From dafcd1e9aabbe086cdb7e879fc4b27a2c5dea9fb Mon Sep 17 00:00:00 2001
From: TJ Saunders <tj@castaglia.org>
Date: Sat, 5 Jun 2021 14:13:48 -0700
Subject: [PATCH] Issue #18: Store the PROXY protocol V2 TLVs as session notes.

---
 mod_proxy_protocol.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/mod_proxy_protocol.c b/mod_proxy_protocol.c
index d1001fe..a677925 100644
--- a/mod_proxy_protocol.c
+++ b/mod_proxy_protocol.c
@@ -30,7 +30,7 @@
 # include <sys/uio.h>
 #endif /* HAVE_SYS_UIO_H */
 
-#define MOD_PROXY_PROTOCOL_VERSION	"mod_proxy_protocol/0.4"
+#define MOD_PROXY_PROTOCOL_VERSION	"mod_proxy_protocol/0.5"
 
 /* Make sure the version of proftpd is as necessary. */
 #if PROFTPD_VERSION_NUMBER < 0x0001030507
@@ -697,18 +697,24 @@ static int read_haproxy_v2_tls_tlv(pool *p, void *tlv_val, size_t tlv_valsz) {
       case 0x21:
         pr_trace_msg(trace_channel, 19,
           "TLS TLV: TLS version: %.*s", (int) tls_valsz, (char *) tls_val);
+        (void) pr_table_add_dup(session.notes, "mod_proxy_protocol.tls-version",
+          tlv_val, (size_t) tlv_valsz);
         break;
 
       /* TLS CN */
       case 0x22:
         pr_trace_msg(trace_channel, 19,
           "TLS TLV: TLS CN: %*.s", (int) tls_valsz, (char *) tls_val);
+        (void) pr_table_add_dup(session.notes,
+          "mod_proxy_protocol.tls-common-name", tlv_val, (size_t) tlv_valsz);
         break;
 
       /* TLS cipher */
       case 0x23:
         pr_trace_msg(trace_channel, 19,
           "TLS TLV: TLS cipher: %.*s", (int) tls_valsz, (char *) tls_val);
+        (void) pr_table_add_dup(session.notes, "mod_proxy_protocol.tls-cipher",
+          tlv_val, (size_t) tlv_valsz);
         break;
 
       /* TLS signature algorithm */
@@ -716,6 +722,8 @@ static int read_haproxy_v2_tls_tlv(pool *p, void *tlv_val, size_t tlv_valsz) {
         pr_trace_msg(trace_channel, 19,
           "TLS TLV: TLS signature algorithm: %.*s", (int) tls_valsz,
           (char *) tls_val);
+        (void) pr_table_add_dup(session.notes,
+          "mod_proxy_protocol.tls-signature-algo", tlv_val, (size_t) tlv_valsz);
         break;
 
       /* TLS key algorithm */
@@ -723,6 +731,8 @@ static int read_haproxy_v2_tls_tlv(pool *p, void *tlv_val, size_t tlv_valsz) {
         pr_trace_msg(trace_channel, 19,
           "TLS TLV: TLS key algorithm: %.*s", (int) tls_valsz,
           (char *) tls_val);
+        (void) pr_table_add_dup(session.notes,
+          "mod_proxy_protocol.tls-key-algo", tlv_val, (size_t) tlv_valsz);
         break;
 
       default:
@@ -788,6 +798,8 @@ static int read_haproxy_v2_tlvs(pool *p, conn_t *conn, size_t len) {
         pr_trace_msg(trace_channel, 19,
           "received proxy protocol V2 ALPN: %.*s", (int) tlv_valsz,
           (char *) tlv_val);
+        (void) pr_table_add_dup(session.notes, "mod_proxy_protocol.alpn",
+          tlv_val, (size_t) tlv_valsz);
         break;
 
       /* "Authority" (server name, ala SNI) */
@@ -795,6 +807,8 @@ static int read_haproxy_v2_tlvs(pool *p, conn_t *conn, size_t len) {
         pr_trace_msg(trace_channel, 19,
           "received proxy protocol V2 SNI: %.*s", (int) tlv_valsz,
           (char *) tlv_val);
+        (void) pr_table_add_dup(session.notes, "mod_proxy_protocol.authority",
+          tlv_val, (size_t) tlv_valsz);
         break;
 
       /* CRC32 */
@@ -816,6 +830,8 @@ static int read_haproxy_v2_tlvs(pool *p, conn_t *conn, size_t len) {
         pr_trace_msg(trace_channel, 19,
           "received proxy protocol V2 Unique ID TLV (%lu bytes)",
           (unsigned long) tlv_valsz);
+        (void) pr_table_add_dup(session.notes, "mod_proxy_protocol.unique-id",
+          tlv_val, (size_t) tlv_valsz);
         break;
 
       /* TLS */