improve support for proxy protocol

* Add support for parsing tlv headers
* Add support for parsing network id from common
cloud providers. Note, currently only GCP is fully
supported as I couldn't test the flow on AWS, Azure
but it should be easy to add this support in the future.
* Fix bug that we didn't account for the tlv when
checking the header length
* Fix bug that tlv would have been stored as extra data
inside the address union

Change-Id: Idb68144f34bfa302c478de54eea631e6f80883f9
Signed-off-by: Roy Babayov <[email protected]>

Author: roybabayov

CMakeLists.txt

@@ -79,6 +79,8 @@ endif (USE_GSS)
 
 option(USE_MONITORING "Enable monitoring stack" ON)
 
+option(PROXY_PROTOCOL_PARSE_COMMON_NETWORK_ID "Enable parsing of common network id from haproxy TLV" OFF)
+
 option(USE_RPC_RDMA "platform supports RDMA" OFF)
 if (USE_RPC_RDMA)
   find_package(RDMA REQUIRED)
@@ -263,6 +265,7 @@ message(STATUS "USE_GSS = ${USE_GSS}")
 message(STATUS "USE_PROFILE = ${USE_PROFILE}")
 message(STATUS "USE_LTTNG_NTIRPC = ${USE_LTTNG_NTIRPC}")
 message(STATUS "USE_MONITORING = ${USE_MONITORING}")
+message(STATUS "PROXY_PROTOCOL_PARSE_COMMON_NETWORK_ID = ${PROXY_PROTOCOL_PARSE_COMMON_NETWORK_ID}")
 
 #force command line options to be stored in cache
 set(_MSPAC_SUPPORT ${_MSPAC_SUPPORT}

src/haproxy.h renamed to ntirpc/rpc/haproxy.h

@@ -23,8 +23,16 @@
  *       https://github.com/haproxy/haproxy.git
  *
  * Specifically, parts of this file: include/haproxy/connection-t.h
+ *
+ * NOTE: the definitions in this file are based on the haproxy spec in
+ * https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
  */
 
+#include "config.h"
+
+#ifndef _NTIRPC_RPC_HAPROXY_H
+#define _NTIRPC_RPC_HAPROXY_H
+
 /* proxy protocol v2 definitions */
 #define PP2_SIGNATURE "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A"
 #define PP2_SIG_UINT32 0x0d0a0d0a
@@ -42,7 +50,7 @@
 #define PP2_VERSION_MASK 0xF0
 
 #define PP2_VERSION2_CMD_LOCAL (PP2_CMD_LOCAL | PP2_VERSION)
-#define PP2_VERSIOB2_CMD_PROXY (PP2_CMD_PROXY | PP2_VERSION)
+#define PP2_VERSION2_CMD_PROXY (PP2_CMD_PROXY | PP2_VERSION)
 
 /* fam byte */
 #define PP2_TRANS_UNSPEC 0x00
@@ -82,6 +90,17 @@
 #define PP2_SUBTYPE_SSL_KEY_ALG 0x25
 #define PP2_TYPE_NETNS 0x30
 
+#define PP2_TYPE_UNSET 0x00
+
+/* Define custom PP2_TYPE by common cloud provides */
+/* https://cloud.google.com/vpc/docs/about-vpc-hosted-services#proxy-protocol */
+#define PP2_TYPE_GCP 0xE0
+#define PP2_TYPE_GCP_EXPECTED_LENGTH 8
+/* https://docs.aws.amazon.com/elasticloadbalancing/latest/network/edit-target-group-attributes.html#proxy-protocol */
+#define PP2_TYPE_AWS 0xEA
+/* https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#getting-connection-information-using-tcp-proxy-v2 */
+#define PP2_TYPE_AZURE 0xEE
+
 #define PP2_CLIENT_SSL 0x01
 #define PP2_CLIENT_CERT_CONN 0x02
 #define PP2_CLIENT_CERT_SESS 0x04
@@ -97,29 +116,38 @@ struct proxy_header_part {
 	uint16_t len; /* number of following bytes part of the header */
 };
 
-union proxy_addr {
-	struct { /* for TCP/UDP over IPv4, len = 12 */
-		uint32_t src_addr;
-		uint32_t dst_addr;
-		uint16_t src_port;
-		uint16_t dst_port;
-	} ip4;
-	struct { /* for TCP/UDP over IPv6, len = 36 */
-		uint8_t src_addr[16];
-		uint8_t dst_addr[16];
-		uint16_t src_port;
-		uint16_t dst_port;
-	} ip6;
-	struct { /* for AF_UNIX sockets, len = 216 */
-		uint8_t src_addr[108];
-		uint8_t dst_addr[108];
-	} unx;
+struct proxy_header_addr_ip4_part { /* for TCP/UDP over IPv4, len = 12 */
+	uint32_t src_addr;
+	uint32_t dst_addr;
+	uint16_t src_port;
+	uint16_t dst_port;
+};
+_Static_assert(
+	sizeof(struct proxy_header_addr_ip4_part) == PP2_ADDR_LEN_INET,
+	"proxy_header_addr_ip4_part size is not equal to PP2_ADDR_LEN_INET");
+
+struct proxy_header_addr_ip6_part { /* for TCP/UDP over IPv6, len = 36 */
+	uint8_t src_addr[16];
+	uint8_t dst_addr[16];
+	uint16_t src_port;
+	uint16_t dst_port;
+};
+_Static_assert(
+	sizeof(struct proxy_header_addr_ip6_part) == PP2_ADDR_LEN_INET6,
+	"proxy_header_addr_ip6_part size is not equal to PP2_ADDR_LEN_INET6");
+
+typedef uint8_t proxy_protocol_tlv_type;
+typedef uint16_t proxy_protocol_tlv_length;
+struct proxy_protocol_tlv_header {
+	proxy_protocol_tlv_type type;
+	proxy_protocol_tlv_length length;
+	/* value is stored in big-endian as received from socket */
+	void *value;
 };
 
-struct proxy_hdr_v2 {
-	uint8_t sig[12]; /* hex 0D 0A 0D 0A 00 0D 0A 51 55 49 54 0A */
-	struct proxy_header_part header_part;
-	union proxy_addr addr;
+struct proxy_protocol_tlv_headers {
+	uint16_t tlv_count;
+	struct proxy_protocol_tlv_header *tlvs;
 };
 
-enum xprt_stat recv_haproxy_header(SVCXPRT *xprt);
+#endif /* _NTIRPC_RPC_HAPROXY_H */

ntirpc/rpc/svc.h

@@ -294,6 +294,11 @@ struct svc_xprt {
 	struct rpc_address xp_local; /* local address, length, port */
 	struct rpc_address xp_remote; /* remote address, length, port */
 	struct rpc_address xp_proxy; /* proxy address, length, port */
+	struct proxy_protocol_tlv_headers proxy_protocol_tlv_headers;
+	/* Network id parsed from proxy protocol.
+	 * Populated only when PARSE_COMMON_NETWORK_ID flag is on
+	 */
+	struct network_id xp_remote_network_id;
 
 #if defined(HAVE_BLKIN)
 	/* blkin tracing */

ntirpc/rpc/types.h

@@ -48,14 +48,16 @@
 #include <sys/types.h>
 #include <inttypes.h>
 
+#include "haproxy.h"
+
 #if defined(_WIN32)
 
 #define __BEGIN_DECLS
 #define __END_DECLS
 
 /* integral types */
 #ifndef _MSC_VER
-#include <_bsd_types.h>		/* XXX mingw (defines u_long) */
+#include <_bsd_types.h> /* XXX mingw (defines u_long) */
 #endif
 typedef uint8_t u_char;
 typedef uint16_t u_int16_t;
@@ -77,7 +79,7 @@ struct iovec {
 };
 
 #include <winsock2.h>
-#include <ws2tcpip.h>		/* XXX mingw */
+#include <ws2tcpip.h> /* XXX mingw */
 
 #endif
 
@@ -109,107 +111,107 @@ typedef int32_t rpc_inline_t;
  * Package params support
  */
 
-#define TIRPC_GET_PARAMETERS		0
-#define TIRPC_PUT_PARAMETERS		1
-#define TIRPC_GET_DEBUG_FLAGS		2
-#define TIRPC_SET_DEBUG_FLAGS		3
-#define TIRPC_GET_OTHER_FLAGS		4
-#define TIRPC_SET_OTHER_FLAGS		5
+#define TIRPC_GET_PARAMETERS 0
+#define TIRPC_PUT_PARAMETERS 1
+#define TIRPC_GET_DEBUG_FLAGS 2
+#define TIRPC_SET_DEBUG_FLAGS 3
+#define TIRPC_GET_OTHER_FLAGS 4
+#define TIRPC_SET_OTHER_FLAGS 5
 
 /*
  * Debug flags support
  */
 
-#define TIRPC_FLAG_NONE                 0x0000000
-#define TIRPC_DEBUG_FLAG_NONE           0x0000000
-#define TIRPC_DEBUG_FLAG_ERROR          0x0000001
-#define TIRPC_DEBUG_FLAG_EVENT          0x0000002
-#define TIRPC_DEBUG_FLAG_WARN           0x0000004
-#define TIRPC_DEBUG_FLAG_LOCK           0x0000008
-#define TIRPC_DEBUG_FLAG_REFCNT         0x0000010
-#define TIRPC_DEBUG_FLAG_RBTREE         0x0000020
-#define TIRPC_DEBUG_FLAG_RPCSEC_GSS     0x0000040
-#define TIRPC_DEBUG_FLAG_AUTH           0x0000080
-#define TIRPC_DEBUG_FLAG_CLNT_DG        0x0000100
-#define TIRPC_DEBUG_FLAG_CLNT_RDMA      0x0000200
-#define TIRPC_DEBUG_FLAG_CLNT_SCTP      0x0000400
-#define TIRPC_DEBUG_FLAG_CLNT_VC        0x0000800
-#define TIRPC_DEBUG_FLAG_CLNT_BCAST     0x0001000
-#define TIRPC_DEBUG_FLAG_CLNT_RAW       0x0002000
-#define TIRPC_DEBUG_FLAG_CLNT_REQ       0x0004000
-#define TIRPC_DEBUG_FLAG_CLNT           0x0008000
-#define TIRPC_DEBUG_FLAG_SVC_DG         0x0010000
-#define TIRPC_DEBUG_FLAG_SVC_RDMA       0x0020000
-#define TIRPC_DEBUG_FLAG_SVC_SCTP       0x0040000
-#define TIRPC_DEBUG_FLAG_SVC_VC         0x0080000
-#define TIRPC_DEBUG_FLAG_SVC_RQST       0x0100000
-#define TIRPC_DEBUG_FLAG_SVC_XPRT       0x0200000
-#define TIRPC_DEBUG_FLAG_SVC            0x0400000
-#define TIRPC_DEBUG_FLAG_XDR            0x0800000
-#define TIRPC_DEBUG_FLAG_WORKER         0x1000000
-#define TIRPC_DEBUG_FLAG_RPC_MSG        0x2000000
-#define TIRPC_DEBUG_FLAG_RPC_RDMA       0x4000000
-#define TIRPC_DEBUG_FLAG_XDR_RDMA       0x8000000
+#define TIRPC_FLAG_NONE 0x0000000
+#define TIRPC_DEBUG_FLAG_NONE 0x0000000
+#define TIRPC_DEBUG_FLAG_ERROR 0x0000001
+#define TIRPC_DEBUG_FLAG_EVENT 0x0000002
+#define TIRPC_DEBUG_FLAG_WARN 0x0000004
+#define TIRPC_DEBUG_FLAG_LOCK 0x0000008
+#define TIRPC_DEBUG_FLAG_REFCNT 0x0000010
+#define TIRPC_DEBUG_FLAG_RBTREE 0x0000020
+#define TIRPC_DEBUG_FLAG_RPCSEC_GSS 0x0000040
+#define TIRPC_DEBUG_FLAG_AUTH 0x0000080
+#define TIRPC_DEBUG_FLAG_CLNT_DG 0x0000100
+#define TIRPC_DEBUG_FLAG_CLNT_RDMA 0x0000200
+#define TIRPC_DEBUG_FLAG_CLNT_SCTP 0x0000400
+#define TIRPC_DEBUG_FLAG_CLNT_VC 0x0000800
+#define TIRPC_DEBUG_FLAG_CLNT_BCAST 0x0001000
+#define TIRPC_DEBUG_FLAG_CLNT_RAW 0x0002000
+#define TIRPC_DEBUG_FLAG_CLNT_REQ 0x0004000
+#define TIRPC_DEBUG_FLAG_CLNT 0x0008000
+#define TIRPC_DEBUG_FLAG_SVC_DG 0x0010000
+#define TIRPC_DEBUG_FLAG_SVC_RDMA 0x0020000
+#define TIRPC_DEBUG_FLAG_SVC_SCTP 0x0040000
+#define TIRPC_DEBUG_FLAG_SVC_VC 0x0080000
+#define TIRPC_DEBUG_FLAG_SVC_RQST 0x0100000
+#define TIRPC_DEBUG_FLAG_SVC_XPRT 0x0200000
+#define TIRPC_DEBUG_FLAG_SVC 0x0400000
+#define TIRPC_DEBUG_FLAG_XDR 0x0800000
+#define TIRPC_DEBUG_FLAG_WORKER 0x1000000
+#define TIRPC_DEBUG_FLAG_RPC_MSG 0x2000000
+#define TIRPC_DEBUG_FLAG_RPC_RDMA 0x4000000
+#define TIRPC_DEBUG_FLAG_XDR_RDMA 0x8000000
 
 /* or symbolic names for default */
-#define TIRPC_DEBUG_FLAG_DEFAULT \
-	(TIRPC_DEBUG_FLAG_ERROR | \
-	 TIRPC_DEBUG_FLAG_EVENT | \
+#define TIRPC_DEBUG_FLAG_DEFAULT                           \
+	(TIRPC_DEBUG_FLAG_ERROR | TIRPC_DEBUG_FLAG_EVENT | \
 	 TIRPC_DEBUG_FLAG_WARN)
 
-#define TIRPC_DEBUG_FLAG_CLNT_RPCB      (TIRPC_DEBUG_FLAG_CLNT)
+#define TIRPC_DEBUG_FLAG_CLNT_RPCB (TIRPC_DEBUG_FLAG_CLNT)
 
-typedef void *(*mem_1_size_t) (size_t,
-	     const char *file, int line, const char *function);
-typedef void *(*mem_2_size_t) (size_t, size_t,
-	     const char *file, int line, const char *function);
-typedef void *(*mem_p_size_t) (void *, size_t,
-	     const char *file, int line, const char *function);
-typedef void (*mem_free_size_t) (void *, size_t);
-typedef void (*mem_format_t) (const char *fmt, ...);
-typedef void (*mem_char_t) (const char *);
+typedef void *(*mem_1_size_t)(size_t, const char *file, int line,
+			      const char *function);
+typedef void *(*mem_2_size_t)(size_t, size_t, const char *file, int line,
+			      const char *function);
+typedef void *(*mem_p_size_t)(void *, size_t, const char *file, int line,
+			      const char *function);
+typedef void (*mem_free_size_t)(void *, size_t);
+typedef void (*mem_format_t)(const char *fmt, ...);
+typedef void (*mem_char_t)(const char *);
 
 /*
  * Package params support
  */
 typedef struct tirpc_pkg_params {
 	uint32_t debug_flags;
 	uint32_t other_flags;
-	mem_char_t	thread_name_;
-	mem_format_t	warnx_;
-	mem_free_size_t	free_size_;
-	mem_1_size_t	malloc_;
-	mem_2_size_t	aligned_;
-	mem_2_size_t	calloc_;
-	mem_p_size_t	realloc_;
+	mem_char_t thread_name_;
+	mem_format_t warnx_;
+	mem_free_size_t free_size_;
+	mem_1_size_t malloc_;
+	mem_2_size_t aligned_;
+	mem_2_size_t calloc_;
+	mem_p_size_t realloc_;
 } tirpc_pkg_params;
 
 extern tirpc_pkg_params __ntirpc_pkg_params;
 
 #include <misc/abstract_atomic.h>
 
-#define __warnx(flags, ...) \
-	do {					   \
-		if (__ntirpc_pkg_params.debug_flags & (flags)) {	\
-			__ntirpc_pkg_params.warnx_(__VA_ARGS__);	\
-		}							\
+#define __warnx(flags, ...)                                      \
+	do {                                                     \
+		if (__ntirpc_pkg_params.debug_flags & (flags)) { \
+			__ntirpc_pkg_params.warnx_(__VA_ARGS__); \
+		}                                                \
 	} while (0)
 
 #define __debug_flag(flags) (__ntirpc_pkg_params.debug_flags & (flags))
 
-#define mem_alloc(size) __ntirpc_pkg_params.malloc_((size), \
-			__FILE__, __LINE__, __func__)
-#define mem_aligned(align, size) __ntirpc_pkg_params.aligned_((align), (size), \
-			__FILE__, __LINE__, __func__)
-#define mem_calloc(count, size) __ntirpc_pkg_params.calloc_((count), (size), \
-			__FILE__, __LINE__, __func__)
-#define mem_realloc(p, size) __ntirpc_pkg_params.realloc_((p), (size), \
-			__FILE__, __LINE__, __func__)
-#define mem_zalloc(size) __ntirpc_pkg_params.calloc_(1, (size), \
-			__FILE__, __LINE__, __func__)
-
-static inline void
-mem_free(void *p, size_t n)
+#define mem_alloc(size) \
+	__ntirpc_pkg_params.malloc_((size), __FILE__, __LINE__, __func__)
+#define mem_aligned(align, size)                                          \
+	__ntirpc_pkg_params.aligned_((align), (size), __FILE__, __LINE__, \
+				     __func__)
+#define mem_calloc(count, size)                                          \
+	__ntirpc_pkg_params.calloc_((count), (size), __FILE__, __LINE__, \
+				    __func__)
+#define mem_realloc(p, size) \
+	__ntirpc_pkg_params.realloc_((p), (size), __FILE__, __LINE__, __func__)
+#define mem_zalloc(size) \
+	__ntirpc_pkg_params.calloc_(1, (size), __FILE__, __LINE__, __func__)
+
+static inline void mem_free(void *p, size_t n)
 {
 	__ntirpc_pkg_params.free_size_(p, n);
 }
@@ -220,8 +222,8 @@ mem_free(void *p, size_t n)
 
 #include <string.h>
 
-static inline void *
-mem_strdup_(const char *s, const char *file, int line, const char *function)
+static inline void *mem_strdup_(const char *s, const char *file, int line,
+				const char *function)
 {
 	size_t l = strlen(s) + 1;
 	void *t = __ntirpc_pkg_params.malloc_(l, file, line, function);
@@ -256,7 +258,24 @@ struct netbuf {
 
 struct rpc_address {
 	struct netbuf nb;
-	struct sockaddr_storage ss;	/* address buffer */
+	struct sockaddr_storage ss; /* address buffer */
+};
+
+/*
+ * The network id struct is used in combination with the client address
+ * to identify the unique client.
+ * Using proxy protocol, it's possible for clients from multiple networks to connect
+ * to the server, although they have the same IP address.
+ * This means that the client IP is not enough to identify the client and the network id
+ * is needed as well.
+ */
+struct network_id {
+	/* based on proxy protocol TLV header type values */
+	uint32_t source;
+	union {
+		uint64_t gcp_psc_connection_id;
+		/* TODO: add support for more common cloud providers */
+	};
 };
 
 /*
@@ -280,4 +299,4 @@ struct __rpc_sockinfo {
 	int si_alen;
 };
 
-#endif				/* _TIRPC_TYPES_H */
+#endif /* _TIRPC_TYPES_H */