proxyp_2Parser_8cc_source.html

/*

 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors

 *

 * Squid software is distributed under GPLv2+ license and includes

 * contributions from numerous individuals and organizations.

 * Please see the COPYING and CONTRIBUTORS files for details.

 */


#include "squid.h"

#include "parser/BinaryTokenizer.h"

#include "parser/Tokenizer.h"

#include "proxyp/Elements.h"

#include "proxyp/Header.h"

#include "proxyp/Parser.h"

#include "sbuf/Stream.h"


#include <algorithm>

#include <limits>


#if HAVE_SYS_SOCKET_H

#include <sys/socket.h>

#endif

#if HAVE_NETINET_IN_H

#include <netinet/in.h>

#endif

#if HAVE_NETINET_IP_H

#include <netinet/ip.h>

#endif


namespace ProxyProtocol {


namespace One {

static const auto &


Magic()

{

    static const auto magic = new SBuf("PROXY", 5);

    return *magic;

}


static Parsed Parse(const SBuf &buf);


static void ExtractIp(Parser::Tokenizer &tok, Ip::Address &addr);

static void ExtractPort(Parser::Tokenizer &tok, Ip::Address &addr, const bool trailingSpace);

static void ParseAddresses(Parser::Tokenizer &tok, Header::Pointer &header);

}


namespace Two {

static const auto &


Magic()

{

    static const auto magic = new SBuf("\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A", 12);

    return *magic;

}


static Parsed Parse(const SBuf &buf);


static void ParseAddresses(const uint8_t family, Parser::BinaryTokenizer &tok, Header::Pointer &header);

static void ParseTLVs(Parser::BinaryTokenizer &tok, Header::Pointer &header);

}

}


void


ProxyProtocol::One::ExtractIp(Parser::Tokenizer &tok, Ip::Address &addr)

{

    static const auto ipChars = CharacterSet("IP Address",".:") + CharacterSet::HEXDIG;


    SBuf ip;


    if (!tok.prefix(ip, ipChars))

        throw TexcHere("PROXY/1.0 error: malformed IP address");


    if (!tok.skip(' '))

        throw TexcHere("PROXY/1.0 error: garbage after IP address");


    if (!addr.GetHostByName(ip.c_str()))

        throw TexcHere("PROXY/1.0 error: invalid IP address");


}


void


ProxyProtocol::One::ExtractPort(Parser::Tokenizer &tok, Ip::Address &addr, const bool trailingSpace)

{

    int64_t port = -1;


    if (!tok.int64(port, 10, false))

        throw TexcHere("PROXY/1.0 error: malformed port");


    if (trailingSpace && !tok.skip(' '))

        throw TexcHere("PROXY/1.0 error: garbage after port");


    if (port > std::numeric_limits<uint16_t>::max())

        throw TexcHere("PROXY/1.0 error: invalid port");


    addr.port(static_cast<uint16_t>(port));

}


void


ProxyProtocol::One::ParseAddresses(Parser::Tokenizer &tok, Header::Pointer &header)

{

    static const CharacterSet addressFamilies("Address family", "46");

    SBuf parsedAddressFamily;


    if (!tok.prefix(parsedAddressFamily, addressFamilies, 1))

        throw TexcHere("PROXY/1.0 error: missing or invalid IP address family");


    if (!tok.skip(' '))

        throw TexcHere("PROXY/1.0 error: missing SP after the IP address family");


    // parse: src-IP SP dst-IP SP src-port SP dst-port

    ExtractIp(tok, header->sourceAddress);

    ExtractIp(tok, header->destinationAddress);


    if (header->addressFamily() != parsedAddressFamily)

        throw TexcHere("PROXY/1.0 error: declared and/or actual IP address families mismatch");


    ExtractPort(tok, header->sourceAddress, true);

    ExtractPort(tok, header->destinationAddress, false);

}


ProxyProtocol::Parsed


ProxyProtocol::One::Parse(const SBuf &buf)

{

    Parser::Tokenizer tok(buf);


    static const SBuf::size_type maxHeaderLength = 107; // including CRLF

    static const auto maxInteriorLength = maxHeaderLength - Magic().length() - 2;

    static const auto interiorChars = CharacterSet::CR.complement().rename("non-CR");

    SBuf interior;


    if (!(tok.prefix(interior, interiorChars, maxInteriorLength) &&

            tok.skip('\r') &&

            tok.skip('\n'))) {

        if (tok.atEnd())

            throw Parser::BinaryTokenizer::InsufficientInput();

        // "empty interior", "too-long interior", or "missing LF after CR"

        throw TexcHere("PROXY/1.0 error: malformed header");

    }

    // extracted all PROXY protocol bytes


    static const SBuf v1("1.0");

    Header::Pointer header = new Header(v1, Two::cmdProxy);


    Parser::Tokenizer interiorTok(interior);


    if (!interiorTok.skip(' '))

        throw TexcHere("PROXY/1.0 error: missing SP after the magic sequence");


    static const SBuf protoUnknown("UNKNOWN");

    static const SBuf protoTcp("TCP");


    if (interiorTok.skip(protoTcp))

        ParseAddresses(interiorTok, header);

    else if (interiorTok.skip(protoUnknown))

        header->ignoreAddresses();

    else

        throw TexcHere("PROXY/1.0 error: invalid INET protocol or family");


    return Parsed(header, tok.parsedSize());

}


void


ProxyProtocol::Two::ParseAddresses(const uint8_t family, Parser::BinaryTokenizer &tok, Header::Pointer &header)

{

    switch (family) {


    case afInet: {

        header->sourceAddress = tok.inet4("src_addr IPv4");

        header->destinationAddress = tok.inet4("dst_addr IPv4");

        header->sourceAddress.port(tok.uint16("src_port"));

        header->destinationAddress.port(tok.uint16("dst_port"));

        break;

    }


    case afInet6: {

        header->sourceAddress = tok.inet6("src_addr IPv6");

        header->destinationAddress = tok.inet6("dst_addr IPv6");

        header->sourceAddress.port(tok.uint16("src_port"));

        header->destinationAddress.port(tok.uint16("dst_port"));

        break;

    }


    case afUnix: { // TODO: add support

        // the address block length is 216 bytes

        tok.skip(216, "unix_addr");

        break;

    }


    default: {

        // unreachable code: we have checked family validity already

        Must(false);

        break;

    }

    }

}


void


ProxyProtocol::Two::ParseTLVs(Parser::BinaryTokenizer &tok, Header::Pointer &header) {

    while (!tok.atEnd()) {

        const auto type = tok.uint8("pp2_tlv::type");

        header->tlvs.emplace_back(type, tok.pstring16("pp2_tlv::value"));

    }

}


ProxyProtocol::Parsed


ProxyProtocol::Two::Parse(const SBuf &buf)

{

    Parser::BinaryTokenizer tokHeader(buf, true);


    const auto versionAndCommand = tokHeader.uint8("version and command");


    const auto version = (versionAndCommand & 0xF0) >> 4;

    if (version != 2) // version == 2 is mandatory

        throw TexcHere(ToSBuf("PROXY/2.0 error: invalid version ", version));


    const auto command = (versionAndCommand & 0x0F);

    if (command > cmdProxy)

        throw TexcHere(ToSBuf("PROXY/2.0 error: invalid command ", command));


    const auto familyAndProto = tokHeader.uint8("family and proto");


    const auto family = (familyAndProto & 0xF0) >> 4;

    if (family > afUnix)

        throw TexcHere(ToSBuf("PROXY/2.0 error: invalid address family ", family));


    const auto proto = (familyAndProto & 0x0F);

    if (proto > tpDgram)

        throw TexcHere(ToSBuf("PROXY/2.0 error: invalid transport protocol ", proto));


    const auto rawHeader = tokHeader.pstring16("header");


    static const SBuf v2("2.0");

    Header::Pointer header = new Header(v2, Two::Command(command));


    if (proto == tpUnspecified || family == afUnspecified) {

        header->ignoreAddresses();

        // discard address block and TLVs because we cannot tell

        // how to parse such addresses and where the TLVs start.

    } else {

        Parser::BinaryTokenizer leftoverTok(rawHeader);

        ParseAddresses(family, leftoverTok, header);

        // TODO: parse TLVs for LOCAL connections

        if (header->hasForwardedAddresses())

            ParseTLVs(leftoverTok, header);

    }


    return Parsed(header, tokHeader.parsed());

}


ProxyProtocol::Parsed


ProxyProtocol::Parse(const SBuf &buf)

{

    Parser::Tokenizer magicTok(buf);


    const auto parser =

        magicTok.skip(Two::Magic()) ? &Two::Parse :

        magicTok.skip(One::Magic()) ? &One::Parse :

        nullptr;


    if (parser) {

        const auto parsed = (parser)(magicTok.remaining());

        return Parsed(parsed.header, magicTok.parsedSize() + parsed.size);

    }


    // detect and terminate other protocols

    if (buf.length() >= Two::Magic().length()) {

        // PROXY/1.0 magic is shorter, so we know that

        // the input does not start with any PROXY magic

        throw TexcHere("PROXY protocol error: invalid magic");

    }


    // TODO: detect short non-magic prefixes earlier to avoid

    // waiting for more data which may never come


    // not enough bytes to parse magic yet

    throw Parser::BinaryTokenizer::InsufficientInput();

}


ProxyProtocol::Parsed::Parsed(const Header::Pointer &parsedHeader, const size_t parsedSize):

    header(parsedHeader),

    size(parsedSize)

{

    assert(bool(parsedHeader));

}


BinaryTokenizer.h

Header.h

size
int size
Definition ModDevPoll.cc:70

TexcHere
#define TexcHere(msg)
legacy convenience macro; it is not difficult to type Here() now
Definition TextException.h:63

Must
#define Must(condition)
Definition TextException.h:75

assert
#define assert(EX)
Definition assert.h:17

version
static int version
Definition basic_ldap_auth.cc:166

CharacterSet
optimized set of C chars, with quick membership test and merge support
Definition CharacterSet.h:18

CharacterSet::complement
CharacterSet complement(const char *complementLabel=nullptr) const
Definition CharacterSet.cc:74

CharacterSet::rename
CharacterSet & rename(const char *label)
change name; handy in const declarations that use operators
Definition CharacterSet.h:61

CharacterSet::HEXDIG
static const CharacterSet HEXDIG
Definition CharacterSet.h:88

CharacterSet::CR
static const CharacterSet CR
Definition CharacterSet.h:80

Ip::Address
Definition Address.h:43

Ip::Address::GetHostByName
bool GetHostByName(const char *s)
Definition Address.cc:392

Ip::Address::port
unsigned short port() const
Definition Address.cc:790

Parser::BinaryTokenizer
Definition BinaryTokenizer.h:47

Parser::BinaryTokenizer::parsed
uint64_t parsed() const
the number of already parsed bytes
Definition BinaryTokenizer.h:105

Parser::BinaryTokenizer::uint8
uint8_t uint8(const char *description)
parse a single-byte unsigned integer
Definition BinaryTokenizer.cc:132

Parser::BinaryTokenizer::pstring16
SBuf pstring16(const char *description)
up to 64 KiB-long p-string
Definition BinaryTokenizer.cc:226

Parser::BinaryTokenizer::InsufficientInput
::Parser::InsufficientInput InsufficientInput
Definition BinaryTokenizer.h:49

Parser::Tokenizer
Definition Tokenizer.h:30

Parser::Tokenizer::parsedSize
SBuf::size_type parsedSize() const
number of parsed bytes, including skipped ones
Definition Tokenizer.h:38

Parser::Tokenizer::remaining
const SBuf & remaining() const
the remaining unprocessed section of buffer
Definition Tokenizer.h:44

Parser::Tokenizer::skip
bool skip(const SBuf &tokenToSkip)
Definition Tokenizer.cc:189

ProxyProtocol::Header
PROXY protocol v1 or v2 header.
Definition Header.h:23

ProxyProtocol::Parsed
successful parsing result
Definition Parser.h:19

ProxyProtocol::Parsed::Parsed
Parsed(const HeaderPointer &parsedHeader, const size_t parsedSize)
Definition Parser.cc:280

RefCount< Header >

SBuf
Definition SBuf.h:94

SBuf::c_str
const char * c_str()
Definition SBuf.cc:516

SBuf::length
size_type length() const
Returns the number of bytes stored in SBuf.
Definition SBuf.h:419

SBuf::size_type
MemBlob::size_type size_type
Definition SBuf.h:96

port
static int port
Definition ldap_backend.cc:70

ProxyProtocol::One::Parse
static Parsed Parse(const SBuf &buf)
extracts PROXY protocol v1 header from the given buffer
Definition Parser.cc:123

ProxyProtocol::One::ExtractPort
static void ExtractPort(Parser::Tokenizer &tok, Ip::Address &addr, const bool trailingSpace)
Definition Parser.cc:82

ProxyProtocol::One::Magic
static const auto & Magic()
magic octet prefix for PROXY protocol version 1
Definition Parser.cc:34

ProxyProtocol::One::ExtractIp
static void ExtractIp(Parser::Tokenizer &tok, Ip::Address &addr)
Definition Parser.cc:64

ProxyProtocol::One::ParseAddresses
static void ParseAddresses(Parser::Tokenizer &tok, Header::Pointer &header)
Definition Parser.cc:99

ProxyProtocol::Two::ParseTLVs
static void ParseTLVs(Parser::BinaryTokenizer &tok, Header::Pointer &header)
Definition Parser.cc:199

ProxyProtocol::Two::Command
Command
PROXY protocol 'command' field value.
Definition Elements.h:48

ProxyProtocol::Two::cmdProxy
@ cmdProxy
Definition Elements.h:50

ProxyProtocol::Two::ParseAddresses
static void ParseAddresses(const uint8_t family, Parser::BinaryTokenizer &tok, Header::Pointer &header)
Definition Parser.cc:164

ProxyProtocol::Two::Parse
static Parsed Parse(const SBuf &buf)
extracts PROXY protocol v2 header from the given buffer
Definition Parser.cc:207

ProxyProtocol::Two::Magic
static const auto & Magic()
magic octet prefix for PROXY protocol version 2
Definition Parser.cc:50

ProxyProtocol::Two::afUnspecified
@ afUnspecified
corresponds to a local connection or an unsupported protocol family
Definition Elements.h:55

ProxyProtocol::Two::afUnix
@ afUnix
Definition Elements.h:58

ProxyProtocol::Two::afInet6
@ afInet6
Definition Elements.h:57

ProxyProtocol::Two::afInet
@ afInet
Definition Elements.h:56

ProxyProtocol::Two::tpUnspecified
@ tpUnspecified
Definition Elements.h:62

ProxyProtocol::Two::tpDgram
@ tpDgram
Definition Elements.h:64

ProxyProtocol
Definition Elements.cc:18

ProxyProtocol::Parse
Parsed Parse(const SBuf &)
Definition Parser.cc:252

Tokenizer.h

Elements.h

Parser.h

Stream.h

ToSBuf
SBuf ToSBuf(Args &&... args)
slowly stream-prints all arguments into a freshly allocated SBuf
Definition Stream.h:63

squid.h

tok
Definition parse.c:160