40 #define XFF_CHAIN_MINLEN 7
42 #define XFF_CHAIN_MAXLEN 256
44 #define XFF_DEFAULT "X-Forwarded-For"
53 static int ParseXFFString(
char *input,
char *output,
int output_size)
55 size_t len = strlen(input);
59 if (input[0] ==
'[') {
60 char *end = strchr(input,
']');
64 if (end != input+(
len - 1)) {
86 if (d == 3 && c == 1) {
88 char *x = strchr(input,
':');
101 if (inet_pton(AF_INET, input, ip) == 1 ||
102 inet_pton(AF_INET6, input, ip) == 1)
104 strlcpy(output, input, output_size);
117 char *dstbuf,
int dstbuflen)
122 uint64_t total_txs = 0;
123 uint8_t *p_xff = NULL;
125 htp_state = (
HtpState *)FlowGetAppState(f);
127 if (htp_state == NULL) {
128 SCLogDebug(
"no http state, XFF IP cannot be retrieved");
133 if (tx_id >= total_txs)
138 SCLogDebug(
"tx is NULL, XFF cannot be retrieved");
167 return ParseXFFString((
char *)p_xff, dstbuf, dstbuflen);
181 uint64_t total_txs = 0;
183 htp_state = (
HtpState *)FlowGetAppState(f);
184 if (htp_state == NULL) {
185 SCLogDebug(
"no http state, XFF IP cannot be retrieved");
190 for (; tx_id < total_txs; tx_id++) {
214 if (xff_mode != NULL && strcasecmp(xff_mode,
"overwrite") == 0) {
217 if (xff_mode == NULL) {
218 SCLogWarning(
"The XFF mode hasn't been defined, falling back to extra-data mode");
220 else if (strcasecmp(xff_mode,
"extra-data") != 0) {
222 "The XFF mode %s is invalid, falling back to extra-data mode", xff_mode);
229 if (xff_deployment != NULL && strcasecmp(xff_deployment,
"forward") == 0) {
232 if (xff_deployment == NULL) {
233 SCLogWarning(
"The XFF deployment hasn't been defined, falling back to reverse "
236 else if (strcasecmp(xff_deployment,
"reverse") != 0) {
237 SCLogWarning(
"The XFF mode %s is invalid, falling back to reverse proxy deployment",
245 if (xff_header != NULL) {
246 result->
header = (
char *) xff_header;
259 static int XFFTest01(
void) {
260 char input[] =
"1.2.3.4:5678";
262 int r = ParseXFFString(input, output,
sizeof(output));
263 FAIL_IF_NOT(r == 1 && strcmp(output,
"1.2.3.4") == 0);
267 static int XFFTest02(
void) {
268 char input[] =
"[12::34]:1234";
270 int r = ParseXFFString(input, output,
sizeof(output));
271 FAIL_IF_NOT(r == 1 && strcmp(output,
"12::34") == 0);
275 static int XFFTest03(
void) {
276 char input[] =
"[2a03:2880:1010:3f02:face:b00c:0:2]:80";
278 int r = ParseXFFString(input, output,
sizeof(output));
279 FAIL_IF_NOT(r == 1 && strcmp(output,
"2a03:2880:1010:3f02:face:b00c:0:2") == 0);
283 static int XFFTest04(
void) {
284 char input[] =
"[2a03:2880:1010:3f02:face:b00c:0:2]";
286 int r = ParseXFFString(input, output,
sizeof(output));
287 FAIL_IF_NOT(r == 1 && strcmp(output,
"2a03:2880:1010:3f02:face:b00c:0:2") == 0);
291 static int XFFTest05(
void) {
292 char input[] =
"[::ffff:1.2.3.4]:1234";
294 int r = ParseXFFString(input, output,
sizeof(output));
295 FAIL_IF_NOT(r == 1 && strcmp(output,
"::ffff:1.2.3.4") == 0);
299 static int XFFTest06(
void) {
300 char input[] =
"12::34";
302 int r = ParseXFFString(input, output,
sizeof(output));
303 FAIL_IF_NOT(r == 1 && strcmp(output,
"12::34") == 0);
307 static int XFFTest07(
void) {
308 char input[] =
"1.2.3.4";
310 int r = ParseXFFString(input, output,
sizeof(output));
311 FAIL_IF_NOT(r == 1 && strcmp(output,
"1.2.3.4") == 0);
315 static int XFFTest08(
void) {
316 char input[] =
"[1.2.3.4:1234";
318 int r = ParseXFFString(input, output,
sizeof(output));
323 static int XFFTest09(
void) {
324 char input[] =
"999.999.999.999:1234";
326 int r = ParseXFFString(input, output,
sizeof(output));