diff --git a/include/haproxy/tools.h b/include/haproxy/tools.h index f786e1a47..320646a5d 100644 --- a/include/haproxy/tools.h +++ b/include/haproxy/tools.h @@ -491,7 +491,7 @@ unsigned int inetaddr_host_lim_ret(char *text, char *stop, char **ret); const char *hash_anon(uint32_t scramble, const char *string2hash, const char *prefix, const char *suffix); /* Function that hashes or not an ip according to the ipstring entered */ -const char * hash_ipanon(uint32_t scramble, char *ipstring); +const char * hash_ipanon(uint32_t scramble, char *ipstring, int hasport); static inline char *cut_crlf(char *s) { diff --git a/src/cfgparse.c b/src/cfgparse.c index 352953fb7..e6a6d30de 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -1964,7 +1964,7 @@ next_line: qfprintf(stdout, "%s %s ", args[0], args[1]); if (arg > 1) { - qfprintf(stdout, "%s ", args[2]); + qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1)); if (arg > 2) { qfprintf(stdout, "[...]\n"); @@ -2000,7 +2000,7 @@ next_line: else if (strcmp(args[0], "bind") == 0) { qfprintf(stdout, "%s ", args[0]); - qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1])); + qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1], 1)); if (arg > 2) { qfprintf(stdout, "[...]\n"); } @@ -2019,7 +2019,7 @@ next_line: qfprintf(stdout, "%s ", HA_ANON_ID(g_key, args[1])); } if (arg > 2) { - qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2])); + qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1)); } if (arg > 3) { qfprintf(stdout, "[...]\n"); @@ -2060,7 +2060,7 @@ next_line: qfprintf(stdout, "%s ", args[1]); } else { - qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1])); + qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1], 1)); } if (arg > 2) { qfprintf(stdout, "[...]"); @@ -2070,7 +2070,7 @@ next_line: else if (strcmp(args[0], "peer") == 0) { qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1])); - qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2])); + qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1)); if (arg > 3) { qfprintf(stdout, "[...]"); diff --git a/src/tools.c b/src/tools.c index f697eaccb..53958a996 100644 --- a/src/tools.c +++ b/src/tools.c @@ -77,7 +77,7 @@ extern void *__elf_aux_vector; #define RET0_UNLESS(__x) do { if (!(__x)) return 0; } while (0) /* Define the number of line of hash_word */ -#define NB_L_HASH_WORD 7 +#define NB_L_HASH_WORD 15 /* enough to store NB_ITOA_STR integers of : * 2^64-1 = 18446744073709551615 or @@ -5876,11 +5876,14 @@ const char *hash_anon(uint32_t scramble, const char *string2hash, const char *pr /* This function hashes or not an ip address ipstring, scramble is the anonymizing * key, returns the hashed ip with his port or ipstring when there is nothing to hash. + * Put hasport equal 0 to point out ipstring has no port, else put an other int. + * Without port, return a simple hash or ipstring. */ -const char *hash_ipanon(uint32_t scramble, char *ipstring) +const char *hash_ipanon(uint32_t scramble, char *ipstring, int hasport) { char *errmsg = NULL; struct sockaddr_storage *sa; + struct sockaddr_storage ss; char addr[46]; int port; @@ -5889,57 +5892,72 @@ const char *hash_ipanon(uint32_t scramble, char *ipstring) index_hash = 0; } - if (strncmp(ipstring, "localhost", 1) == 0) { + if (scramble == 0) { + return ipstring; + } + if (strcmp(ipstring, "localhost") == 0) { return ipstring; } else { - sa = str2sa_range(ipstring, NULL, NULL, NULL, NULL, NULL, &errmsg, NULL, NULL, - PA_O_PORT_OK | PA_O_STREAM | PA_O_XPRT | PA_O_CONNECT | PA_O_PORT_RANGE); - if (sa == NULL) { - return ipstring; + if (hasport == 0) { + memset(&ss, 0, sizeof(ss)); + if (str2ip2(ipstring, &ss, 1) == NULL) { + return HA_ANON_STR(scramble, ipstring); + } + sa = &ss; } else { - addr_to_str(sa, addr, sizeof(addr)); - port = get_host_port(sa); - - switch(sa->ss_family) { - case AF_INET: - if (strncmp(addr, "127", 3) == 0 || strncmp(addr, "255", 3) == 0 || strncmp(addr, "0", 1) == 0) { - return ipstring; - } - else { - if (port != 0) { - snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port); - return hash_word[index_hash]; - } - else { - snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x)", HA_ANON(scramble, addr, strlen(addr))); - return hash_word[index_hash]; - } - } - break; - - case AF_INET6: - if (strcmp(addr, "::1") == 0) { - return ipstring; - } - else { - if (port != 0) { - snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port); - return hash_word[index_hash]; - } - else { - snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x)", HA_ANON(scramble, addr, strlen(addr))); - return hash_word[index_hash]; - } - } - break; - - default: - return ipstring; - break; - }; + sa = str2sa_range(ipstring, NULL, NULL, NULL, NULL, NULL, &errmsg, NULL, NULL, + PA_O_PORT_OK | PA_O_STREAM | PA_O_XPRT | PA_O_CONNECT | + PA_O_PORT_RANGE | PA_O_RESOLVE); + if (sa == NULL) { + return HA_ANON_STR(scramble, ipstring); + } } + addr_to_str(sa, addr, sizeof(addr)); + port = get_host_port(sa); + + switch(sa->ss_family) { + case AF_INET: + if (strncmp(addr, "127", 3) == 0 || strncmp(addr, "255", 3) == 0 || strncmp(addr, "0", 1) == 0) { + return ipstring; + } + else { + if (port != 0) { + snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port); + return hash_word[index_hash]; + } + else { + snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV4(%06x)", HA_ANON(scramble, addr, strlen(addr))); + return hash_word[index_hash]; + } + } + break; + + case AF_INET6: + if (strcmp(addr, "::1") == 0) { + return ipstring; + } + else { + if (port != 0) { + snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x):%d", HA_ANON(scramble, addr, strlen(addr)), port); + return hash_word[index_hash]; + } + else { + snprintf(hash_word[index_hash], sizeof(hash_word[index_hash]), "IPV6(%06x)", HA_ANON(scramble, addr, strlen(addr))); + return hash_word[index_hash]; + } + } + break; + + case AF_UNIX: + return HA_ANON_STR(scramble, ipstring); + break; + + default: + return ipstring; + break; + }; } return ipstring; }