xref: /freebsd/contrib/unbound/util/proxy_protocol.c (revision 911f0260390e18cf85f3dbf2c719b593efdc1e3c) 
1 /*
2  * util/proxy_protocol.c - event notification
3  *
4  * Copyright (c) 2022, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * This file contains PROXY protocol functions.
40  */
41 #include "config.h"
42 #include "util/log.h"
43 #include "util/proxy_protocol.h"
44 
45 int
46 pp2_write_to_buf(struct sldns_buffer* buf, struct sockaddr_storage* src,
47 	int stream)
48 {
49 	int af;
50 	if(!src) return 0;
51 	af = (int)((struct sockaddr_in*)src)->sin_family;
52 	if(sldns_buffer_remaining(buf) <
53 		PP2_HEADER_SIZE + (af==AF_INET?12:36)) {
54 		return 0;
55 	}
56 	/* sig */
57 	sldns_buffer_write(buf, PP2_SIG, PP2_SIG_LEN);
58 	/* version and command */
59 	sldns_buffer_write_u8(buf, (PP2_VERSION << 4) | PP2_CMD_PROXY);
60 	if(af==AF_INET) {
61 		/* family and protocol */
62 		sldns_buffer_write_u8(buf,
63 			(PP2_AF_INET<<4) |
64 			(stream?PP2_PROT_STREAM:PP2_PROT_DGRAM));
65 		/* length */
66 		sldns_buffer_write_u16(buf, 12);
67 		/* src addr */
68 		sldns_buffer_write(buf,
69 			&((struct sockaddr_in*)src)->sin_addr.s_addr, 4);
70 		/* dst addr */
71 		sldns_buffer_write_u32(buf, 0);
72 		/* src port */
73 		sldns_buffer_write(buf,
74 			&((struct sockaddr_in*)src)->sin_port, 2);
75 		/* dst port */
76 		sldns_buffer_write_u16(buf, 0);
77 	} else {
78 		/* family and protocol */
79 		sldns_buffer_write_u8(buf,
80 			(PP2_AF_INET6<<4) |
81 			(stream?PP2_PROT_STREAM:PP2_PROT_DGRAM));
82 		/* length */
83 		sldns_buffer_write_u16(buf, 36);
84 		/* src addr */
85 		sldns_buffer_write(buf,
86 			&((struct sockaddr_in6*)src)->sin6_addr, 16);
87 		/* dst addr */
88 		sldns_buffer_set_at(buf,
89 			sldns_buffer_position(buf), 0, 16);
90 		sldns_buffer_skip(buf, 16);
91 		/* src port */
92 		sldns_buffer_write(buf,
93 			&((struct sockaddr_in6*)src)->sin6_port, 2);
94 		/* dst port */
95 		sldns_buffer_write_u16(buf, 0);
96 	}
97 	return 1;
98 }
99 
100 struct pp2_header*
101 pp2_read_header(struct sldns_buffer* buf)
102 {
103 	size_t size;
104 	struct pp2_header* header = (struct pp2_header*)sldns_buffer_begin(buf);
105 	/* Try to fail all the unsupported cases first. */
106 	if(sldns_buffer_remaining(buf) < PP2_HEADER_SIZE) {
107 		log_err("proxy_protocol: not enough space for header");
108 		return NULL;
109 	}
110 	/* Check for PROXYv2 header */
111 	if(memcmp(header, PP2_SIG, PP2_SIG_LEN) != 0 ||
112 		((header->ver_cmd & 0xF0)>>4) != PP2_VERSION) {
113 		log_err("proxy_protocol: could not match PROXYv2 header");
114 		return NULL;
115 	}
116 	/* Check the length */
117 	size = PP2_HEADER_SIZE + ntohs(header->len);
118 	if(sldns_buffer_remaining(buf) < size) {
119 		log_err("proxy_protocol: not enough space for header");
120 		return NULL;
121 	}
122 	/* Check for supported commands */
123 	if((header->ver_cmd & 0xF) != PP2_CMD_LOCAL &&
124 		(header->ver_cmd & 0xF) != PP2_CMD_PROXY) {
125 		log_err("proxy_protocol: unsupported command");
126 		return NULL;
127 	}
128 	/* Check for supported family and protocol */
129 	if(header->fam_prot != 0x00 /* AF_UNSPEC|UNSPEC */ &&
130 		header->fam_prot != 0x11 /* AF_INET|STREAM */ &&
131 		header->fam_prot != 0x12 /* AF_INET|DGRAM */ &&
132 		header->fam_prot != 0x21 /* AF_INET6|STREAM */ &&
133 		header->fam_prot != 0x22 /* AF_INET6|DGRAM */) {
134 		log_err("proxy_protocol: unsupported family and protocol");
135 		return NULL;
136 	}
137 	/* We have a correct header */
138 	return header;
139 }
140