ADMIN: dyncookie: implement a simple dynamic cookie calculator

This utility can be useful to figure what cookie value a server will have based on the secret, its IP and its port.
2021-08-11 13:54:52 +02:00 · 2021-08-11 13:54:52 +02:00 · 6807c7f6e1
commit 6807c7f6e1
parent 13f2e2ceeb
3 changed files with 60 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -40,6 +40,7 @@
 *.bak
 # And reject some specific files
 /admin/halog/halog
+/admin/dyncookie/dyncookie
 /admin/iprange/ip6range
 /admin/iprange/iprange
 /admin/systemd/haproxy.service
--- a/4
+++ b/4
@ -937,6 +937,9 @@ objsize: haproxy
 admin/halog/halog: admin/halog/halog.o admin/halog/fgets2.o src/ebtree.o src/eb32tree.o src/eb64tree.o src/ebmbtree.o src/ebsttree.o src/ebistree.o src/ebimtree.o
 	$(cmd_LD) $(LDFLAGS) -o $@ $^ $(LDOPTS)

+admin/dyncookie/dyncookie: admin/dyncookie/dyncookie.o
+	$(cmd_LD) $(LDFLAGS) -o $@ $^ $(LDOPTS)
+
 dev/flags/flags: dev/flags/flags.o
 	$(cmd_LD) $(LDFLAGS) -o $@ $^ $(LDOPTS)

@ -1012,6 +1015,7 @@ clean:
 	$(Q)rm -f addons/wurfl/*.[oas] addons/wurfl/dummy/*.[oas]
 	$(Q)rm -f admin/*/*.[oas] admin/*/*/*.[oas]
 	$(Q)rm -f admin/iprange/iprange admin/iprange/ip6range admin/halog/halog
+	$(Q)rm -f admin/dyncookie/dyncookie
 	$(Q)rm -f dev/*/*.[oas]
 	$(Q)rm -f dev/flags/flags dev/poll/poll dev/tcploop/tcploop
 	$(Q)rm -f dev/hpack/decode dev/hpack/gen-enc dev/hpack/gen-rht
--- a/admin/dyncookie/dyncookie.c
+++ b/admin/dyncookie/dyncookie.c
@ -0,0 +1,55 @@
+/*
+ * Dynamic server cookie calculator
+ *
+ * Copyright 2021 Willy Tarreau <w@1wt.eu>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <arpa/inet.h>
+#include <import/xxhash.h>
+
+__attribute__((noreturn)) void die(int code, const char *format, ...)
+{
+	va_list args;
+
+	va_start(args, format);
+	vfprintf(stderr, format, args);
+	va_end(args);
+	exit(code);
+}
+
+int main(int argc, char **argv)
+{
+	size_t key_len;
+	int addr_len;
+	char *buf;
+	int port;
+
+	if (argc < 4)
+		die(1, "Usage: %s <key> <ip> <port>\n", argv[0]);
+
+	key_len = strlen(argv[1]);
+	buf = realloc(strdup(argv[1]), key_len + 16 + 4);
+	if (!buf)
+		die(2, "Not enough memory\n");
+
+	if (inet_pton(AF_INET, argv[2], buf + key_len) > 0)
+		addr_len = 4;
+	else if (inet_pton(AF_INET6, argv[2], buf + key_len) > 0)
+		addr_len = 16;
+	else
+		die(3, "Cannot parse address <%s> as IPv4/IPv6\n", argv[2]);
+
+	port = htonl(atoi(argv[3]));
+	memcpy(buf + key_len + addr_len, &port, 4);
+	printf("%016llx\n", (long long)XXH64(buf, key_len + addr_len + 4, 0));
+	return 0;
+}