blob: 0cac555da01d2c0cf1bffcd76a5ba2eb338d8670 [file] [log] [blame]
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001/*
2 * General protocol-agnostic payload-based sample fetches and ACLs
3 *
4 * Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <stdlib.h>
14#include <string.h>
15
16#include <proto/acl.h>
17#include <proto/arg.h>
18#include <proto/channel.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010019#include <proto/pattern.h>
Willy Tarreaud4c33c82013-01-07 21:59:07 +010020#include <proto/payload.h>
21#include <proto/sample.h>
22
23
24/************************************************************************/
25/* All supported sample fetch functions must be declared here */
26/************************************************************************/
27
28/* wait for more data as long as possible, then return TRUE. This should be
29 * used with content inspection.
30 */
31static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +020032smp_fetch_wait_end(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010033{
Thierry FOURNIER0786d052015-05-11 15:42:45 +020034 if (!(smp->opt & SMP_OPT_FINAL)) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +010035 smp->flags |= SMP_F_MAY_CHANGE;
36 return 0;
37 }
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +020038 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +020039 smp->data.u.sint = 1;
Willy Tarreaud4c33c82013-01-07 21:59:07 +010040 return 1;
41}
42
43/* return the number of bytes in the request buffer */
44static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +020045smp_fetch_len(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010046{
Willy Tarreau22ec1ea2014-11-27 20:45:39 +010047 struct channel *chn;
48
Willy Tarreaube508f12016-03-10 11:47:01 +010049 if (!smp->strm)
50 return 0;
51
Thierry FOURNIER0786d052015-05-11 15:42:45 +020052 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +020053 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +020054 smp->data.u.sint = chn->buf->i;
Willy Tarreaud4c33c82013-01-07 21:59:07 +010055 smp->flags = SMP_F_VOLATILE | SMP_F_MAY_CHANGE;
56 return 1;
57}
58
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053059/* Returns 0 if the client didn't send a SessionTicket Extension
60 * Returns 1 if the client sent SessionTicket Extension
61 * Returns 2 if the client also sent non-zero length SessionTicket
62 * Returns SMP_T_SINT data type
63 */
64static int
65smp_fetch_req_ssl_st_ext(const struct arg *args, struct sample *smp, const char *kw, void *private)
66{
67 int hs_len, ext_len, bleft;
68 struct channel *chn;
69 unsigned char *data;
70
Willy Tarreaube508f12016-03-10 11:47:01 +010071 if (!smp->strm)
72 goto not_ssl_hello;
73
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053074 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Pradeep Jindalbb2acf52015-09-29 10:12:57 +053075 bleft = chn->buf->i;
76 data = (unsigned char *)chn->buf->p;
77
78 /* Check for SSL/TLS Handshake */
79 if (!bleft)
80 goto too_short;
81 if (*data != 0x16)
82 goto not_ssl_hello;
83
84 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
85 if (bleft < 3)
86 goto too_short;
87 if (data[1] < 0x03)
88 goto not_ssl_hello;
89
90 if (bleft < 5)
91 goto too_short;
92 hs_len = (data[3] << 8) + data[4];
93 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
94 goto not_ssl_hello; /* too short to have an extension */
95
96 data += 5; /* enter TLS handshake */
97 bleft -= 5;
98
99 /* Check for a complete client hello starting at <data> */
100 if (bleft < 1)
101 goto too_short;
102 if (data[0] != 0x01) /* msg_type = Client Hello */
103 goto not_ssl_hello;
104
105 /* Check the Hello's length */
106 if (bleft < 4)
107 goto too_short;
108 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
109 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
110 goto not_ssl_hello; /* too short to have an extension */
111
112 /* We want the full handshake here */
113 if (bleft < hs_len)
114 goto too_short;
115
116 data += 4;
117 /* Start of the ClientHello message */
118 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
119 goto not_ssl_hello;
120
121 ext_len = data[34]; /* session_id_len */
122 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
123 goto not_ssl_hello;
124
125 /* Jump to cipher suite */
126 hs_len -= 35 + ext_len;
127 data += 35 + ext_len;
128
129 if (hs_len < 4 || /* minimum one cipher */
130 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
131 ext_len > hs_len)
132 goto not_ssl_hello;
133
134 /* Jump to the compression methods */
135 hs_len -= 2 + ext_len;
136 data += 2 + ext_len;
137
138 if (hs_len < 2 || /* minimum one compression method */
139 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
140 goto not_ssl_hello;
141
142 /* Jump to the extensions */
143 hs_len -= 1 + data[0];
144 data += 1 + data[0];
145
146 if (hs_len < 2 || /* minimum one extension list length */
147 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
148 goto not_ssl_hello;
149
150 hs_len = ext_len; /* limit ourselves to the extension length */
151 data += 2;
152
153 while (hs_len >= 4) {
154 int ext_type, ext_len;
155
156 ext_type = (data[0] << 8) + data[1];
157 ext_len = (data[2] << 8) + data[3];
158
159 if (ext_len > hs_len - 4) /* Extension too long */
160 goto not_ssl_hello;
161
162 /* SesstionTicket extension */
163 if (ext_type == 35) {
164 smp->data.type = SMP_T_SINT;
165 /* SessionTicket also present */
166 if (ext_len > 0)
167 smp->data.u.sint = 2;
168 /* SessionTicket absent */
169 else
170 smp->data.u.sint = 1;
171 smp->flags = SMP_F_VOLATILE;
172 return 1;
173 }
174
175 hs_len -= 4 + ext_len;
176 data += 4 + ext_len;
177 }
178 /* SessionTicket Extension not found */
179 smp->data.type = SMP_T_SINT;
180 smp->data.u.sint = 0;
181 smp->flags = SMP_F_VOLATILE;
182 return 1;
183
184 /* server name not found */
185 goto not_ssl_hello;
186
187 too_short:
188 smp->flags = SMP_F_MAY_CHANGE;
189
190 not_ssl_hello:
191 return 0;
192}
193
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200194/* Returns TRUE if the client sent Supported Elliptic Curves Extension (0x000a)
195 * Mainly used to detect if client supports ECC cipher suites.
196 */
197static int
198smp_fetch_req_ssl_ec_ext(const struct arg *args, struct sample *smp, const char *kw, void *private)
199{
200 int hs_len, ext_len, bleft;
201 struct channel *chn;
202 unsigned char *data;
203
Willy Tarreaube508f12016-03-10 11:47:01 +0100204 if (!smp->strm)
205 goto not_ssl_hello;
206
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200207 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200208 bleft = chn->buf->i;
209 data = (unsigned char *)chn->buf->p;
210
211 /* Check for SSL/TLS Handshake */
212 if (!bleft)
213 goto too_short;
214 if (*data != 0x16)
215 goto not_ssl_hello;
216
217 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
218 if (bleft < 3)
219 goto too_short;
220 if (data[1] < 0x03)
221 goto not_ssl_hello;
222
223 if (bleft < 5)
224 goto too_short;
225 hs_len = (data[3] << 8) + data[4];
226 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
227 goto not_ssl_hello; /* too short to have an extension */
228
229 data += 5; /* enter TLS handshake */
230 bleft -= 5;
231
232 /* Check for a complete client hello starting at <data> */
233 if (bleft < 1)
234 goto too_short;
235 if (data[0] != 0x01) /* msg_type = Client Hello */
236 goto not_ssl_hello;
237
238 /* Check the Hello's length */
239 if (bleft < 4)
240 goto too_short;
241 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
242 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
243 goto not_ssl_hello; /* too short to have an extension */
244
245 /* We want the full handshake here */
246 if (bleft < hs_len)
247 goto too_short;
248
249 data += 4;
250 /* Start of the ClientHello message */
251 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
252 goto not_ssl_hello;
253
254 ext_len = data[34]; /* session_id_len */
255 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
256 goto not_ssl_hello;
257
258 /* Jump to cipher suite */
259 hs_len -= 35 + ext_len;
260 data += 35 + ext_len;
261
262 if (hs_len < 4 || /* minimum one cipher */
263 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
264 ext_len > hs_len)
265 goto not_ssl_hello;
266
267 /* Jump to the compression methods */
268 hs_len -= 2 + ext_len;
269 data += 2 + ext_len;
270
271 if (hs_len < 2 || /* minimum one compression method */
272 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
273 goto not_ssl_hello;
274
275 /* Jump to the extensions */
276 hs_len -= 1 + data[0];
277 data += 1 + data[0];
278
279 if (hs_len < 2 || /* minimum one extension list length */
280 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
281 goto not_ssl_hello;
282
283 hs_len = ext_len; /* limit ourselves to the extension length */
284 data += 2;
285
286 while (hs_len >= 4) {
287 int ext_type, ext_len;
288
289 ext_type = (data[0] << 8) + data[1];
290 ext_len = (data[2] << 8) + data[3];
291
292 if (ext_len > hs_len - 4) /* Extension too long */
293 goto not_ssl_hello;
294
295 /* Elliptic curves extension */
296 if (ext_type == 10) {
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200297 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200298 smp->data.u.sint = 1;
Nenad Merdanovic8a39a1f2015-07-15 12:51:11 +0200299 smp->flags = SMP_F_VOLATILE;
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200300 return 1;
301 }
302
303 hs_len -= 4 + ext_len;
304 data += 4 + ext_len;
305 }
306 /* server name not found */
307 goto not_ssl_hello;
308
309 too_short:
310 smp->flags = SMP_F_MAY_CHANGE;
311
312 not_ssl_hello:
313
314 return 0;
315}
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100316/* returns the type of SSL hello message (mainly used to detect an SSL hello) */
317static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200318smp_fetch_ssl_hello_type(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100319{
320 int hs_len;
321 int hs_type, bleft;
322 struct channel *chn;
323 const unsigned char *data;
324
Willy Tarreaube508f12016-03-10 11:47:01 +0100325 if (!smp->strm)
326 goto not_ssl_hello;
327
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200328 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100329 bleft = chn->buf->i;
330 data = (const unsigned char *)chn->buf->p;
331
332 if (!bleft)
333 goto too_short;
334
335 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
336 /* SSLv3 header format */
337 if (bleft < 9)
338 goto too_short;
339
340 /* ssl version 3 */
341 if ((data[1] << 16) + data[2] < 0x00030000)
342 goto not_ssl_hello;
343
344 /* ssl message len must present handshake type and len */
345 if ((data[3] << 8) + data[4] < 4)
346 goto not_ssl_hello;
347
348 /* format introduced with SSLv3 */
349
350 hs_type = (int)data[5];
351 hs_len = ( data[6] << 16 ) + ( data[7] << 8 ) + data[8];
352
353 /* not a full handshake */
354 if (bleft < (9 + hs_len))
355 goto too_short;
356
357 }
358 else {
359 goto not_ssl_hello;
360 }
361
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200362 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200363 smp->data.u.sint = hs_type;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100364 smp->flags = SMP_F_VOLATILE;
365
366 return 1;
367
368 too_short:
369 smp->flags = SMP_F_MAY_CHANGE;
370
371 not_ssl_hello:
372
373 return 0;
374}
375
376/* Return the version of the SSL protocol in the request. It supports both
377 * SSLv3 (TLSv1) header format for any message, and SSLv2 header format for
378 * the hello message. The SSLv3 format is described in RFC 2246 p49, and the
379 * SSLv2 format is described here, and completed p67 of RFC 2246 :
380 * http://wp.netscape.com/eng/security/SSL_2.html
381 *
382 * Note: this decoder only works with non-wrapping data.
383 */
384static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200385smp_fetch_req_ssl_ver(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100386{
387 int version, bleft, msg_len;
388 const unsigned char *data;
Willy Tarreaube508f12016-03-10 11:47:01 +0100389 struct channel *req;
390
391 if (!smp->strm)
392 return 0;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100393
Willy Tarreaube508f12016-03-10 11:47:01 +0100394 req = &smp->strm->req;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100395 msg_len = 0;
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +0200396 bleft = req->buf->i;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100397 if (!bleft)
398 goto too_short;
399
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +0200400 data = (const unsigned char *)req->buf->p;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100401 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
402 /* SSLv3 header format */
Lukas Tribusc93242c2015-11-05 13:59:30 +0100403 if (bleft < 11)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100404 goto too_short;
405
Lukas Tribusc93242c2015-11-05 13:59:30 +0100406 version = (data[1] << 16) + data[2]; /* record layer version: major, minor */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100407 msg_len = (data[3] << 8) + data[4]; /* record length */
408
409 /* format introduced with SSLv3 */
410 if (version < 0x00030000)
411 goto not_ssl;
412
Lukas Tribusc93242c2015-11-05 13:59:30 +0100413 /* message length between 6 and 2^14 + 2048 */
414 if (msg_len < 6 || msg_len > ((1<<14) + 2048))
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100415 goto not_ssl;
416
417 bleft -= 5; data += 5;
Lukas Tribusc93242c2015-11-05 13:59:30 +0100418
419 /* return the client hello client version, not the record layer version */
420 version = (data[4] << 16) + data[5]; /* client hello version: major, minor */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100421 } else {
422 /* SSLv2 header format, only supported for hello (msg type 1) */
423 int rlen, plen, cilen, silen, chlen;
424
425 if (*data & 0x80) {
426 if (bleft < 3)
427 goto too_short;
428 /* short header format : 15 bits for length */
429 rlen = ((data[0] & 0x7F) << 8) | data[1];
430 plen = 0;
431 bleft -= 2; data += 2;
432 } else {
433 if (bleft < 4)
434 goto too_short;
435 /* long header format : 14 bits for length + pad length */
436 rlen = ((data[0] & 0x3F) << 8) | data[1];
437 plen = data[2];
438 bleft -= 3; data += 2;
439 }
440
441 if (*data != 0x01)
442 goto not_ssl;
443 bleft--; data++;
444
445 if (bleft < 8)
446 goto too_short;
447 version = (data[0] << 16) + data[1]; /* version: major, minor */
448 cilen = (data[2] << 8) + data[3]; /* cipher len, multiple of 3 */
449 silen = (data[4] << 8) + data[5]; /* session_id_len: 0 or 16 */
450 chlen = (data[6] << 8) + data[7]; /* 16<=challenge length<=32 */
451
452 bleft -= 8; data += 8;
453 if (cilen % 3 != 0)
454 goto not_ssl;
455 if (silen && silen != 16)
456 goto not_ssl;
457 if (chlen < 16 || chlen > 32)
458 goto not_ssl;
459 if (rlen != 9 + cilen + silen + chlen)
460 goto not_ssl;
461
462 /* focus on the remaining data length */
463 msg_len = cilen + silen + chlen + plen;
464 }
465 /* We could recursively check that the buffer ends exactly on an SSL
466 * fragment boundary and that a possible next segment is still SSL,
467 * but that's a bit pointless. However, we could still check that
468 * all the part of the request which fits in a buffer is already
469 * there.
470 */
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +0200471 if (msg_len > channel_recv_limit(req) + req->buf->data - req->buf->p)
472 msg_len = channel_recv_limit(req) + req->buf->data - req->buf->p;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100473
474 if (bleft < msg_len)
475 goto too_short;
476
477 /* OK that's enough. We have at least the whole message, and we have
478 * the protocol version.
479 */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200480 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200481 smp->data.u.sint = version;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100482 smp->flags = SMP_F_VOLATILE;
483 return 1;
484
485 too_short:
486 smp->flags = SMP_F_MAY_CHANGE;
487 not_ssl:
488 return 0;
489}
490
491/* Try to extract the Server Name Indication that may be presented in a TLS
492 * client hello handshake message. The format of the message is the following
493 * (cf RFC5246 + RFC6066) :
494 * TLS frame :
495 * - uint8 type = 0x16 (Handshake)
496 * - uint16 version >= 0x0301 (TLSv1)
497 * - uint16 length (frame length)
498 * - TLS handshake :
499 * - uint8 msg_type = 0x01 (ClientHello)
500 * - uint24 length (handshake message length)
501 * - ClientHello :
502 * - uint16 client_version >= 0x0301 (TLSv1)
503 * - uint8 Random[32] (4 first ones are timestamp)
504 * - SessionID :
505 * - uint8 session_id_len (0..32) (SessionID len in bytes)
506 * - uint8 session_id[session_id_len]
507 * - CipherSuite :
508 * - uint16 cipher_len >= 2 (Cipher length in bytes)
509 * - uint16 ciphers[cipher_len/2]
510 * - CompressionMethod :
511 * - uint8 compression_len >= 1 (# of supported methods)
512 * - uint8 compression_methods[compression_len]
513 * - optional client_extension_len (in bytes)
514 * - optional sequence of ClientHelloExtensions (as many bytes as above):
515 * - uint16 extension_type = 0 for server_name
516 * - uint16 extension_len
517 * - opaque extension_data[extension_len]
518 * - uint16 server_name_list_len (# of bytes here)
519 * - opaque server_names[server_name_list_len bytes]
520 * - uint8 name_type = 0 for host_name
521 * - uint16 name_len
522 * - opaque hostname[name_len bytes]
523 */
524static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200525smp_fetch_ssl_hello_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100526{
527 int hs_len, ext_len, bleft;
528 struct channel *chn;
529 unsigned char *data;
530
Willy Tarreaube508f12016-03-10 11:47:01 +0100531 if (!smp->strm)
532 goto not_ssl_hello;
533
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200534 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100535 bleft = chn->buf->i;
536 data = (unsigned char *)chn->buf->p;
537
538 /* Check for SSL/TLS Handshake */
539 if (!bleft)
540 goto too_short;
541 if (*data != 0x16)
542 goto not_ssl_hello;
543
Lukas Tribus57d22972014-04-10 21:36:22 +0200544 /* Check for SSLv3 or later (SSL version >= 3.0) in the record layer*/
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100545 if (bleft < 3)
546 goto too_short;
Lukas Tribus57d22972014-04-10 21:36:22 +0200547 if (data[1] < 0x03)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100548 goto not_ssl_hello;
549
550 if (bleft < 5)
551 goto too_short;
552 hs_len = (data[3] << 8) + data[4];
553 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
554 goto not_ssl_hello; /* too short to have an extension */
555
556 data += 5; /* enter TLS handshake */
557 bleft -= 5;
558
559 /* Check for a complete client hello starting at <data> */
560 if (bleft < 1)
561 goto too_short;
562 if (data[0] != 0x01) /* msg_type = Client Hello */
563 goto not_ssl_hello;
564
565 /* Check the Hello's length */
566 if (bleft < 4)
567 goto too_short;
568 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
569 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
570 goto not_ssl_hello; /* too short to have an extension */
571
572 /* We want the full handshake here */
573 if (bleft < hs_len)
574 goto too_short;
575
576 data += 4;
577 /* Start of the ClientHello message */
578 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
579 goto not_ssl_hello;
580
581 ext_len = data[34]; /* session_id_len */
582 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
583 goto not_ssl_hello;
584
585 /* Jump to cipher suite */
586 hs_len -= 35 + ext_len;
587 data += 35 + ext_len;
588
589 if (hs_len < 4 || /* minimum one cipher */
590 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
591 ext_len > hs_len)
592 goto not_ssl_hello;
593
594 /* Jump to the compression methods */
595 hs_len -= 2 + ext_len;
596 data += 2 + ext_len;
597
598 if (hs_len < 2 || /* minimum one compression method */
599 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
600 goto not_ssl_hello;
601
602 /* Jump to the extensions */
603 hs_len -= 1 + data[0];
604 data += 1 + data[0];
605
606 if (hs_len < 2 || /* minimum one extension list length */
607 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
608 goto not_ssl_hello;
609
610 hs_len = ext_len; /* limit ourselves to the extension length */
611 data += 2;
612
613 while (hs_len >= 4) {
614 int ext_type, name_type, srv_len, name_len;
615
616 ext_type = (data[0] << 8) + data[1];
617 ext_len = (data[2] << 8) + data[3];
618
619 if (ext_len > hs_len - 4) /* Extension too long */
620 goto not_ssl_hello;
621
622 if (ext_type == 0) { /* Server name */
623 if (ext_len < 2) /* need one list length */
624 goto not_ssl_hello;
625
626 srv_len = (data[4] << 8) + data[5];
627 if (srv_len < 4 || srv_len > hs_len - 6)
628 goto not_ssl_hello; /* at least 4 bytes per server name */
629
630 name_type = data[6];
631 name_len = (data[7] << 8) + data[8];
632
633 if (name_type == 0) { /* hostname */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200634 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200635 smp->data.u.str.str = (char *)data + 9;
636 smp->data.u.str.len = name_len;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100637 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100638 return 1;
639 }
640 }
641
642 hs_len -= 4 + ext_len;
643 data += 4 + ext_len;
644 }
645 /* server name not found */
646 goto not_ssl_hello;
647
648 too_short:
649 smp->flags = SMP_F_MAY_CHANGE;
650
651 not_ssl_hello:
652
653 return 0;
654}
655
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200656/* Fetch the request RDP cookie identified in <cname>:<clen>, or any cookie if
Willy Tarreaub169eba2013-12-16 15:14:43 +0100657 * <clen> is empty (cname is then ignored). It returns the data into sample <smp>
658 * of type SMP_T_CSTR. Note: this decoder only works with non-wrapping data.
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100659 */
660int
Willy Tarreau87b09662015-04-03 00:22:06 +0200661fetch_rdp_cookie_name(struct stream *s, struct sample *smp, const char *cname, int clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100662{
663 int bleft;
664 const unsigned char *data;
665
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100666 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200667 smp->data.type = SMP_T_STR;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100668
Willy Tarreau22ec1ea2014-11-27 20:45:39 +0100669 bleft = s->req.buf->i;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100670 if (bleft <= 11)
671 goto too_short;
672
Willy Tarreau22ec1ea2014-11-27 20:45:39 +0100673 data = (const unsigned char *)s->req.buf->p + 11;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100674 bleft -= 11;
675
676 if (bleft <= 7)
677 goto too_short;
678
679 if (strncasecmp((const char *)data, "Cookie:", 7) != 0)
680 goto not_cookie;
681
682 data += 7;
683 bleft -= 7;
684
685 while (bleft > 0 && *data == ' ') {
686 data++;
687 bleft--;
688 }
689
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200690 if (clen) {
691 if (bleft <= clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100692 goto too_short;
693
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200694 if ((data[clen] != '=') ||
695 strncasecmp(cname, (const char *)data, clen) != 0)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100696 goto not_cookie;
697
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200698 data += clen + 1;
699 bleft -= clen + 1;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100700 } else {
701 while (bleft > 0 && *data != '=') {
702 if (*data == '\r' || *data == '\n')
703 goto not_cookie;
704 data++;
705 bleft--;
706 }
707
708 if (bleft < 1)
709 goto too_short;
710
711 if (*data != '=')
712 goto not_cookie;
713
714 data++;
715 bleft--;
716 }
717
718 /* data points to cookie value */
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200719 smp->data.u.str.str = (char *)data;
720 smp->data.u.str.len = 0;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100721
722 while (bleft > 0 && *data != '\r') {
723 data++;
724 bleft--;
725 }
726
727 if (bleft < 2)
728 goto too_short;
729
730 if (data[0] != '\r' || data[1] != '\n')
731 goto not_cookie;
732
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200733 smp->data.u.str.len = (char *)data - smp->data.u.str.str;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100734 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100735 return 1;
736
737 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100738 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100739 not_cookie:
740 return 0;
741}
742
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200743/* Fetch the request RDP cookie identified in the args, or any cookie if no arg
744 * is passed. It is usable both for ACL and for samples. Note: this decoder
745 * only works with non-wrapping data. Accepts either 0 or 1 argument. Argument
Willy Tarreaub169eba2013-12-16 15:14:43 +0100746 * is a string (cookie name), other types will lead to undefined behaviour. The
747 * returned sample has type SMP_T_CSTR.
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200748 */
749int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200750smp_fetch_rdp_cookie(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200751{
Willy Tarreaube508f12016-03-10 11:47:01 +0100752 if (!smp->strm)
753 return 0;
754
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +0200755 return fetch_rdp_cookie_name(smp->strm, smp, args ? args->data.str.str : NULL, args ? args->data.str.len : 0);
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200756}
757
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100758/* returns either 1 or 0 depending on whether an RDP cookie is found or not */
759static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200760smp_fetch_rdp_cookie_cnt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100761{
762 int ret;
763
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200764 ret = smp_fetch_rdp_cookie(args, smp, kw, private);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100765
766 if (smp->flags & SMP_F_MAY_CHANGE)
767 return 0;
768
769 smp->flags = SMP_F_VOLATILE;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200770 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200771 smp->data.u.sint = ret;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100772 return 1;
773}
774
775/* extracts part of a payload with offset and length at a given position */
776static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200777smp_fetch_payload_lv(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100778{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200779 unsigned int len_offset = arg_p[0].data.sint;
780 unsigned int len_size = arg_p[1].data.sint;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100781 unsigned int buf_offset;
782 unsigned int buf_size = 0;
783 struct channel *chn;
784 int i;
785
786 /* Format is (len offset, len size, buf offset) or (len offset, len size) */
787 /* by default buf offset == len offset + len size */
788 /* buf offset could be absolute or relative to len offset + len size if prefixed by + or - */
789
Willy Tarreaube508f12016-03-10 11:47:01 +0100790 if (!smp->strm)
791 return 0;
792
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200793 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100794 if (len_offset + len_size > chn->buf->i)
795 goto too_short;
796
797 for (i = 0; i < len_size; i++) {
798 buf_size = (buf_size << 8) + ((unsigned char *)chn->buf->p)[i + len_offset];
799 }
800
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200801 /* buf offset may be implicit, absolute or relative. If the LSB
802 * is set, then the offset is relative otherwise it is absolute.
803 */
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100804 buf_offset = len_offset + len_size;
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200805 if (arg_p[2].type == ARGT_SINT) {
806 if (arg_p[2].data.sint & 1)
807 buf_offset += arg_p[2].data.sint >> 1;
808 else
809 buf_offset = arg_p[2].data.sint >> 1;
810 }
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100811
Willy Tarreaud7bdcb82015-09-24 16:33:10 +0200812 if (!buf_size || buf_size > global.tune.bufsize || buf_offset + buf_size > global.tune.bufsize) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100813 /* will never match */
814 smp->flags = 0;
815 return 0;
816 }
817
818 if (buf_offset + buf_size > chn->buf->i)
819 goto too_short;
820
821 /* init chunk as read only */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200822 smp->data.type = SMP_T_BIN;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100823 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200824 chunk_initlen(&smp->data.u.str, chn->buf->p + buf_offset, 0, buf_size);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100825 return 1;
826
827 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100828 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100829 return 0;
830}
831
832/* extracts some payload at a fixed position and length */
833static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200834smp_fetch_payload(const struct arg *arg_p, struct sample *smp, const char *kw, void *private)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100835{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200836 unsigned int buf_offset = arg_p[0].data.sint;
837 unsigned int buf_size = arg_p[1].data.sint;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100838 struct channel *chn;
839
Willy Tarreaube508f12016-03-10 11:47:01 +0100840 if (!smp->strm)
841 return 0;
842
Thierry FOURNIER0786d052015-05-11 15:42:45 +0200843 chn = ((smp->opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? &smp->strm->res : &smp->strm->req;
Willy Tarreaud7bdcb82015-09-24 16:33:10 +0200844 if (!buf_size || buf_size > global.tune.bufsize || buf_offset + buf_size > global.tune.bufsize) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100845 /* will never match */
846 smp->flags = 0;
847 return 0;
848 }
849
850 if (buf_offset + buf_size > chn->buf->i)
851 goto too_short;
852
853 /* init chunk as read only */
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +0200854 smp->data.type = SMP_T_BIN;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100855 smp->flags = SMP_F_VOLATILE | SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +0200856 chunk_initlen(&smp->data.u.str, chn->buf->p + buf_offset, 0, buf_size ? buf_size : (chn->buf->i - buf_offset));
Willy Tarreau3889fff2015-01-13 20:20:10 +0100857 if (!buf_size && channel_may_recv(chn) && !channel_input_closed(chn))
Willy Tarreau00f00842013-08-02 11:07:32 +0200858 smp->flags |= SMP_F_MAY_CHANGE;
859
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100860 return 1;
861
862 too_short:
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100863 smp->flags = SMP_F_MAY_CHANGE | SMP_F_CONST;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100864 return 0;
865}
866
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100867/* This function is used to validate the arguments passed to a "payload_lv" fetch
868 * keyword. This keyword allows two positive integers and an optional signed one,
869 * with the second one being strictly positive and the third one being greater than
870 * the opposite of the two others if negative. It is assumed that the types are
871 * already the correct ones. Returns 0 on error, non-zero if OK. If <err_msg> is
872 * not NULL, it will be filled with a pointer to an error message in case of
873 * error, that the caller is responsible for freeing. The initial location must
874 * either be freeable or NULL.
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200875 *
876 * Note that offset2 is stored with SINT type, but its not directly usable as is.
877 * The value is contained in the 63 MSB and the LSB is used as a flag for marking
878 * the "relative" property of the value.
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100879 */
Thierry FOURNIER49f45af2014-12-08 19:50:43 +0100880int val_payload_lv(struct arg *arg, char **err_msg)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100881{
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200882 int relative = 0;
883 const char *str;
884
885 if (arg[0].data.sint < 0) {
886 memprintf(err_msg, "payload offset1 must be positive");
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100887 return 0;
888 }
889
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200890 if (!arg[1].data.sint) {
891 memprintf(err_msg, "payload length must be > 0");
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100892 return 0;
893 }
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200894
895 if (arg[2].type == ARGT_STR && arg[2].data.str.len > 0) {
896 if (arg[2].data.str.str[0] == '+' || arg[2].data.str.str[0] == '-')
897 relative = 1;
898 str = arg[2].data.str.str;
899 arg[2].type = ARGT_SINT;
900 arg[2].data.sint = read_int64(&str, str + arg[2].data.str.len);
901 if (*str != '\0') {
902 memprintf(err_msg, "payload offset2 is not a number");
903 return 0;
904 }
905 if (arg[0].data.sint + arg[1].data.sint + arg[2].data.sint < 0) {
906 memprintf(err_msg, "payload offset2 too negative");
907 return 0;
908 }
909 if (relative)
910 arg[2].data.sint = ( arg[2].data.sint << 1 ) + 1;
911 }
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100912 return 1;
913}
914
915/************************************************************************/
916/* All supported sample and ACL keywords must be declared here. */
917/************************************************************************/
918
919/* Note: must not be declared <const> as its list will be overwritten.
920 * Note: fetches that may return multiple types must be declared as the lowest
921 * common denominator, the type that can be casted into all other ones. For
922 * instance IPv4/IPv6 must be declared IPv4.
923 */
Willy Tarreaudc13c112013-06-21 23:16:39 +0200924static struct sample_fetch_kw_list smp_kws = {ILH, {
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200925 { "payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6REQ|SMP_USE_L6RES },
926 { "payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6REQ|SMP_USE_L6RES },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100927 { "rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +0200928 { "rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_SINT, SMP_USE_L6REQ },
929 { "rep_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
930 { "req_len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
931 { "req_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100932 { "req_ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +0200933 { "req_ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Willy Tarreaufa957342013-01-14 16:07:52 +0100934
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +0200935 { "req.len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200936 { "req.payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6REQ },
937 { "req.payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100938 { "req.rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +0200939 { "req.rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_SINT, SMP_USE_L6REQ },
Nenad Merdanovic5fc7d7e2015-07-07 22:00:17 +0200940 { "req.ssl_ec_ext", smp_fetch_req_ssl_ec_ext, 0, NULL, SMP_T_BOOL, SMP_USE_L6REQ },
Pradeep Jindalbb2acf52015-09-29 10:12:57 +0530941 { "req.ssl_st_ext", smp_fetch_req_ssl_st_ext, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +0200942 { "req.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +0100943 { "req.ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_STR, SMP_USE_L6REQ },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +0200944 { "req.ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_SINT, SMP_USE_L6REQ },
945 { "res.len", smp_fetch_len, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
Thierry FOURNIERbf65cd42015-07-20 17:45:02 +0200946 { "res.payload", smp_fetch_payload, ARG2(2,SINT,SINT), NULL, SMP_T_BIN, SMP_USE_L6RES },
947 { "res.payload_lv", smp_fetch_payload_lv, ARG3(2,SINT,SINT,STR), val_payload_lv, SMP_T_BIN, SMP_USE_L6RES },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +0200948 { "res.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_SINT, SMP_USE_L6RES },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100949 { "wait_end", smp_fetch_wait_end, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN },
950 { /* END */ },
951}};
952
953
954/* Note: must not be declared <const> as its list will be overwritten.
955 * Please take care of keeping this list alphabetically sorted.
956 */
Willy Tarreaudc13c112013-06-21 23:16:39 +0200957static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +0100958 { "payload", "req.payload", PAT_MATCH_BIN },
959 { "payload_lv", "req.payload_lv", PAT_MATCH_BIN },
960 { "req_rdp_cookie", "req.rdp_cookie", PAT_MATCH_STR },
961 { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", PAT_MATCH_INT },
962 { "req_ssl_sni", "req.ssl_sni", PAT_MATCH_STR },
963 { "req_ssl_ver", "req.ssl_ver", PAT_MATCH_INT, pat_parse_dotted_ver },
964 { "req.ssl_ver", "req.ssl_ver", PAT_MATCH_INT, pat_parse_dotted_ver },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100965 { /* END */ },
966}};
967
968
969__attribute__((constructor))
970static void __payload_init(void)
971{
972 sample_register_fetches(&smp_kws);
973 acl_register_keywords(&acl_kws);
974}
975
976/*
977 * Local variables:
978 * c-indent-level: 8
979 * c-basic-offset: 8
980 * End:
981 */