Attention is currently required from: plaisthos, ralf_lici. Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/686?usp=email to look at the new patch set (#2). Change subject: Add support for TLV parsing in the PROXY protocol ...................................................................... Add support for TLV parsing in the PROXY protocol Version 2 of the PROXY protocol appends extra data in Type-Length-Value vector format at the end of the header. This commit parses and processes or stores the additional information extracted from TLVs. Change-Id: Ia593f72f6baa6e16d2fd9b21b383b709682f9499 Signed-off-by: Ralf Lici <r...@mandelbit.com> --- M src/openvpn/haproxy_protocol.c M src/openvpn/haproxy_protocol.h M tests/unit_tests/openvpn/test_haproxy_protocol.c 3 files changed, 448 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/86/686/2 diff --git a/src/openvpn/haproxy_protocol.c b/src/openvpn/haproxy_protocol.c index 1786d2f..cc7cfb6 100644 --- a/src/openvpn/haproxy_protocol.c +++ b/src/openvpn/haproxy_protocol.c @@ -40,6 +40,74 @@ HAPROXY_PROTOCOL_PARSING_STATE_IGNORE = 1, } haproxy_protocol_parsing_state_t; +static const uint32_t CRC32C_TABLE[256] = +{ + 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L, + 0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL, + 0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL, + 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L, + 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL, + 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L, + 0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L, + 0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL, + 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL, + 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L, + 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L, + 0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL, + 0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L, + 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL, + 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL, + 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L, + 0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L, + 0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L, + 0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L, + 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L, + 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L, + 0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L, + 0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L, + 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L, + 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L, + 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L, + 0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L, + 0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L, + 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L, + 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L, + 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L, + 0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L, + 0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL, + 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L, + 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L, + 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL, + 0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L, + 0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL, + 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL, + 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L, + 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L, + 0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL, + 0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL, + 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L, + 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL, + 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L, + 0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L, + 0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL, + 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L, + 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL, + 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL, + 0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L, + 0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL, + 0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L, + 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L, + 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL, + 0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL, + 0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L, + 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L, + 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL, + 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L, + 0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL, + 0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL, + 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L +}; + static const size_t HAPROXY_PROTOCOL_V2_ADDR_LEN_IPV4 = 12; static const size_t HAPROXY_PROTOCOL_V2_ADDR_LEN_IPV6 = 36; static const size_t HAPROXY_PROTOCOL_V2_ADDR_LEN_UNIX = 216; @@ -90,6 +158,17 @@ } } +uint32_t +haproxy_protocol_crc32c(const uint8_t *data, int len) +{ + uint32_t crc = 0xFFFFFFFF; + while (len-- > 0) + { + crc = (crc >> 8) ^ CRC32C_TABLE[(crc ^ (*data++)) & 0xFF]; + } + return (crc ^ 0xFFFFFFFF); +} + /* * Parse a port number from a string. * @@ -317,6 +396,271 @@ } /* + * Parse a string based TLV and store the value in 'out'. + * + * @param tlv_info - The struct containing the garbage collector. + * @param out - The output variable to store the parsed value. + * @param type_str - A string representation of the TLV type (for logging). + * @param len - The length of the TLV value. + * @param value - The TLV value. + */ +void +haproxy_protocol_parse_string_tlv(struct haproxy_protocol_tlv_info *tlv_info, + char **out, char *type_str, + const uint16_t len, const uint8_t *value) +{ + if (len == 0) + { + msg(M_NONFATAL, "PROXY protocol v2: %s TLV empty", type_str); + return; + } + + *out = (char *)gc_malloc(len + 1, false, &tlv_info->gc); + memcpy(*out, value, len); + (*out)[len] = '\0'; + + if (type_str) + { + msg(M_DEBUG, "PROXY protocol v2: %s TLV: %s", type_str, *out); + } +} + +/* + * Parse the CRC32C TLV and check if it matches the calculated CRC32C. + * If there's a mismatch set the parsing state to invalid to drop the header-> + * + * @param len - The length of the TLV value. + * @param value - The TLV value. + * + * @return - true if the CRC32C value matches the calculated CRC32C. + */ +bool +haproxy_protocol_parse_crc32c_tlv(const uint16_t len, const uint8_t *value) +{ + if (len != 4) + { + msg(M_NONFATAL, "PROXY protocol v2: CRC32C TLV invalid length"); + parsing_state = HAPROXY_PROTOCOL_PARSING_STATE_INVALID; + return false; + } + + uint32_t expected = ntohl(*(uint32_t *)value); + + /* fill the crc32c field with 0s to calculate the crc32c */ + *(uint32_t *)value = 0; + uint32_t calculated = haproxy_protocol_crc32c((const uint8_t *)header, header_len); + + if (expected != calculated) + { + msg(M_NONFATAL, "PROXY protocol v2: CRC32C mismatch, expected: 0x%08x calculated: 0x%08x.", expected, calculated); + parsing_state = HAPROXY_PROTOCOL_PARSING_STATE_INVALID; + return false; + } + msg(M_DEBUG, "PROXY protocol v2: CRC32C match"); + return true; +} + +/* + * Parse the UNIQUE_ID TLV and store the value in hpi->unique_id + * (and hpi->unique_id_len). + * + * @param tlv_info - The struct to store the parsed data. + * @param len - The length of the TLV value. + * @param value - The TLV value. + */ +void +haproxy_protocol_parse_uid_tlv(struct haproxy_protocol_tlv_info *tlv_info, + const uint16_t len, const uint8_t *value) +{ + if (len == 0) + { + msg(M_NONFATAL, "PROXY protocol v2: UNIQUE_ID TLV empty"); + return; + } + else if (len > HAPROXY_PROTOCOL_V2_TLV_UNIQUE_ID_MAX_LEN) + { + msg(M_NONFATAL, "PROXY protocol v2: UNIQUE_ID TLV too long"); + return; + } + + tlv_info->unique_id_len = len; + memcpy(tlv_info->unique_id, value, len); + msg(M_DEBUG, "PROXY protocol v2: UNIQUE_ID: %.*s", (int)tlv_info->unique_id_len, tlv_info->unique_id); +} + +/* + * Parse the SSL TLV (and eventually its sub-TLVs) and store the values in + * hpi->tlv_info. + * + * @param tlv_info - The struct to store the parsed data. + * @param len - The length of the TLV value. + * @param value - The TLV value. + */ +void +haproxy_protocol_parse_ssl_tlv(struct haproxy_protocol_tlv_info *tlv_info, + const uint16_t len, const uint8_t *value) +{ + const struct haproxy_protocol_tlv_ssl *ssl = (const struct haproxy_protocol_tlv_ssl *)(value); + uint16_t pos = sizeof(*ssl); + + if (len == 0) + { + msg(M_NONFATAL, "PROXY protocol v2: SSL TLV empty"); + return; + } + + if (!ssl->client) + { + msg(M_NONFATAL, "PROXY protocol v2: SSL TLV invalid client field"); + return; + } + if (ssl->client & HAPROXY_PROTOCOL_V2_CLIENT_SSL) + { + msg(M_DEBUG, "PROXY protocol v2: client connected over SSL/TLS"); + } + if (ssl->client & HAPROXY_PROTOCOL_V2_CLIENT_CERT_CONN) + { + msg(M_DEBUG, "PROXY protocol v2: client provided a certificate over the " + "current connection"); + } + if (ssl->client & HAPROXY_PROTOCOL_V2_CLIENT_CERT_SESS) + { + msg(M_DEBUG, "PROXY protocol v2: client provided a certificate at least " + "once over the TLS session this connection belongs to"); + } + + msg(M_DEBUG, "PROXY protocol v2: client certificate verification status: %s", + ssl->verify ? "failure" : "success"); + tlv_info->ssl_client = ssl->client; + tlv_info->ssl_verify = ssl->verify; + + while (pos < len) + { + const struct haproxy_protocol_tlv *sub = (const struct haproxy_protocol_tlv *)(value + pos); + uint16_t sub_len = (sub->length_hi << 8) | sub->length_lo; + if (pos + sizeof(*sub) + sub_len > len) + { + msg(M_NONFATAL, "PROXY protocol v2: SSL sub-TLV length (%d) " + "exceeds buffer size (%d)", + sub_len, (int)(len - pos - sizeof(*sub))); + return; + } + switch (sub->type) + { + case HAPROXY_PROTOCOL_TLV_SUBTYPE_SSL_VERSION: + haproxy_protocol_parse_string_tlv(tlv_info, &tlv_info->ssl_version, + "SSL_VERSION", sub_len, sub->value); + break; + + case HAPROXY_PROTOCOL_TLV_SUBTYPE_SSL_CN: + haproxy_protocol_parse_string_tlv(tlv_info, &tlv_info->ssl_cn, + "SSL_CN", sub_len, sub->value); + break; + + case HAPROXY_PROTOCOL_TLV_SUBTYPE_SSL_CIPHER: + haproxy_protocol_parse_string_tlv(tlv_info, &tlv_info->ssl_cipher, + "SSL_CIPHER", sub_len, sub->value); + break; + + case HAPROXY_PROTOCOL_TLV_SUBTYPE_SSL_SIG_ALG: + haproxy_protocol_parse_string_tlv(tlv_info, &tlv_info->ssl_sig_alg, + "SSL_SIG_ALG", sub_len, sub->value); + break; + + case HAPROXY_PROTOCOL_TLV_SUBTYPE_SSL_KEY_ALG: + haproxy_protocol_parse_string_tlv(tlv_info, &tlv_info->ssl_key_alg, + "SSL_KEY_ALG", sub_len, sub->value); + break; + + default: + msg(M_NONFATAL, "PROXY protocol v2: SSL unknown sub-TLV type 0x%02x", sub->type); + break; + } + pos += sizeof(*sub) + sub_len; + } +} + +/* + * Parse a TLV and store the value in the haproxy protocol info structure. + * + * @param hpi - The haproxy protocol info structure to store the parsed data. + * @param type - The TLV type. + * @param len - The length of the TLV value. + * @param value - The TLV value. + */ +void +haproxy_protocol_parse_tlv(struct haproxy_protocol_tlv_info *tlv_info, + const uint8_t type, const uint16_t len, + const uint8_t *value) +{ + switch (type) + { + case HAPROXY_PROTOCOL_TLV_TYPE_ALPN: + haproxy_protocol_parse_string_tlv(tlv_info, &tlv_info->alpn, "ALPN", len, value); + break; + + case HAPROXY_PROTOCOL_TLV_TYPE_AUTHORITY: + haproxy_protocol_parse_string_tlv(tlv_info, &tlv_info->authority, "AUTHORITY", len, value); + break; + + case HAPROXY_PROTOCOL_TLV_TYPE_CRC32C: + haproxy_protocol_parse_crc32c_tlv(len, value); + break; + + case HAPROXY_PROTOCOL_TLV_TYPE_NOOP: + break; + + case HAPROXY_PROTOCOL_TLV_TYPE_UNIQUE_ID: + haproxy_protocol_parse_uid_tlv(tlv_info, len, value); + break; + + case HAPROXY_PROTOCOL_TLV_TYPE_SSL: + haproxy_protocol_parse_ssl_tlv(tlv_info, len, value); + break; + + case HAPROXY_PROTOCOL_TLV_TYPE_NETNS: + haproxy_protocol_parse_string_tlv(tlv_info, &tlv_info->netns, "NETNS", len, value); + break; + + default: + msg(M_NONFATAL, "PROXY protocol v2: unknown TLV type 0x%02x", type); + break; + } +} + +/* + * Parse the TLVs in the PROXY protocol v2 header-> + * + * @param hpi - The haproxy protocol info structure to store the parsed data. + * @param buf - The buffer containing the TLVs. + * @param buf_len - The length of the buffer. + * + * @return - The number of bytes parsed or -1 if an error occurred. + */ +int +haproxy_protocol_parse_tlvs(struct haproxy_protocol_tlv_info *tlv_info, + const uint8_t *buf, const int buf_len) +{ + const uint8_t *end = buf + buf_len; + const uint8_t *start = buf; + + tlv_info->gc = gc_new(); + while (buf < end && parsing_state == HAPROXY_PROTOCOL_PARSING_STATE_OK) + { + const struct haproxy_protocol_tlv *tlv = (const struct haproxy_protocol_tlv *)buf; + uint16_t tlv_len = (tlv->length_hi << 8) | tlv->length_lo; + if (buf + sizeof(*tlv) + tlv_len > end) + { + msg(M_NONFATAL, "PROXY protocol v2: TLV length exceeds buffer size"); + return -1; + } + haproxy_protocol_parse_tlv(tlv_info, tlv->type, tlv_len, tlv->value); + buf += sizeof(*tlv) + tlv_len; + } + return (int)(buf - start); +} + +/* * Parse the PROXY protocol v2 header * * @param hpi - The haproxy protocol info structure to store the parsed data. @@ -452,7 +796,9 @@ { if ((header->v2.ver_cmd & HAPROXY_PROTOCOL_V2_VER_MASK) == HAPROXY_PROTOCOL_V2_VER) { - haproxy_protocol_parse_v2(hpi); + const int pos = haproxy_protocol_parse_v2(hpi); + haproxy_protocol_parse_tlvs(&hpi->tlv, buf + pos, + header_len - pos); if (parsing_state != HAPROXY_PROTOCOL_PARSING_STATE_OK) { msg(M_DEBUG, "PROXY protocol v2: %s header", @@ -484,4 +830,5 @@ header = NULL; header_len = 0; parsing_state = HAPROXY_PROTOCOL_PARSING_STATE_OK; + gc_free(&hpi->tlv.gc); } diff --git a/src/openvpn/haproxy_protocol.h b/src/openvpn/haproxy_protocol.h index 5ffcfa5..6415bf2 100644 --- a/src/openvpn/haproxy_protocol.h +++ b/src/openvpn/haproxy_protocol.h @@ -88,6 +88,22 @@ HAPROXY_PROTOCOL_VERSION_2, } haproxy_protocol_version_t; +struct haproxy_protocol_tlv +{ + uint8_t type; + uint8_t length_hi; + uint8_t length_lo; + uint8_t value[0]; +}; + +#pragma pack(push, 1) +struct haproxy_protocol_tlv_ssl +{ + uint8_t client; + uint32_t verify; +} __attribute__((packed)); +#pragma pack(pop) + #pragma pack(push, 1) typedef union { @@ -127,12 +143,32 @@ } __attribute__((packed)) haproxy_protocol_header_t; #pragma pack(pop) +struct haproxy_protocol_tlv_info +{ + struct gc_arena gc; + + char *alpn; + char *authority; + uint8_t unique_id[HAPROXY_PROTOCOL_V2_TLV_UNIQUE_ID_MAX_LEN + 1]; + uint16_t unique_id_len; + uint8_t ssl_client; + uint32_t ssl_verify; + char *ssl_version; + char *ssl_cn; + char *ssl_cipher; + char *ssl_sig_alg; + char *ssl_key_alg; + char *netns; +}; + struct haproxy_protocol_info { haproxy_protocol_version_t version; int sock_type; struct openvpn_sockaddr src; struct openvpn_sockaddr dst; + + struct haproxy_protocol_tlv_info tlv; }; /* diff --git a/tests/unit_tests/openvpn/test_haproxy_protocol.c b/tests/unit_tests/openvpn/test_haproxy_protocol.c index 0464315..f1070ce 100644 --- a/tests/unit_tests/openvpn/test_haproxy_protocol.c +++ b/tests/unit_tests/openvpn/test_haproxy_protocol.c @@ -121,6 +121,19 @@ HP2_V4_DST_PORT, }; +static uint8_t HP2_TEST_WRONG_CRC32C[] = { + HP2_SIG, + HAPROXY_PROTOCOL_V2_VER | HAPROXY_PROTOCOL_V2_PROXY_CMD, + HAPROXY_PROTOCOL_V2_AF_INET | HAPROXY_PROTOCOL_V2_TP_STREAM, + 0x00, 0x7c, /* length */ + HP2_V4_SRC_ADDR, + HP2_V4_DST_ADDR, + HP2_V4_SRC_PORT, + HP2_V4_DST_PORT, + HP2_TLV, + 0x03, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00 /* crc32c */ +}; + static uint8_t HP2_TEST_PROXY_TCP4[] = { HP2_SIG, HAPROXY_PROTOCOL_V2_VER | HAPROXY_PROTOCOL_V2_PROXY_CMD, @@ -232,9 +245,30 @@ } static bool +compare_hpi_tlv(void **state, struct haproxy_protocol_info *actual, struct haproxy_protocol_info *expected) +{ + return strcmp(actual->tlv.alpn, expected->tlv.alpn) == 0 + && strcmp(actual->tlv.authority, expected->tlv.authority) == 0 + && actual->tlv.unique_id_len == expected->tlv.unique_id_len + && memcmp(actual->tlv.unique_id, expected->tlv.unique_id, actual->tlv.unique_id_len) == 0 + && actual->tlv.ssl_client == expected->tlv.ssl_client + && actual->tlv.ssl_verify == expected->tlv.ssl_verify + && strcmp(actual->tlv.ssl_version, expected->tlv.ssl_version) == 0 + && strcmp(actual->tlv.ssl_cn, expected->tlv.ssl_cn) == 0 + && strcmp(actual->tlv.ssl_cipher, expected->tlv.ssl_cipher) == 0 + && strcmp(actual->tlv.ssl_sig_alg, expected->tlv.ssl_sig_alg) == 0 + && strcmp(actual->tlv.ssl_key_alg, expected->tlv.ssl_key_alg) == 0 + && strcmp(actual->tlv.netns, expected->tlv.netns) == 0; +} + +static bool compare_hpi(void **state, struct haproxy_protocol_info *actual, struct haproxy_protocol_info *expected) { - return compare_hpi_basic(state, actual, expected); + if (actual->version != HAPROXY_PROTOCOL_VERSION_2) + { + return compare_hpi_basic(state, actual, expected); + } + return compare_hpi_basic(state, actual, expected) && compare_hpi_tlv(state, actual, expected); } static int @@ -305,6 +339,11 @@ memset((actual), 0, sizeof(struct haproxy_protocol_info)); assert_false(haproxy_protocol_parse(actual, HP2_TEST_LOCAL, sizeof(HP2_TEST_LOCAL))); + /* v2 wrong crc32c */ + haproxy_protocol_reset(actual); + memset((actual), 0, sizeof(struct haproxy_protocol_info)); + assert_false(haproxy_protocol_parse(actual, HP2_TEST_WRONG_CRC32C, sizeof(HP2_TEST_WRONG_CRC32C))); + /* v2 TCP4 */ haproxy_protocol_reset(actual); haproxy_protocol_reset(expected); @@ -318,6 +357,18 @@ expected->dst.addr.in4.sin_family = AF_INET; expected->dst.addr.in4.sin_port = ntohs(1195); expected->dst.addr.in4.sin_addr.s_addr = htonl(0x0a0a1401); + expected->tlv.alpn = "h23"; + expected->tlv.authority = "example.com"; + expected->tlv.unique_id_len = 15; + memcpy(expected->tlv.unique_id, "\x75\x6E\x69\x71\x75\x65\x2D\x69\x64\x2D\x76\x61\x6C\x75\x65", 15); + expected->tlv.ssl_client = HAPROXY_PROTOCOL_V2_CLIENT_SSL; + expected->tlv.ssl_verify = 0; + expected->tlv.ssl_version = "TLS1.3"; + expected->tlv.ssl_cn = "client"; + expected->tlv.ssl_cipher = "AES256"; + expected->tlv.ssl_sig_alg = "SHA256"; + expected->tlv.ssl_key_alg = "RSA2048"; + expected->tlv.netns = "netns-1"; haproxy_protocol_parse(actual, HP2_TEST_PROXY_TCP4, sizeof(HP2_TEST_PROXY_TCP4)); assert_true(compare_hpi(state, actual, expected)); @@ -334,6 +385,18 @@ expected->dst.addr.in6.sin6_family = AF_INET6; expected->dst.addr.in6.sin6_port = ntohs(1195); inet_pton(AF_INET6, "2001:db8:20::1", &expected->dst.addr.in6.sin6_addr); + expected->tlv.alpn = "h23"; + expected->tlv.authority = "example.com"; + expected->tlv.unique_id_len = 15; + memcpy(expected->tlv.unique_id, "\x75\x6E\x69\x71\x75\x65\x2D\x69\x64\x2D\x76\x61\x6C\x75\x65", 15); + expected->tlv.ssl_client = HAPROXY_PROTOCOL_V2_CLIENT_SSL; + expected->tlv.ssl_verify = 0; + expected->tlv.ssl_version = "TLS1.3"; + expected->tlv.ssl_cn = "client"; + expected->tlv.ssl_cipher = "AES256"; + expected->tlv.ssl_sig_alg = "SHA256"; + expected->tlv.ssl_key_alg = "RSA2048"; + expected->tlv.netns = "netns-1"; haproxy_protocol_parse(actual, HP2_TEST_PROXY_TCP6, sizeof(HP2_TEST_PROXY_TCP6)); assert_true(compare_hpi(state, actual, expected)); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/686?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia593f72f6baa6e16d2fd9b21b383b709682f9499 Gerrit-Change-Number: 686 Gerrit-PatchSet: 2 Gerrit-Owner: ralf_lici <r...@mandelbit.com> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: ralf_lici <r...@mandelbit.com> Gerrit-MessageType: newpatchset
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel