proxy_header

Enum Tlv

Source
#[non_exhaustive]
pub enum Tlv<'a> {
Show 13 variants Alpn(Cow<'a, [u8]>), Authority(Cow<'a, str>), Crc32c(u32), Noop(usize), UniqueId(Cow<'a, [u8]>), Ssl(SslInfo<'a>), Netns(Cow<'a, str>), SslVersion(Cow<'a, str>), SslCn(Cow<'a, str>), SslCipher(Cow<'a, str>), SslSigAlg(Cow<'a, str>), SslKeyAlg(Cow<'a, str>), Custom(u8, Cow<'a, [u8]>),
}
Expand description

Typed TLV (type-length-value) field

Represents the currently known types of TLV fields from the PROXY protocol specification. Non-recognized TLV fields are represented as Tlv::Custom.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

Alpn(Cow<'a, [u8]>)

Application-Layer Protocol Negotiation (ALPN). It is a byte sequence defining the upper layer protocol in use over the connection. The most common use case will be to pass the exact copy of the ALPN extension of the Transport Layer Security (TLS) protocol as defined by RFC7301.

§

Authority(Cow<'a, str>)

Contains the host name value passed by the client, as an UTF8-encoded string. In case of TLS being used on the client connection, this is the exact copy of the “server_name” extension as defined by RFC3546, section 3.1, often referred to as “SNI”. There are probably other situations where an authority can be mentioned on a connection without TLS being involved at all.

§

Crc32c(u32)

The value of the type PP2_TYPE_CRC32C is a 32-bit number storing the CRC32c checksum of the PROXY protocol header.

When the checksum is supported by the sender after constructing the header the sender MUST:

  • initialize the checksum field to ’0’s.

  • calculate the CRC32c checksum of the PROXY header as described in RFC4960, Appendix B.

  • put the resultant value into the checksum field, and leave the rest of the bits unchanged.

If the checksum is provided as part of the PROXY header and the checksum functionality is supported by the receiver, the receiver MUST:

  • store the received CRC32c checksum value aside.

  • replace the 32 bits of the checksum field in the received PROXY header with all ’0’s and calculate a CRC32c checksum value of the whole PROXY header.

  • verify that the calculated CRC32c checksum is the same as the received CRC32c checksum. If it is not, the receiver MUST treat the TCP connection providing the header as invalid.

The default procedure for handling an invalid TCP connection is to abort it.

§

Noop(usize)

The TLV of this type should be ignored when parsed. The value is zero or more bytes. Can be used for data padding or alignment. Note that it can be used to align only by 3 or more bytes because a TLV can not be smaller than that.

§

UniqueId(Cow<'a, [u8]>)

The value of the type PP2_TYPE_UNIQUE_ID is an opaque byte sequence of up to 128 bytes generated by the upstream proxy that uniquely identifies the connection.

The unique ID can be used to easily correlate connections across multiple layers of proxies, without needing to look up IP addresses and port numbers.

§

Ssl(SslInfo<'a>)

SSL (TLS) information

See SslInfo for more information.

§

Netns(Cow<'a, str>)

The type PP2_TYPE_NETNS defines the value as the US-ASCII string representation of the namespace’s name.

§

SslVersion(Cow<'a, str>)

SSL/TLS version

§

SslCn(Cow<'a, str>)

In all cases, the string representation (in UTF8) of the Common Name field (OID: 2.5.4.3) of the client certificate’s Distinguished Name, is appended using the TLV format and the type PP2_SUBTYPE_SSL_CN. E.g. “example.com”.

§

SslCipher(Cow<'a, str>)

The second level TLV PP2_SUBTYPE_SSL_CIPHER provides the US-ASCII string name of the used cipher, for example “ECDHE-RSA-AES128-GCM-SHA256”.

§

SslSigAlg(Cow<'a, str>)

The second level TLV PP2_SUBTYPE_SSL_SIG_ALG provides the US-ASCII string name of the algorithm used to sign the certificate presented by the frontend when the incoming connection was made over an SSL/TLS transport layer, for example “SHA256”.

§

SslKeyAlg(Cow<'a, str>)

The second level TLV PP2_SUBTYPE_SSL_KEY_ALG provides the US-ASCII string name of the algorithm used to generate the key of the certificate presented by the frontend when the incoming connection was made over an SSL/TLS transport layer, for example “RSA2048”.

§

Custom(u8, Cow<'a, [u8]>)

Unrecognized or custom TLV field

Implementations§

Source§

impl<'a> Tlv<'a>

Source

pub fn decode(kind: u8, data: &'a [u8]) -> Result<Tlv<'a>, Error>

Decode a TLV field from the given buffer

Returns an error if the field is malformed.

Source

pub fn kind(&self) -> u8

Returns the raw kind of this TLV field

Source

pub fn encode(&self, buf: &mut Vec<u8>)

Encode this TLV field into the given buffer

§Panics

Panics if the field is too long for its length to fit in a u16.

Source

pub fn into_owned(self) -> Tlv<'static>

Returns an owned version of this struct

Trait Implementations§

Source§

impl<'a> Clone for Tlv<'a>

Source§

fn clone(&self) -> Tlv<'a>

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<'a> Debug for Tlv<'a>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'a> PartialEq for Tlv<'a>

Source§

fn eq(&self, other: &Tlv<'a>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<'a> Eq for Tlv<'a>

Source§

impl<'a> StructuralPartialEq for Tlv<'a>

Auto Trait Implementations§

§

impl<'a> Freeze for Tlv<'a>

§

impl<'a> RefUnwindSafe for Tlv<'a>

§

impl<'a> Send for Tlv<'a>

§

impl<'a> Sync for Tlv<'a>

§

impl<'a> Unpin for Tlv<'a>

§

impl<'a> UnwindSafe for Tlv<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.