Add parsing support for PP2_TYPE_SSL

Author: kosmas-valianos

src/proxy_protocol.c

@@ -135,6 +135,7 @@ static const char *errors[] = {
     "v2 PROXY protocol header: invalid IPv6 dst IP",
     "v2 PROXY protocol header: invalid TLV vector's length",
     "v2 PROXY protocol header: invalid PP2_TYPE_CRC32C",
+    "v2 PROXY protocol header: invalid PP2_TYPE_SSL",
     "v2 PROXY protocol header: invalid PP2_TYPE_UNIQUE_ID",
     "v2 PROXY protocol header: invalid PP2_TYPE_AWS",
     "v2 PROXY protocol header: invalid PP2_TYPE_AZURE",
@@ -717,7 +718,45 @@ static int32_t ppv2_parse(uint8_t *pkt, uint32_t pktlen, pp_info_t *pp_info)
             break;
         }
         case PP2_TYPE_SSL:
+        {
+            pp2_tlv_ssl_t *pp2_tlv_ssl = (pp2_tlv_ssl_t*)pp2_tlv->value;
+            uint16_t pp2_tlvs_ssl_len = pp2_tlv_len - sizeof(pp2_tlv_ssl->client) - sizeof(pp2_tlv_ssl->verify);
+            uint16_t pp2_sub_tlv_offset = 0;
+            while (pp2_tlvs_ssl_len)
+            {
+                if (!(pp2_tlv_ssl->client & PP2_CLIENT_SSL || pp2_tlv_ssl->client & PP2_CLIENT_CERT_CONN || pp2_tlv_ssl->client & PP2_CLIENT_CERT_SESS))
+                {
+                    break;
+                }
+                pp2_tlv_t *pp2_sub_tlv_ssl = (pp2_tlv_t * )((uint8_t*) pp2_tlv_ssl->sub_tlv + pp2_sub_tlv_offset);
+                uint16_t pp2_sub_tlv_ssl_len;
+                switch (pp2_sub_tlv_ssl->type)
+                {
+                case PP2_SUBTYPE_SSL_VERSION:
+                case PP2_SUBTYPE_SSL_CN:
+                case PP2_SUBTYPE_SSL_CIPHER:
+                case PP2_SUBTYPE_SSL_SIG_ALG:
+                case PP2_SUBTYPE_SSL_KEY_ALG:
+                {
+                    pp2_sub_tlv_ssl_len = pp2_sub_tlv_ssl->length_hi << 8 | pp2_sub_tlv_ssl->length_lo;
+                    /* +1 to save it as a string */
+                    tlv_t *tlv = tlv_new(pp2_sub_tlv_ssl->type, pp2_sub_tlv_ssl_len + 1, pp2_sub_tlv_ssl->value);
+                    if (!tlv || !tlv_array_append_tlv(&pp_info->tlv_array, tlv))
+                    {
+                        return ERR_HEAP_ALLOC;
+                    }
+                    tlv->value[pp2_sub_tlv_ssl_len] = '\0';
+                    break;
+                }
+                default:
+                    return ERR_PP2_TYPE_SSL;
+                }
+
+                pp2_tlvs_ssl_len = pp2_tlvs_ssl_len - 3 - pp2_sub_tlv_ssl_len;
+                pp2_sub_tlv_offset += 3 + pp2_sub_tlv_ssl_len;
+            }
             break;
+        }
         case PP2_TYPE_AWS:
         {
             if (pp2_tlv_len < sizeof(pp2_tlv_aws_t))

src/proxy_protocol.h

@@ -36,20 +36,21 @@ enum
     ERR_PP2_IPV6_DST_IP      = -10,
     ERR_PP2_TLV_LENGTH       = -11,
     ERR_PP2_TYPE_CRC32C      = -12,
-    ERR_PP2_TYPE_UNIQUE_ID   = -13,
-    ERR_PP2_TYPE_AWS         = -14,
-    ERR_PP2_TYPE_AZURE       = -15,
-    ERR_PP1_CRLF             = -16,
-    ERR_PP1_PROXY            = -17,
-    ERR_PP1_SPACE            = -18,
-    ERR_PP1_TRANSPORT_FAMILY = -19,
-    ERR_PP1_IPV4_SRC_IP      = -20,
-    ERR_PP1_IPV4_DST_IP      = -21,
-    ERR_PP1_IPV6_SRC_IP      = -22,
-    ERR_PP1_IPV6_DST_IP      = -23,
-    ERR_PP1_SRC_PORT         = -24,
-    ERR_PP1_DST_PORT         = -25,
-    ERR_HEAP_ALLOC           = -26,
+    ERR_PP2_TYPE_SSL         = -13,
+    ERR_PP2_TYPE_UNIQUE_ID   = -14,
+    ERR_PP2_TYPE_AWS         = -15,
+    ERR_PP2_TYPE_AZURE       = -16,
+    ERR_PP1_CRLF             = -17,
+    ERR_PP1_PROXY            = -18,
+    ERR_PP1_SPACE            = -19,
+    ERR_PP1_TRANSPORT_FAMILY = -20,
+    ERR_PP1_IPV4_SRC_IP      = -21,
+    ERR_PP1_IPV4_DST_IP      = -22,
+    ERR_PP1_IPV6_SRC_IP      = -23,
+    ERR_PP1_IPV6_DST_IP      = -24,
+    ERR_PP1_SRC_PORT         = -25,
+    ERR_PP1_DST_PORT         = -26,
+    ERR_HEAP_ALLOC           = -27,
 };
 
 /* Type-Length-Value (TLV vectors) */
@@ -69,7 +70,7 @@ enum
 #define PP2_TYPE_AWS            0xEA
 #define PP2_TYPE_AZURE          0xEE
 
-/* PP2_TYPE_SSL subtypes */
+/* PP2_TYPE_SSL <client> bit field  */
 #define PP2_CLIENT_SSL           0x01
 #define PP2_CLIENT_CERT_CONN     0x02
 #define PP2_CLIENT_CERT_SESS     0x04