//! Decrement iterator.
void decrement()
{
if (! m_before_the_beginning) {
if (m_past_the_end) {
m_node = ib_list_last_const(m_list);
m_past_the_end = false;
}
else if (m_node->prev) {
m_node = m_node->prev;
}
else {
m_node = NULL;
m_before_the_beginning = true;
}
}
}
/**
* Handle request_header events for remote IP extraction.
*
* Extract the "request_headers" field (a list) from the transactions's
* data provider instance, then loop through the list, looking for the
* "X-Forwarded-For" field. If found, the first value in the (comma
* separated) list replaces the local ip address string in the connection
* object.
*
* @param[in] ib IronBee object
* @param[in,out] tx Transaction object
* @param[in] event Event type
* @param[in] cbdata Callback data (not used)
*
* @returns Status code
*/
static ib_status_t modua_remoteip(ib_engine_t *ib,
ib_tx_t *tx,
ib_state_event_type_t event,
void *cbdata)
{
assert(ib != NULL);
assert(tx != NULL);
assert(tx->data != NULL);
assert(event == request_header_finished_event);
ib_field_t *field = NULL;
ib_status_t rc = IB_OK;
const ib_bytestr_t *bs;
const uint8_t *data;
size_t len;
char *buf;
uint8_t *comma;
const ib_list_t *list;
const ib_list_node_t *node;
const ib_field_t *forwarded;
uint8_t *stripped;
size_t num;
ib_flags_t flags;
ib_log_debug3_tx(tx, "Checking for alternate remote address");
/* Extract the X-Forwarded-For from the provider instance */
rc = ib_data_get(tx->data, "request_headers:X-Forwarded-For", &field);
if ( (field == NULL) || (rc != IB_OK) ) {
ib_log_debug_tx(tx, "No X-Forwarded-For field");
return IB_OK;
}
/* Because we asked for a filtered item, what we get back is a list */
rc = ib_field_value(field, ib_ftype_list_out(&list));
if (rc != IB_OK) {
ib_log_debug_tx(tx, "No request header collection");
return rc;
}
num = ib_list_elements(list);
if (num == 0) {
ib_log_debug_tx(tx, "No X-Forwarded-For header found");
return rc;
}
else if (num != 1) {
ib_log_debug_tx(tx, "%zd X-Forwarded-For headers found: ignoring", num);
return rc;
}
node = ib_list_last_const(list);
if ( (node == NULL) || (node->data == NULL) ) {
ib_log_notice_tx(tx, "Invalid X-Forwarded-For header found");
return rc;
}
forwarded = (const ib_field_t *)node->data;
/* Found it: copy the data into a newly allocated string buffer */
rc = ib_field_value_type(forwarded,
ib_ftype_bytestr_out(&bs),
IB_FTYPE_BYTESTR);
if (rc != IB_OK) {
ib_log_notice_tx(tx, "Invalid X-Forwarded-For header value");
return rc;
}
if (bs == NULL) {
ib_log_notice_tx(tx, "X-Forwarded-For header not a bytestr");
return IB_EINVAL;
}
len = ib_bytestr_length(bs);
data = ib_bytestr_const_ptr(bs);
/* Search for a comma in the buffer */
comma = memchr(data, ',', len);
if (comma != NULL) {
len = comma - data;
}
/* Trim whitespace */
stripped = (uint8_t *)data;
rc = ib_strtrim_lr_ex(IB_STROP_INPLACE, tx->mp,
stripped, len,
&stripped, &len, &flags);
if (rc != IB_OK) {
return rc;
}
/* Verify that it looks like a valid IP v4/6 address */
rc = ib_ip_validate_ex((const char *)stripped, len);
if (rc != IB_OK) {
ib_log_error_tx(tx,
"X-Forwarded-For \"%.*s\" is not a valid IP address",
(int)len, stripped
);
return IB_OK;
}
/* Allocate memory for copy of stripped string */
buf = (char *)ib_mpool_alloc(tx->mp, len+1);
if (buf == NULL) {
ib_log_error_tx(tx,
"Failed to allocate %zd bytes for remote address",
len+1);
return IB_EALLOC;
}
/* Copy the string out */
memcpy(buf, stripped, len);
buf[len] = '\0';
ib_log_debug_tx(tx, "Remote address changed to \"%s\"", buf);
/* This will lose the pointer to the original address
* buffer, but it should be cleaned up with the rest
* of the memory pool. */
tx->er_ipstr = buf;
/* Update the remote address field in the tx collection */
rc = ib_data_add_bytestr(tx->data, "remote_addr", (uint8_t*)buf, len, NULL);
if (rc != IB_OK) {
ib_log_error_tx(tx,
"Failed to create remote address TX field: %s",
ib_status_to_string(rc));
return rc;
}
return IB_OK;
}
const char *ib_field_format(
const ib_field_t *field,
bool quote,
bool escape,
const char **type_name,
char *buf,
size_t bufsize
)
{
ib_status_t rc;
const char *tname = NULL;
assert(buf != NULL);
assert(bufsize > 0);
*buf = '\0';
if (field == NULL) {
tname = "NULL";
if (quote) {
strncpy(buf, "\"\"", bufsize-1);
*(buf+bufsize) = '\0';
}
else {
*buf = '\0';
}
}
else {
switch (field->type) {
case IB_FTYPE_NULSTR :
{
const char *s;
tname = "NULSTR";
rc = ib_field_value(field, ib_ftype_nulstr_out(&s));
if (rc != IB_OK) {
break;
}
if (escape) {
ib_string_escape_json_buf(s, quote, buf, bufsize, NULL, NULL);
}
else if (quote) {
snprintf(buf, bufsize, "\"%s\"", (s?s:""));
}
else {
strncpy(buf, s, bufsize-1);
*(buf+bufsize-1) = '\0';
}
break;
}
case IB_FTYPE_BYTESTR:
{
const ib_bytestr_t *bs;
tname = "BYTESTR";
rc = ib_field_value(field, ib_ftype_bytestr_out(&bs));
if (rc != IB_OK) {
break;
}
if (escape) {
ib_string_escape_json_buf_ex(ib_bytestr_const_ptr(bs),
ib_bytestr_length(bs),
true,
quote,
buf, bufsize, NULL,
NULL);
}
else if (quote) {
snprintf(buf, bufsize, "\"%.*s\"",
(int)ib_bytestr_length(bs),
(const char *)ib_bytestr_const_ptr(bs));
}
else {
size_t len = ib_bytestr_length(bs);
if (len > (bufsize - 1) ) {
len = bufsize - 1;
}
strncpy(buf, (const char *)ib_bytestr_const_ptr(bs), len);
*(buf+len) = '\0';
}
break;
}
case IB_FTYPE_NUM : /**< Numeric value */
{
ib_num_t n;
tname = "NUM";
rc = ib_field_value(field, ib_ftype_num_out(&n));
if (rc != IB_OK) {
break;
}
snprintf(buf, bufsize, "%"PRId64, n);
break;
}
case IB_FTYPE_FLOAT : /**< Float numeric value */
{
ib_float_t f;
tname = "FLOAT";
rc = ib_field_value(field, ib_ftype_float_out(&f));
if (rc != IB_OK) {
break;
}
snprintf(buf, bufsize, "%Lf", f);
break;
}
case IB_FTYPE_LIST : /**< List */
{
const ib_list_t *lst;
size_t len;
tname = "LIST";
rc = ib_field_value(field, ib_ftype_list_out(&lst));
if (rc != IB_OK) {
break;
}
len = IB_LIST_ELEMENTS(lst);
if (len == 0) {
snprintf(buf, bufsize, "list[%zd]", len);
}
else {
const ib_list_node_t *node;
node = ib_list_last_const(lst);
if (node == NULL) {
snprintf(buf, bufsize, "list[%zd]", len);
}
else {
ib_field_format((const ib_field_t *)node->data,
quote, escape,
&tname, buf, bufsize);
}
}
break;
}
default:
tname = buf;
snprintf(buf, bufsize, "type = %d", field->type);
break;
}
}
/* Store the type name */
if (type_name != NULL) {
*type_name = tname;
}
/* Return the buffer */
return buf;
}
/**
* Handle request_header events for remote IP extraction.
*
* Extract the "request_headers" field (a list) from the transactions's
* data provider instance, then loop through the list, looking for the
* "X-Forwarded-For" field. If found, the first value in the (comma
* separated) list replaces the local ip address string in the connection
* object.
*
* @param[in] ib IronBee object
* @param[in,out] tx Transaction object
* @param[in] event Event type
* @param[in] cbdata Callback data (module)
*
* @returns Status code
*/
static ib_status_t modua_remoteip(ib_engine_t *ib,
ib_tx_t *tx,
ib_state_event_type_t event,
void *cbdata)
{
assert(ib != NULL);
assert(tx != NULL);
assert(tx->var_store != NULL);
assert(event == request_header_finished_event);
const ib_module_t *m = (const ib_module_t *)cbdata;
ib_field_t *field = NULL;
ib_status_t rc = IB_OK;
const ib_bytestr_t *bs;
const uint8_t *data;
size_t len;
char *buf;
uint8_t *comma;
const ib_list_t *list;
const ib_list_node_t *node;
const ib_field_t *forwarded;
uint8_t *stripped;
size_t num;
ib_flags_t flags;
const modua_config_t *cfg;
rc = ib_context_module_config(ib_context_main(ib), m, &cfg);
if (rc != IB_OK) {
ib_log_error_tx(tx, "Can't fetch configuration: %s",
ib_status_to_string(rc));
return rc;
}
ib_log_debug3_tx(tx, "Checking for alternate remote address");
/* Extract the X-Forwarded-For header field */
rc = ib_var_target_get_const(
cfg->forwarded_for,
&list,
tx->mp,
tx->var_store
);
if (rc == IB_ENOENT || ib_list_elements(list) == 0) {
ib_log_debug_tx(tx, "No X-Forwarded-For");
return IB_OK;
}
if (rc != IB_OK) {
ib_log_error_tx(tx,
"Cannot retrieve request_headers:User-Agent: %d",
rc);
return rc;
}
num = ib_list_elements(list);
if (num == 0) {
ib_log_debug_tx(tx, "No X-Forwarded-For header found");
return rc;
}
else if (num != 1) {
ib_log_debug_tx(tx, "%zd X-Forwarded-For headers found: ignoring", num);
return rc;
}
node = ib_list_last_const(list);
if ( (node == NULL) || (node->data == NULL) ) {
ib_log_notice_tx(tx, "Invalid X-Forwarded-For header found");
return rc;
}
forwarded = (const ib_field_t *)node->data;
/* Found it: copy the data into a newly allocated string buffer */
rc = ib_field_value_type(forwarded,
ib_ftype_bytestr_out(&bs),
IB_FTYPE_BYTESTR);
if (rc != IB_OK) {
ib_log_notice_tx(tx, "Invalid X-Forwarded-For header value");
return rc;
}
if (bs == NULL) {
ib_log_notice_tx(tx, "X-Forwarded-For header not a bytestr");
return IB_EINVAL;
}
len = ib_bytestr_length(bs);
data = ib_bytestr_const_ptr(bs);
/* Search for a comma in the buffer */
comma = memchr(data, ',', len);
if (comma != NULL) {
len = comma - data;
}
/* Trim whitespace */
stripped = (uint8_t *)data;
rc = ib_strtrim_lr_ex(IB_STROP_INPLACE, tx->mp,
stripped, len,
&stripped, &len, &flags);
if (rc != IB_OK) {
return rc;
}
/* Verify that it looks like a valid IP v4/6 address */
rc = ib_ip_validate_ex((const char *)stripped, len);
if (rc != IB_OK) {
ib_log_error_tx(tx,
"X-Forwarded-For \"%.*s\" is not a valid IP address",
(int)len, stripped
);
return IB_OK;
}
/* Allocate memory for copy of stripped string */
buf = (char *)ib_mpool_alloc(tx->mp, len+1);
if (buf == NULL) {
ib_log_error_tx(tx,
"Failed to allocate %zd bytes for remote address",
len+1);
return IB_EALLOC;
}
/* Copy the string out */
memcpy(buf, stripped, len);
buf[len] = '\0';
ib_log_debug_tx(tx, "Remote address changed to \"%s\"", buf);
/* This will lose the pointer to the original address
* buffer, but it should be cleaned up with the rest
* of the memory pool. */
tx->er_ipstr = buf;
/* Update the remote address field in the tx collection */
rc = ib_field_create_bytestr_alias(
&field,
tx->mp,
"", 0,
(uint8_t *)buf, len
);
if (rc != IB_OK) {
ib_log_error_tx(tx, "Failed to create field for remote_addr: %s",
ib_status_to_string(rc));
return rc;
}
rc = ib_var_source_set(cfg->remote_addr, tx->var_store, field);
if (rc != IB_OK) {
ib_log_error_tx(tx,
"Failed to set remote address var: %s",
ib_status_to_string(rc));
return rc;
}
return IB_OK;
}
