blob: 227379b0d484b359a15230181b29a0af82202bff [file] [log] [blame]
Willy Tarreaud4c33c82013-01-07 21:59:07 +01001/*
2 * General protocol-agnostic payload-based sample fetches and ACLs
3 *
4 * Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <stdlib.h>
14#include <string.h>
15
16#include <proto/acl.h>
17#include <proto/arg.h>
18#include <proto/channel.h>
19#include <proto/payload.h>
20#include <proto/sample.h>
21
22
23/************************************************************************/
24/* All supported sample fetch functions must be declared here */
25/************************************************************************/
26
27/* wait for more data as long as possible, then return TRUE. This should be
28 * used with content inspection.
29 */
30static int
31smp_fetch_wait_end(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020032 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010033{
34 if (!(opt & SMP_OPT_FINAL)) {
35 smp->flags |= SMP_F_MAY_CHANGE;
36 return 0;
37 }
38 smp->type = SMP_T_BOOL;
39 smp->data.uint = 1;
40 return 1;
41}
42
43/* return the number of bytes in the request buffer */
44static int
45smp_fetch_req_len(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020046 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010047{
48 if (!s || !s->req)
49 return 0;
50
51 smp->type = SMP_T_UINT;
52 smp->data.uint = s->req->buf->i;
53 smp->flags = SMP_F_VOLATILE | SMP_F_MAY_CHANGE;
54 return 1;
55}
56
57/* returns the type of SSL hello message (mainly used to detect an SSL hello) */
58static int
59smp_fetch_ssl_hello_type(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020060 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +010061{
62 int hs_len;
63 int hs_type, bleft;
64 struct channel *chn;
65 const unsigned char *data;
66
67 if (!s)
68 goto not_ssl_hello;
69
70 chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
71
72 bleft = chn->buf->i;
73 data = (const unsigned char *)chn->buf->p;
74
75 if (!bleft)
76 goto too_short;
77
78 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
79 /* SSLv3 header format */
80 if (bleft < 9)
81 goto too_short;
82
83 /* ssl version 3 */
84 if ((data[1] << 16) + data[2] < 0x00030000)
85 goto not_ssl_hello;
86
87 /* ssl message len must present handshake type and len */
88 if ((data[3] << 8) + data[4] < 4)
89 goto not_ssl_hello;
90
91 /* format introduced with SSLv3 */
92
93 hs_type = (int)data[5];
94 hs_len = ( data[6] << 16 ) + ( data[7] << 8 ) + data[8];
95
96 /* not a full handshake */
97 if (bleft < (9 + hs_len))
98 goto too_short;
99
100 }
101 else {
102 goto not_ssl_hello;
103 }
104
105 smp->type = SMP_T_UINT;
106 smp->data.uint = hs_type;
107 smp->flags = SMP_F_VOLATILE;
108
109 return 1;
110
111 too_short:
112 smp->flags = SMP_F_MAY_CHANGE;
113
114 not_ssl_hello:
115
116 return 0;
117}
118
119/* Return the version of the SSL protocol in the request. It supports both
120 * SSLv3 (TLSv1) header format for any message, and SSLv2 header format for
121 * the hello message. The SSLv3 format is described in RFC 2246 p49, and the
122 * SSLv2 format is described here, and completed p67 of RFC 2246 :
123 * http://wp.netscape.com/eng/security/SSL_2.html
124 *
125 * Note: this decoder only works with non-wrapping data.
126 */
127static int
128smp_fetch_req_ssl_ver(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200129 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100130{
131 int version, bleft, msg_len;
132 const unsigned char *data;
133
134 if (!s || !s->req)
135 return 0;
136
137 msg_len = 0;
138 bleft = s->req->buf->i;
139 if (!bleft)
140 goto too_short;
141
142 data = (const unsigned char *)s->req->buf->p;
143 if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
144 /* SSLv3 header format */
145 if (bleft < 5)
146 goto too_short;
147
148 version = (data[1] << 16) + data[2]; /* version: major, minor */
149 msg_len = (data[3] << 8) + data[4]; /* record length */
150
151 /* format introduced with SSLv3 */
152 if (version < 0x00030000)
153 goto not_ssl;
154
155 /* message length between 1 and 2^14 + 2048 */
156 if (msg_len < 1 || msg_len > ((1<<14) + 2048))
157 goto not_ssl;
158
159 bleft -= 5; data += 5;
160 } else {
161 /* SSLv2 header format, only supported for hello (msg type 1) */
162 int rlen, plen, cilen, silen, chlen;
163
164 if (*data & 0x80) {
165 if (bleft < 3)
166 goto too_short;
167 /* short header format : 15 bits for length */
168 rlen = ((data[0] & 0x7F) << 8) | data[1];
169 plen = 0;
170 bleft -= 2; data += 2;
171 } else {
172 if (bleft < 4)
173 goto too_short;
174 /* long header format : 14 bits for length + pad length */
175 rlen = ((data[0] & 0x3F) << 8) | data[1];
176 plen = data[2];
177 bleft -= 3; data += 2;
178 }
179
180 if (*data != 0x01)
181 goto not_ssl;
182 bleft--; data++;
183
184 if (bleft < 8)
185 goto too_short;
186 version = (data[0] << 16) + data[1]; /* version: major, minor */
187 cilen = (data[2] << 8) + data[3]; /* cipher len, multiple of 3 */
188 silen = (data[4] << 8) + data[5]; /* session_id_len: 0 or 16 */
189 chlen = (data[6] << 8) + data[7]; /* 16<=challenge length<=32 */
190
191 bleft -= 8; data += 8;
192 if (cilen % 3 != 0)
193 goto not_ssl;
194 if (silen && silen != 16)
195 goto not_ssl;
196 if (chlen < 16 || chlen > 32)
197 goto not_ssl;
198 if (rlen != 9 + cilen + silen + chlen)
199 goto not_ssl;
200
201 /* focus on the remaining data length */
202 msg_len = cilen + silen + chlen + plen;
203 }
204 /* We could recursively check that the buffer ends exactly on an SSL
205 * fragment boundary and that a possible next segment is still SSL,
206 * but that's a bit pointless. However, we could still check that
207 * all the part of the request which fits in a buffer is already
208 * there.
209 */
210 if (msg_len > buffer_max_len(s->req) + s->req->buf->data - s->req->buf->p)
211 msg_len = buffer_max_len(s->req) + s->req->buf->data - s->req->buf->p;
212
213 if (bleft < msg_len)
214 goto too_short;
215
216 /* OK that's enough. We have at least the whole message, and we have
217 * the protocol version.
218 */
219 smp->type = SMP_T_UINT;
220 smp->data.uint = version;
221 smp->flags = SMP_F_VOLATILE;
222 return 1;
223
224 too_short:
225 smp->flags = SMP_F_MAY_CHANGE;
226 not_ssl:
227 return 0;
228}
229
230/* Try to extract the Server Name Indication that may be presented in a TLS
231 * client hello handshake message. The format of the message is the following
232 * (cf RFC5246 + RFC6066) :
233 * TLS frame :
234 * - uint8 type = 0x16 (Handshake)
235 * - uint16 version >= 0x0301 (TLSv1)
236 * - uint16 length (frame length)
237 * - TLS handshake :
238 * - uint8 msg_type = 0x01 (ClientHello)
239 * - uint24 length (handshake message length)
240 * - ClientHello :
241 * - uint16 client_version >= 0x0301 (TLSv1)
242 * - uint8 Random[32] (4 first ones are timestamp)
243 * - SessionID :
244 * - uint8 session_id_len (0..32) (SessionID len in bytes)
245 * - uint8 session_id[session_id_len]
246 * - CipherSuite :
247 * - uint16 cipher_len >= 2 (Cipher length in bytes)
248 * - uint16 ciphers[cipher_len/2]
249 * - CompressionMethod :
250 * - uint8 compression_len >= 1 (# of supported methods)
251 * - uint8 compression_methods[compression_len]
252 * - optional client_extension_len (in bytes)
253 * - optional sequence of ClientHelloExtensions (as many bytes as above):
254 * - uint16 extension_type = 0 for server_name
255 * - uint16 extension_len
256 * - opaque extension_data[extension_len]
257 * - uint16 server_name_list_len (# of bytes here)
258 * - opaque server_names[server_name_list_len bytes]
259 * - uint8 name_type = 0 for host_name
260 * - uint16 name_len
261 * - opaque hostname[name_len bytes]
262 */
263static int
264smp_fetch_ssl_hello_sni(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200265 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100266{
267 int hs_len, ext_len, bleft;
268 struct channel *chn;
269 unsigned char *data;
270
271 if (!s)
272 goto not_ssl_hello;
273
274 chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
275
276 bleft = chn->buf->i;
277 data = (unsigned char *)chn->buf->p;
278
279 /* Check for SSL/TLS Handshake */
280 if (!bleft)
281 goto too_short;
282 if (*data != 0x16)
283 goto not_ssl_hello;
284
285 /* Check for TLSv1 or later (SSL version >= 3.1) */
286 if (bleft < 3)
287 goto too_short;
288 if (data[1] < 0x03 || data[2] < 0x01)
289 goto not_ssl_hello;
290
291 if (bleft < 5)
292 goto too_short;
293 hs_len = (data[3] << 8) + data[4];
294 if (hs_len < 1 + 3 + 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
295 goto not_ssl_hello; /* too short to have an extension */
296
297 data += 5; /* enter TLS handshake */
298 bleft -= 5;
299
300 /* Check for a complete client hello starting at <data> */
301 if (bleft < 1)
302 goto too_short;
303 if (data[0] != 0x01) /* msg_type = Client Hello */
304 goto not_ssl_hello;
305
306 /* Check the Hello's length */
307 if (bleft < 4)
308 goto too_short;
309 hs_len = (data[1] << 16) + (data[2] << 8) + data[3];
310 if (hs_len < 2 + 32 + 1 + 2 + 2 + 1 + 1 + 2 + 2)
311 goto not_ssl_hello; /* too short to have an extension */
312
313 /* We want the full handshake here */
314 if (bleft < hs_len)
315 goto too_short;
316
317 data += 4;
318 /* Start of the ClientHello message */
319 if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
320 goto not_ssl_hello;
321
322 ext_len = data[34]; /* session_id_len */
323 if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
324 goto not_ssl_hello;
325
326 /* Jump to cipher suite */
327 hs_len -= 35 + ext_len;
328 data += 35 + ext_len;
329
330 if (hs_len < 4 || /* minimum one cipher */
331 (ext_len = (data[0] << 8) + data[1]) < 2 || /* minimum 2 bytes for a cipher */
332 ext_len > hs_len)
333 goto not_ssl_hello;
334
335 /* Jump to the compression methods */
336 hs_len -= 2 + ext_len;
337 data += 2 + ext_len;
338
339 if (hs_len < 2 || /* minimum one compression method */
340 data[0] < 1 || data[0] > hs_len) /* minimum 1 bytes for a method */
341 goto not_ssl_hello;
342
343 /* Jump to the extensions */
344 hs_len -= 1 + data[0];
345 data += 1 + data[0];
346
347 if (hs_len < 2 || /* minimum one extension list length */
348 (ext_len = (data[0] << 8) + data[1]) > hs_len - 2) /* list too long */
349 goto not_ssl_hello;
350
351 hs_len = ext_len; /* limit ourselves to the extension length */
352 data += 2;
353
354 while (hs_len >= 4) {
355 int ext_type, name_type, srv_len, name_len;
356
357 ext_type = (data[0] << 8) + data[1];
358 ext_len = (data[2] << 8) + data[3];
359
360 if (ext_len > hs_len - 4) /* Extension too long */
361 goto not_ssl_hello;
362
363 if (ext_type == 0) { /* Server name */
364 if (ext_len < 2) /* need one list length */
365 goto not_ssl_hello;
366
367 srv_len = (data[4] << 8) + data[5];
368 if (srv_len < 4 || srv_len > hs_len - 6)
369 goto not_ssl_hello; /* at least 4 bytes per server name */
370
371 name_type = data[6];
372 name_len = (data[7] << 8) + data[8];
373
374 if (name_type == 0) { /* hostname */
375 smp->type = SMP_T_CSTR;
376 smp->data.str.str = (char *)data + 9;
377 smp->data.str.len = name_len;
378 smp->flags = SMP_F_VOLATILE;
379 return 1;
380 }
381 }
382
383 hs_len -= 4 + ext_len;
384 data += 4 + ext_len;
385 }
386 /* server name not found */
387 goto not_ssl_hello;
388
389 too_short:
390 smp->flags = SMP_F_MAY_CHANGE;
391
392 not_ssl_hello:
393
394 return 0;
395}
396
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200397/* Fetch the request RDP cookie identified in <cname>:<clen>, or any cookie if
398 * <clen> is empty (cname is then ignored). It returns the data into sample <smp>.
399 * Note: this decoder only works with non-wrapping data.
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100400 */
401int
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200402fetch_rdp_cookie_name(struct session *s, struct sample *smp, const char *cname, int clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100403{
404 int bleft;
405 const unsigned char *data;
406
407 if (!s || !s->req)
408 return 0;
409
410 smp->flags = 0;
411 smp->type = SMP_T_CSTR;
412
413 bleft = s->req->buf->i;
414 if (bleft <= 11)
415 goto too_short;
416
417 data = (const unsigned char *)s->req->buf->p + 11;
418 bleft -= 11;
419
420 if (bleft <= 7)
421 goto too_short;
422
423 if (strncasecmp((const char *)data, "Cookie:", 7) != 0)
424 goto not_cookie;
425
426 data += 7;
427 bleft -= 7;
428
429 while (bleft > 0 && *data == ' ') {
430 data++;
431 bleft--;
432 }
433
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200434 if (clen) {
435 if (bleft <= clen)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100436 goto too_short;
437
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200438 if ((data[clen] != '=') ||
439 strncasecmp(cname, (const char *)data, clen) != 0)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100440 goto not_cookie;
441
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200442 data += clen + 1;
443 bleft -= clen + 1;
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100444 } else {
445 while (bleft > 0 && *data != '=') {
446 if (*data == '\r' || *data == '\n')
447 goto not_cookie;
448 data++;
449 bleft--;
450 }
451
452 if (bleft < 1)
453 goto too_short;
454
455 if (*data != '=')
456 goto not_cookie;
457
458 data++;
459 bleft--;
460 }
461
462 /* data points to cookie value */
463 smp->data.str.str = (char *)data;
464 smp->data.str.len = 0;
465
466 while (bleft > 0 && *data != '\r') {
467 data++;
468 bleft--;
469 }
470
471 if (bleft < 2)
472 goto too_short;
473
474 if (data[0] != '\r' || data[1] != '\n')
475 goto not_cookie;
476
477 smp->data.str.len = (char *)data - smp->data.str.str;
478 smp->flags = SMP_F_VOLATILE;
479 return 1;
480
481 too_short:
482 smp->flags = SMP_F_MAY_CHANGE;
483 not_cookie:
484 return 0;
485}
486
Willy Tarreaucadd8c92013-07-22 18:09:52 +0200487/* Fetch the request RDP cookie identified in the args, or any cookie if no arg
488 * is passed. It is usable both for ACL and for samples. Note: this decoder
489 * only works with non-wrapping data. Accepts either 0 or 1 argument. Argument
490 * is a string (cookie name), other types will lead to undefined behaviour.
491 */
492int
493smp_fetch_rdp_cookie(struct proxy *px, struct session *s, void *l7, unsigned int opt,
494 const struct arg *args, struct sample *smp, const char *kw)
495{
496 return fetch_rdp_cookie_name(s, smp, args ? args->data.str.str : NULL, args ? args->data.str.len : 0);
497}
498
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100499/* returns either 1 or 0 depending on whether an RDP cookie is found or not */
500static int
501smp_fetch_rdp_cookie_cnt(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200502 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100503{
504 int ret;
505
Willy Tarreauef38c392013-07-22 16:29:32 +0200506 ret = smp_fetch_rdp_cookie(px, s, l7, opt, args, smp, kw);
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100507
508 if (smp->flags & SMP_F_MAY_CHANGE)
509 return 0;
510
511 smp->flags = SMP_F_VOLATILE;
512 smp->type = SMP_T_UINT;
513 smp->data.uint = ret;
514 return 1;
515}
516
517/* extracts part of a payload with offset and length at a given position */
518static int
519smp_fetch_payload_lv(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200520 const struct arg *arg_p, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100521{
522 unsigned int len_offset = arg_p[0].data.uint;
523 unsigned int len_size = arg_p[1].data.uint;
524 unsigned int buf_offset;
525 unsigned int buf_size = 0;
526 struct channel *chn;
527 int i;
528
529 /* Format is (len offset, len size, buf offset) or (len offset, len size) */
530 /* by default buf offset == len offset + len size */
531 /* buf offset could be absolute or relative to len offset + len size if prefixed by + or - */
532
533 if (!s)
534 return 0;
535
536 chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
537
538 if (!chn)
539 return 0;
540
541 if (len_offset + len_size > chn->buf->i)
542 goto too_short;
543
544 for (i = 0; i < len_size; i++) {
545 buf_size = (buf_size << 8) + ((unsigned char *)chn->buf->p)[i + len_offset];
546 }
547
548 /* buf offset may be implicit, absolute or relative */
549 buf_offset = len_offset + len_size;
550 if (arg_p[2].type == ARGT_UINT)
551 buf_offset = arg_p[2].data.uint;
552 else if (arg_p[2].type == ARGT_SINT)
553 buf_offset += arg_p[2].data.sint;
554
555 if (!buf_size || buf_size > chn->buf->size || buf_offset + buf_size > chn->buf->size) {
556 /* will never match */
557 smp->flags = 0;
558 return 0;
559 }
560
561 if (buf_offset + buf_size > chn->buf->i)
562 goto too_short;
563
564 /* init chunk as read only */
565 smp->type = SMP_T_CBIN;
566 chunk_initlen(&smp->data.str, chn->buf->p + buf_offset, 0, buf_size);
567 smp->flags = SMP_F_VOLATILE;
568 return 1;
569
570 too_short:
571 smp->flags = SMP_F_MAY_CHANGE;
572 return 0;
573}
574
575/* extracts some payload at a fixed position and length */
576static int
577smp_fetch_payload(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +0200578 const struct arg *arg_p, struct sample *smp, const char *kw)
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100579{
580 unsigned int buf_offset = arg_p[0].data.uint;
581 unsigned int buf_size = arg_p[1].data.uint;
582 struct channel *chn;
583
584 if (!s)
585 return 0;
586
587 chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
588
589 if (!chn)
590 return 0;
591
Willy Tarreau00f00842013-08-02 11:07:32 +0200592 if (buf_size > chn->buf->size || buf_offset + buf_size > chn->buf->size) {
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100593 /* will never match */
594 smp->flags = 0;
595 return 0;
596 }
597
598 if (buf_offset + buf_size > chn->buf->i)
599 goto too_short;
600
601 /* init chunk as read only */
602 smp->type = SMP_T_CBIN;
Willy Tarreau00f00842013-08-02 11:07:32 +0200603 chunk_initlen(&smp->data.str, chn->buf->p + buf_offset, 0, buf_size ? buf_size : (chn->buf->i - buf_offset));
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100604 smp->flags = SMP_F_VOLATILE;
Willy Tarreau00f00842013-08-02 11:07:32 +0200605 if (!buf_size && !channel_full(chn) && !channel_input_closed(chn))
606 smp->flags |= SMP_F_MAY_CHANGE;
607
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100608 return 1;
609
610 too_short:
611 smp->flags = SMP_F_MAY_CHANGE;
612 return 0;
613}
614
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100615/* This function is used to validate the arguments passed to a "payload_lv" fetch
616 * keyword. This keyword allows two positive integers and an optional signed one,
617 * with the second one being strictly positive and the third one being greater than
618 * the opposite of the two others if negative. It is assumed that the types are
619 * already the correct ones. Returns 0 on error, non-zero if OK. If <err_msg> is
620 * not NULL, it will be filled with a pointer to an error message in case of
621 * error, that the caller is responsible for freeing. The initial location must
622 * either be freeable or NULL.
623 */
624static int val_payload_lv(struct arg *arg, char **err_msg)
625{
626 if (!arg[1].data.uint) {
627 memprintf(err_msg, "payload length must be > 0");
628 return 0;
629 }
630
631 if (arg[2].type == ARGT_SINT &&
632 (int)(arg[0].data.uint + arg[1].data.uint + arg[2].data.sint) < 0) {
633 memprintf(err_msg, "payload offset too negative");
634 return 0;
635 }
636 return 1;
637}
638
639/************************************************************************/
640/* All supported sample and ACL keywords must be declared here. */
641/************************************************************************/
642
643/* Note: must not be declared <const> as its list will be overwritten.
644 * Note: fetches that may return multiple types must be declared as the lowest
645 * common denominator, the type that can be casted into all other ones. For
646 * instance IPv4/IPv6 must be declared IPv4.
647 */
Willy Tarreaudc13c112013-06-21 23:16:39 +0200648static struct sample_fetch_kw_list smp_kws = {ILH, {
Willy Tarreau00f00842013-08-02 11:07:32 +0200649 { "payload", smp_fetch_payload, ARG2(2,UINT,UINT), NULL, SMP_T_CBIN, SMP_USE_L6REQ|SMP_USE_L6RES },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100650 { "payload_lv", smp_fetch_payload_lv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_USE_L6REQ|SMP_USE_L6RES },
651 { "rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_L6REQ },
652 { "rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_L6REQ },
653 { "rep_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_UINT, SMP_USE_L6RES },
654 { "req_len", smp_fetch_req_len, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
655 { "req_ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
656 { "req_ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_CSTR, SMP_USE_L6REQ },
657 { "req_ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
Willy Tarreaufa957342013-01-14 16:07:52 +0100658
659 { "req.len", smp_fetch_req_len, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
Willy Tarreau00f00842013-08-02 11:07:32 +0200660 { "req.payload", smp_fetch_payload, ARG2(2,UINT,UINT), NULL, SMP_T_CBIN, SMP_USE_L6REQ },
Willy Tarreaufa957342013-01-14 16:07:52 +0100661 { "req.payload_lv", smp_fetch_payload_lv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_USE_L6REQ },
662 { "req.rdp_cookie", smp_fetch_rdp_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_L6REQ },
663 { "req.rdp_cookie_cnt", smp_fetch_rdp_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_L6REQ },
664 { "req.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
665 { "req.ssl_sni", smp_fetch_ssl_hello_sni, 0, NULL, SMP_T_CSTR, SMP_USE_L6REQ },
666 { "req.ssl_ver", smp_fetch_req_ssl_ver, 0, NULL, SMP_T_UINT, SMP_USE_L6REQ },
Willy Tarreau00f00842013-08-02 11:07:32 +0200667 { "res.payload", smp_fetch_payload, ARG2(2,UINT,UINT), NULL, SMP_T_CBIN, SMP_USE_L6RES },
Willy Tarreaufa957342013-01-14 16:07:52 +0100668 { "res.payload_lv", smp_fetch_payload_lv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_USE_L6RES },
669 { "res.ssl_hello_type", smp_fetch_ssl_hello_type, 0, NULL, SMP_T_UINT, SMP_USE_L6RES },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100670 { "wait_end", smp_fetch_wait_end, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN },
671 { /* END */ },
672}};
673
674
675/* Note: must not be declared <const> as its list will be overwritten.
676 * Please take care of keeping this list alphabetically sorted.
677 */
Willy Tarreaudc13c112013-06-21 23:16:39 +0200678static struct acl_kw_list acl_kws = {ILH, {
Willy Tarreaud86e29d2013-03-25 08:21:05 +0100679 { "payload", "req.payload", acl_parse_str, acl_match_str },
680 { "payload_lv", "req.payload_lv", acl_parse_str, acl_match_str },
Willy Tarreaud86e29d2013-03-25 08:21:05 +0100681 { "req_rdp_cookie", "req.rdp_cookie", acl_parse_str, acl_match_str },
682 { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", acl_parse_int, acl_match_int },
Willy Tarreaud86e29d2013-03-25 08:21:05 +0100683 { "req_ssl_sni", "req.ssl_sni", acl_parse_str, acl_match_str },
684 { "req_ssl_ver", "req.ssl_ver", acl_parse_dotted_ver, acl_match_int },
Willy Tarreaud4c33c82013-01-07 21:59:07 +0100685 { /* END */ },
686}};
687
688
689__attribute__((constructor))
690static void __payload_init(void)
691{
692 sample_register_fetches(&smp_kws);
693 acl_register_keywords(&acl_kws);
694}
695
696/*
697 * Local variables:
698 * c-indent-level: 8
699 * c-basic-offset: 8
700 * End:
701 */