Add support for alignment, padding using a NOOP TLV when creating v2 header

kosmas-valianos · kosmas-valianos · commit e075081a46ac · 2022-04-01T00:29:11.000+02:00
diff --git a/src/proxy_protocol.c b/src/proxy_protocol.c
@@ -644,6 +644,7 @@ uint8_t *pp2_create_hdr(const pp_info_t *pp_info, uint16_t *pp2_hdr_len, int32_t
     /* Calculate the total length */
     uint16_t len = proxy_addr_len;
     const tlv_array_t *tlv_array = &pp_info->pp2_info.tlv_array;
+    uint16_t padding_bytes = 0;
     uint32_t i;
     for (i = 0; i < tlv_array->len; i++)
     {
@@ -654,10 +655,20 @@ uint8_t *pp2_create_hdr(const pp_info_t *pp_info, uint16_t *pp2_hdr_len, int32_t
     {
         len += sizeof_pp2_tlv_t + sizeof(uint32_t);
     }
+    *pp2_hdr_len = sizeof(proxy_hdr_v2_t) + len;
+    if (pp_info->pp2_info.align_padding > 1)
+    {
+        uint16_t pow = 1 << pp_info->pp2_info.align_padding;
+        if (*pp2_hdr_len % pow)
+        {
+            padding_bytes = (*pp2_hdr_len - sizeof_pp2_tlv_t) % pow;
+            len += sizeof_pp2_tlv_t + padding_bytes;
+            *pp2_hdr_len = sizeof(proxy_hdr_v2_t) + len;
+        }
+    }
     proxy_hdr_v2.len = htons(len);
 
     /* Create the PROXY protocol header */
-    *pp2_hdr_len = sizeof(proxy_hdr_v2_t) + len;
     uint8_t *pp2_hdr = malloc(*pp2_hdr_len);
     if (!pp2_hdr)
     {
@@ -677,6 +688,18 @@ uint8_t *pp2_create_hdr(const pp_info_t *pp_info, uint16_t *pp2_hdr_len, int32_t
         memcpy(pp2_hdr + index, tlv_array->tlvs[i], tlv_len);
         index += tlv_len;
     }
+    if (pp_info->pp2_info.align_padding > 1)
+    {
+        pp2_tlv_t tlv = {
+            .type = PP2_TYPE_NOOP,
+            .length_hi = padding_bytes >> 8,
+            .length_lo = padding_bytes & 0x00ff
+        };
+        memcpy(pp2_hdr + index, &tlv, sizeof_pp2_tlv_t);
+        index += sizeof_pp2_tlv_t;
+        memset(pp2_hdr + index, 0, padding_bytes);
+        index += padding_bytes;
+    }
     if (pp_info->pp2_info.crc32c)
     {
         pp2_tlv_t tlv = { .type = PP2_TYPE_CRC32C, .length_lo = sizeof(uint32_t) };
diff --git a/src/proxy_protocol.h b/src/proxy_protocol.h
@@ -80,7 +80,16 @@ typedef struct
 
 typedef struct
 {
-    uint8_t        local; /* 1: LOCAL 0: PROXY */
+    uint8_t local;  /* 1: LOCAL 0: PROXY */
+    /*
+     * In creation
+     *      > 1: The power of 2 in which the header will be aligned using a NOOP TLV.
+     *           Example: 2 => 2^2 => 4 => Append enough bytes to the header using the NOOP TLV so that size_of_hdr % 4 becomes 0
+     *      <= 1: No alignment, padding
+     * In parsing:
+     *      Ignored
+     */
+    uint8_t        align_padding;
     pp2_ssl_info_t pp2_ssl_info;
     tlv_array_t    tlv_array;
     /*
diff --git a/tests/test.c b/tests/test.c
@@ -423,7 +423,7 @@ int main()
             .pp_info_out_expected = tests[8].pp_info_in,
         },
         {
-            .name = "v2 PROXY protocol header: create and parse - PROXY, TCP over IPv4. TLVs: "
+            .name = "v2 PROXY protocol header: create and parse - PROXY, TCP over IPv4. Aligned, padded. TLVs: "
                     "PP2_TYPE_SSL, PP2_SUBTYPE_SSL_VERSION, PP2_SUBTYPE_SSL_CN, PP2_SUBTYPE_SSL_CIPHER,"
                     "PP2_SUBTYPE_SSL_SIG_ALG, PP2_SUBTYPE_SSL_KEY_ALG, PP2_TYPE_AWS(PP2_SUBTYPE_AWS_VPCE_ID), PP2_TYPE_CRC32C",
             .version = 2,
@@ -435,13 +435,14 @@ int main()
                 .src_port = 42332,
                 .dst_port = 8080,
                 .pp2_info = {
-                    .crc32c = 1,
+                    .align_padding = 2,
                     .pp2_ssl_info = {
                         .ssl = 1,
                         .cert_in_connection = 1,
                         .cert_in_session = 1,
                         .cert_verified = 1,
-                    }
+                    },
+                    .crc32c = 1
                 }
             },
             .add_tlvs = {
@@ -452,9 +453,8 @@ int main()
                 },
                 {
                     .type = PP2_SUBTYPE_SSL_CN,
-                    .value_len = 11,
-                    /* example.com */
-                    .value = (uint8_t*) "\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d"
+                    .value_len = 18,
+                    .value = (uint8_t*) "proxy-protocol.com"
                 },
                 {
                     .type = PP2_SUBTYPE_SSL_CIPHER,
@@ -480,7 +480,7 @@ int main()
                 {
                     .type = PP2_TYPE_CRC32C,
                     .value_len = 4,
-                    .value = (uint8_t*) "\x72\x45\x29\xd8"
+                    .value = (uint8_t*) "\x75\x40\xf1\x2f"
                 },
             },
             .pp_info_out_expected = tests[9].pp_info_in,
@@ -516,8 +516,7 @@ int main()
                 {
                     .type = PP2_SUBTYPE_SSL_CN,
                     .value_len = 11,
-                    /* example.com */
-                    .value = (uint8_t*) "\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d"
+                    .value = (uint8_t*) "example.com"
                 },
                 {
                     .type = PP2_SUBTYPE_SSL_CIPHER,
@@ -561,6 +560,7 @@ int main()
         else
         {
             uint16_t pp_hdr_len;
+            uint16_t pow = 1 << tests[i].pp_info_in.pp2_info.align_padding;
             int32_t error;
 
             if (tests[i].add_tlvs[0].type)
@@ -576,7 +576,9 @@ int main()
 
             uint8_t *pp_hdr = pp_create_hdr(tests[i].version, &tests[i].pp_info_in, &pp_hdr_len, &error);
             pp_info_clear(&tests[i].pp_info_in);
-            if (!pp_hdr || error != ERR_NULL)
+            if (!pp_hdr
+                || error != ERR_NULL
+                || (pow > 1 && pp_hdr_len % pow))
             {
                 printf("FAILED\n");
                 pp_info_clear(&pp_info_out);
