nghttpx: Allow user to specify static obfuscated value via command-line

This commit is contained in:
Tatsuhiro Tsujikawa 2016-01-15 23:18:27 +09:00
parent 5c3f74b424
commit d678c07ddf
4 changed files with 33 additions and 6 deletions

View File

@ -2576,7 +2576,8 @@ int main(int argc, char **argv) {
} }
} }
if (get_config()->forwarded_by_node_type == FORWARDED_NODE_OBFUSCATED) { if (get_config()->forwarded_by_node_type == FORWARDED_NODE_OBFUSCATED &&
get_config()->forwarded_by_obfuscated.empty()) {
std::random_device rd; std::random_device rd;
std::mt19937 gen(rd()); std::mt19937 gen(rd());
auto &dst = mod_config()->forwarded_by_obfuscated; auto &dst = mod_config()->forwarded_by_obfuscated;

View File

@ -406,9 +406,13 @@ ClientHandler::ClientHandler(Worker *worker, int fd, SSL *ssl,
if ((get_config()->forwarded_params & FORWARDED_FOR) && if ((get_config()->forwarded_params & FORWARDED_FOR) &&
get_config()->forwarded_for_node_type == FORWARDED_NODE_OBFUSCATED) { get_config()->forwarded_for_node_type == FORWARDED_NODE_OBFUSCATED) {
if (get_config()->forwarded_for_obfuscated.empty()) {
forwarded_for_obfuscated_ = "_"; forwarded_for_obfuscated_ = "_";
forwarded_for_obfuscated_ += util::random_alpha_digit( forwarded_for_obfuscated_ += util::random_alpha_digit(
worker_->get_randgen(), SHRPX_OBFUSCATED_NODE_LENGTH); worker_->get_randgen(), SHRPX_OBFUSCATED_NODE_LENGTH);
} else {
forwarded_for_obfuscated_ = get_config()->forwarded_for_obfuscated;
}
} }
} }

View File

@ -638,7 +638,18 @@ int parse_forwarded_node_type(const std::string &optarg) {
return FORWARDED_NODE_IP; return FORWARDED_NODE_IP;
} }
if (optarg.size() < 2 || optarg[0] != '_') {
return -1; return -1;
}
if (std::find_if_not(std::begin(optarg), std::end(optarg), [](char c) {
return util::is_alpha(c) || util::is_digit(c) || c == '.' || c == '_' ||
c == '-';
}) != std::end(optarg)) {
return -1;
}
return FORWARDED_NODE_OBFUSCATED;
} }
} // namespace } // namespace
@ -2083,7 +2094,8 @@ int parse_config(const char *opt, const char *optarg,
auto type = parse_forwarded_node_type(optarg); auto type = parse_forwarded_node_type(optarg);
if (type == -1) { if (type == -1) {
LOG(ERROR) << opt << ": unknown node type " << optarg; LOG(ERROR) << opt << ": unknown node type or illegal obfuscated string "
<< optarg;
return -1; return -1;
} }
@ -2091,10 +2103,16 @@ int parse_config(const char *opt, const char *optarg,
case SHRPX_OPTID_FORWARDED_BY: case SHRPX_OPTID_FORWARDED_BY:
mod_config()->forwarded_by_node_type = mod_config()->forwarded_by_node_type =
static_cast<shrpx_forwarded_node_type>(type); static_cast<shrpx_forwarded_node_type>(type);
if (optarg[0] == '_') {
mod_config()->forwarded_by_obfuscated = optarg;
}
break; break;
case SHRPX_OPTID_FORWARDED_FOR: case SHRPX_OPTID_FORWARDED_FOR:
mod_config()->forwarded_for_node_type = mod_config()->forwarded_for_node_type =
static_cast<shrpx_forwarded_node_type>(type); static_cast<shrpx_forwarded_node_type>(type);
if (optarg[0] == '_') {
mod_config()->forwarded_for_obfuscated = optarg;
}
break; break;
} }

View File

@ -306,6 +306,10 @@ struct Config {
// obfuscated value used in "by" parameter of Forwarded header // obfuscated value used in "by" parameter of Forwarded header
// field. // field.
std::string forwarded_by_obfuscated; std::string forwarded_by_obfuscated;
// obfuscated value used in "for" parameter of Forwarded header
// field. This is only used when user defined static obfuscated
// string is provided.
std::string forwarded_for_obfuscated;
std::chrono::seconds tls_session_timeout; std::chrono::seconds tls_session_timeout;
ev_tstamp http2_upstream_read_timeout; ev_tstamp http2_upstream_read_timeout;
ev_tstamp upstream_read_timeout; ev_tstamp upstream_read_timeout;