31:16 +0200 | [diff] [blame] | 1621 | smp->flags |= SMP_F_MAY_CHANGE; |
| 1622 | return 0; |
| 1623 | } |
| 1624 | |
| 1625 | if (conn->proxy_authority == NULL) |
| 1626 | return 0; |
| 1627 | |
| 1628 | smp->flags = 0; |
| 1629 | smp->data.type = SMP_T_STR; |
| 1630 | smp->data.u.str.area = conn->proxy_authority; |
| 1631 | smp->data.u.str.data = conn->proxy_authority_len; |
| 1632 | |
| 1633 | return 1; |
| 1634 | } |
| 1635 | |
Tim Duesterhus | d1b15b6 | 2020-03-13 12:34:23 +0100 | [diff] [blame] | 1636 | /* fetch the unique ID TLV from a PROXY protocol header */ |
| 1637 | int smp_fetch_fc_pp_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private) |
| 1638 | { |
| 1639 | struct connection *conn; |
| 1640 | |
| 1641 | conn = objt_conn(smp->sess->origin); |
| 1642 | if (!conn) |
| 1643 | return 0; |
| 1644 | |
| 1645 | if (conn->flags & CO_FL_WAIT_XPRT) { |
| 1646 | smp->flags |= SMP_F_MAY_CHANGE; |
| 1647 | return 0; |
| 1648 | } |
| 1649 | |
| 1650 | if (!isttest(conn->proxy_unique_id)) |
| 1651 | return 0; |
| 1652 | |
| 1653 | smp->flags = 0; |
| 1654 | smp->data.type = SMP_T_STR; |
| 1655 | smp->data.u.str.area = conn->proxy_unique_id.ptr; |
| 1656 | smp->data.u.str.data = conn->proxy_unique_id.len; |
| 1657 | |
| 1658 | return 1; |
| 1659 | } |
| 1660 | |
Emeric Brun | 4f60301 | 2017-01-05 15:11:44 +0100 | [diff] [blame] | 1661 | /* Note: must not be declared <const> as its list will be overwritten. |
| 1662 | * Note: fetches that may return multiple types must be declared as the lowest |
| 1663 | * common denominator, the type that can be casted into all other ones. For |
| 1664 | * instance v4/v6 must be declared v4. |
| 1665 | */ |
| 1666 | static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { |
Willy Tarreau | 60ca10a | 2017-08-18 15:26:54 +0200 | [diff] [blame] | 1667 | { "fc_http_major", smp_fetch_fc_http_major, 0, NULL, SMP_T_SINT, SMP_USE_L4CLI }, |
Jérôme Magnin | 8657742 | 2018-12-07 09:03:11 +0100 | [diff] [blame] | 1668 | { "bc_http_major", smp_fetch_fc_http_major, 0, NULL, SMP_T_SINT, SMP_USE_L4SRV }, |
Emeric Brun | 4f60301 | 2017-01-05 15:11:44 +0100 | [diff] [blame] | 1669 | { "fc_rcvd_proxy", smp_fetch_fc_rcvd_proxy, 0, NULL, SMP_T_BOOL, SMP_USE_L4CLI }, |
Geoff Simmons | 7185b78 | 2019-08-27 18:31:16 +0200 | [diff] [blame] | 1670 | { "fc_pp_authority", smp_fetch_fc_pp_authority, 0, NULL, SMP_T_STR, SMP_USE_L4CLI }, |
Tim Duesterhus | d1b15b6 | 2020-03-13 12:34:23 +0100 | [diff] [blame] | 1671 | { "fc_pp_unique_id", smp_fetch_fc_pp_unique_id, 0, NULL, SMP_T_STR, SMP_USE_L4CLI }, |
Emeric Brun | 4f60301 | 2017-01-05 15:11:44 +0100 | [diff] [blame] | 1672 | { /* END */ }, |
| 1673 | }}; |
| 1674 | |
Willy Tarreau | 0108d90 | 2018-11-25 19:14:37 +0100 | [diff] [blame] | 1675 | INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords); |
Willy Tarreau | 119e50e | 2020-05-22 13:53:29 +0200 | [diff] [blame] | 1676 | |
| 1677 | static struct cfg_kw_list cfg_kws = {ILH, { |
| 1678 | { CFG_GLOBAL, "pp2-never-send-local", cfg_parse_pp2_never_send_local }, |
| 1679 | { /* END */ }, |
| 1680 | }}; |
| 1681 | |
| 1682 | INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws); |