Merge pull request #11 from kosmas-valianos/AddTLVsInCreation

Add support for adding TLVs when creating v2 PROXY protocol headers

Author: kosmas-valianos

examples/client_server.c

@@ -1,5 +1,6 @@
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #ifdef _WIN32
     #include <ws2tcpip.h>
     #pragma comment(lib, "ws2_32.lib")
@@ -11,28 +12,31 @@
 
 int main()
 {
-    // Create a v1 PROXY protocol header
-    pp_info_t pp_info_in = {
+    /* Create a v1 PROXY protocol header */
+    pp_info_t pp_info_in_v1 = {
+        .address_family = ADDR_FAMILY_INET,
+        .transport_protocol = TRANSPORT_PROTOCOL_STREAM,
         .src_addr = "172.22.32.1",
         .dst_addr = "172.22.33.1",
         .src_port = 4040,
         .dst_port = 443
     };
-    uint32_t pp1_hdr_len;
+    uint16_t pp1_hdr_len;
     uint32_t error;
-    uint8_t *pp1_hdr = pp_create_hdr(1, AF_INET, &pp_info_in, &pp1_hdr_len, &error);
-    if (!pp1_hdr)
+    uint8_t *pp1_hdr = pp_create_hdr(1, &pp_info_in_v1, &pp1_hdr_len, &error);
+    /* Clear the pp_info passed in pp_create_hdr(). Not really needed for v1 but good to do out of principle */
+    pp_info_clear(&pp_info_in_v1);
+    if (error != ERR_NULL)
     {
         fprintf(stderr, "pp_create_hdr() failed: %s", pp_strerror(error));
-        free(pp1_hdr);
         return EXIT_FAILURE;
     }
 
-    // Parse
+    /* Parse a v1 PROXY protocol header */
     pp_info_t pp_info_out;
     int32_t rc = pp_parse_hdr(pp1_hdr, pp1_hdr_len, &pp_info_out);
     free(pp1_hdr);
-    if (rc == 0)
+    if (!rc)
     {
         printf("Not a PROXY protocol header\n");
     }
@@ -49,34 +53,44 @@ int main()
             pp_info_out.src_addr, pp_info_out.dst_addr,
             pp_info_out.src_port, pp_info_out.dst_port);
     }
+    /* ALWAYS clear the pp_info after a call to pp_parse_hdr() */
     pp_info_clear(&pp_info_out);
 
-    // Parse
-    uint8_t pp2_hdr_vpce[] = {
-            0x0d, 0x0a, 0x0d, 0x0a, /* Start of v2 signature */
-            0x00, 0x0d, 0x0a, 0x51,
-            0x55, 0x49, 0x54, 0x0a, /* End of v2 signature */
-            0x21, 0x11, 0x00, 0x40, /* ver_cmd, fam and len */
-            0xc0, 0xa8, 0x0a, 0x64, /* Source IP */
-            0xc0, 0xa8, 0x0b, 0x5a, /* Destination IP */
-            0xa5, 0x5c, 0x1f, 0x90, /* Source port, Destination port */
-            0x03, 0x00, 0x04, 0xe5, /* CRC32C TLV start */
-            0x18, 0x86, 0xf8, 0xea, /* CRC32C TLV end, AWS VPCE ID TLV start */
-            0x00, 0x17, 0x01, 0x76,
-            0x70, 0x63, 0x65, 0x2d,
-            0x32, 0x33, 0x64, 0x38,
-            0x65, 0x7a, 0x6a, 0x6b,
-            0x33, 0x38, 0x62, 0x63,
-            0x68, 0x69, 0x6c, 0x6d,
-            0x34, 0x04, 0x00, 0x10, /* AWS VPCE ID TLV end, NOOP TLV start */
-            0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, /* NOOP TLV end */
+    /* Create a v2 PROXY protocol header with some TLVs */
+    pp_info_t pp_info_in_v2 = {
+        .address_family = ADDR_FAMILY_INET,
+        .transport_protocol = TRANSPORT_PROTOCOL_STREAM,
+        .src_addr = "192.168.10.100",
+        .dst_addr = "192.168.11.90",
+        .src_port = 42332,
+        .dst_port = 8080,
+        .pp2_info = {
+            .crc32c = 1,        /* Add crc32c checksum */
+            .pp2_ssl_info = {   /* Add SSL information */
+                .ssl = 1,
+                .cert_in_connection = 1,
+                .cert_in_session = 1,
+                .cert_verified = 1,
+            }
+        }
     };
+    /* Add SSL TLVs */
+    pp_info_add_ssl(&pp_info_in_v2, "TLSv1.2", "ECDHE-RSA-AES128-GCM-SHA256", "SHA256", "RSA2048", "example.com", 11);
+    /* Add Azure Link ID TLV */
+    pp_info_add_azure_linkid(&pp_info_in_v2, 1234);
+    uint8_t *pp2_hdr = pp_create_hdr(2, &pp_info_in_v2, &pp1_hdr_len, &error);
+    /* IMPORTANT: Clear the pp_info passed in pp_create_hdr() because TLVs were created. Otherwise memory will be leaked */
+    pp_info_clear(&pp_info_in_v2);
+    if (error != ERR_NULL)
+    {
+        fprintf(stderr, "pp_create_hdr() failed: %s", pp_strerror(error));
+        return EXIT_FAILURE;
+    }
 
-    rc = pp_parse_hdr(pp2_hdr_vpce, sizeof(pp2_hdr_vpce), &pp_info_out);
-    if (rc == 0)
+    /* Parse a v2 PROXY protocol header */
+    rc = pp_parse_hdr(pp2_hdr, pp1_hdr_len, &pp_info_out);
+    free(pp2_hdr);
+    if (!rc)
     {
         printf("Not a PROXY protocol header\n");
     }
@@ -88,13 +102,31 @@ int main()
     }
     else
     {
-        uint16_t tlv_value_len;
-        char *vpc_id = pp_info_get_tlv_value(&pp_info_out, PP2_TYPE_AWS, PP2_SUBTYPE_AWS_VPCE_ID, &tlv_value_len);
-        printf("%d bytes PROXY protocol header:  AWS VPC ID: %s. %s %s %hu %hu\n",
-            rc, vpc_id,
+        uint16_t length, cn_length;
+        const uint8_t *azure_linkid = pp_info_get_azure_linkid(&pp_info_out, &length);
+        uint32_t linkid;
+        memcpy(&linkid, azure_linkid, length);
+        const uint8_t *cn = pp_info_get_ssl_cn(&pp_info_out, &cn_length);
+        printf("%d bytes PROXY protocol header:\n"
+               "\tAzure Link ID: %u\n"
+               "\tCRC32C checksum: %s\n"
+               "\tSSL version: %s\n"
+               "\tSSL cipher: %s\n"
+               "\tSSL sig_alg: %s\n"
+               "\tSSL key_alg: %s\n"
+               "\tSSL CN: %.*s\n"
+               "%s %s %hu %hu\n",
+            rc, linkid,
+            pp_info_out.pp2_info.crc32c == 1 ? "verified" : "not present",
+            pp_info_get_ssl_version(&pp_info_out, &length),
+            pp_info_get_ssl_cipher(&pp_info_out, &length),
+            pp_info_get_ssl_sig_alg(&pp_info_out, &length),
+            pp_info_get_ssl_key_alg(&pp_info_out, &length),
+            cn_length, cn,
             pp_info_out.src_addr, pp_info_out.dst_addr,
             pp_info_out.src_port, pp_info_out.dst_port);
     }
+    /* ALWAYS clear the pp_info after a call to pp_parse_hdr() */
     pp_info_clear(&pp_info_out);
 
     return EXIT_SUCCESS;