tlvparse

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2026 License: Apache-2.0 Imports: 8 Imported by: 3

Documentation

Overview

Package tlvparse provides helpers for PROXY protocol TLVs.

Amazon's application extension to TLVs for NLB VPC endpoint services https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol

Index

Constants

View Source 
const (
	// PP2_TYPE_AWS identifies AWS TLV extensions.
	PP2_TYPE_AWS = 0xEA
	// PP2_SUBTYPE_AWS_VPCE_ID identifies the VPC endpoint ID subtype.
	PP2_SUBTYPE_AWS_VPCE_ID = 0x01
)
View Source 
const (
	// PP2_TYPE_AZURE identifies Azure TLV extensions.
	PP2_TYPE_AZURE = 0xEE
	// PP2_SUBTYPE_AZURE_PRIVATEENDPOINT_LINKID identifies the Private Endpoint LinkID subtype.
	PP2_SUBTYPE_AZURE_PRIVATEENDPOINT_LINKID = 0x01
)
View Source 
const (
	// PP2_BITFIELD_CLIENT_SSL indicates the client used SSL/TLS.
	PP2_BITFIELD_CLIENT_SSL uint8 = 0x01
	// PP2_BITFIELD_CLIENT_CERT_CONN indicates cert on the connection.
	PP2_BITFIELD_CLIENT_CERT_CONN uint8 = 0x02
	// PP2_BITFIELD_CLIENT_CERT_SESS indicates cert in the session.
	PP2_BITFIELD_CLIENT_CERT_SESS uint8 = 0x04
)

pp2_tlv_ssl.client bit fields.

View Source 
const (
	// PP2_TYPE_GCP indicates a Google Cloud Platform header.
	PP2_TYPE_GCP proxyproto.PP2Type = 0xE0
)

Variables

This section is empty.

Functions

func AWSVPCEndpointID 

func AWSVPCEndpointID(tlv proxyproto.TLV) (string, error)

AWSVPCEndpointID returns the AWS VPC endpoint ID if present.

func ExtractPSCConnectionID added in v0.6.1 

func ExtractPSCConnectionID(tlvs []proxyproto.TLV) (uint64, bool)

ExtractPSCConnectionID returns the first PSC Connection ID in the TLV if it exists and is well-formed and a bool indicating one was found.

func FindAWSVPCEndpointID 

func FindAWSVPCEndpointID(tlvs []proxyproto.TLV) string

FindAWSVPCEndpointID returns the first AWS VPC ID in the TLV if it exists and is well-formed.

func FindAzurePrivateEndpointLinkID 

func FindAzurePrivateEndpointLinkID(tlvs []proxyproto.TLV) (uint32, bool)

FindAzurePrivateEndpointLinkID returns the first Azure Private Endpoint LinkID if it exists in the TLV collection and a boolean indicating if it was found.

func IsAWSVPCEndpointID 

func IsAWSVPCEndpointID(tlv proxyproto.TLV) bool

IsAWSVPCEndpointID reports whether tlv contains an AWS VPC endpoint ID.

func IsSSL 

func IsSSL(t proxyproto.TLV) bool

IsSSL reports whether the TLV is of SSL type.

Types

type PP2SSL 

type PP2SSL struct {
	// The Client field is made of a bit field from the following values,
	// indicating which element is present: PP2_BITFIELD_CLIENT_SSL,
	// PP2_BITFIELD_CLIENT_CERT_CONN, PP2_BITFIELD_CLIENT_CERT_SESS
	Client uint8
	// Verify will be zero if the client presented a certificate
	// and it was successfully verified, and non-zero otherwise.
	Verify uint32
	TLV    []proxyproto.TLV
}

PP2SSL represents the PP2_TYPE_SSL TLV and its subtypes.

See section 2.2.5 of the PROXY protocol spec. 

struct pp2_tlv_ssl {
        uint8_t  client;
        uint32_t verify;
        struct pp2_tlv sub_tlv[0];
};

func FindSSL 

func FindSSL(tlvs []proxyproto.TLV) (PP2SSL, bool)

FindSSL returns the first PP2SSL if it exists and is well formed.

func SSL 

func SSL(t proxyproto.TLV) (PP2SSL, error)

SSL returns the pp2_tlv_ssl from section 2.2.5 or errors with ErrIncompatibleTLV or ErrMalformedTLV.

func (PP2SSL) ClientCN 

func (s PP2SSL) ClientCN() (string, bool)

ClientCN returns the string representation (in UTF8) of the Common Name field (OID: 2.5.4.3) of the client certificate's Distinguished Name and whether that extension exists.

func (PP2SSL) ClientCert added in v0.9.1 

func (s PP2SSL) ClientCert() ([]byte, bool)

ClientCert returns the raw X.509 client certificate encoded in ASN.1 DER and whether that extension exists.

func (PP2SSL) ClientCertConn 

func (s PP2SSL) ClientCertConn() bool

ClientCertConn indicates that the client provided a certificate over the current connection.

func (PP2SSL) ClientCertSess 

func (s PP2SSL) ClientCertSess() bool

ClientCertSess indicates that the client provided a certificate at least once over the TLS session this connection belongs to.

func (PP2SSL) ClientSSL 

func (s PP2SSL) ClientSSL() bool

ClientSSL indicates that the client connected over SSL/TLS. When true, SSLVersion will return the version.

func (PP2SSL) Marshal added in v0.3.0 

func (s PP2SSL) Marshal() (proxyproto.TLV, error)

Marshal formats the PP2SSL structure as a TLV.

func (PP2SSL) SSLCipher added in v0.7.0 

func (s PP2SSL) SSLCipher() (string, bool)

SSLCipher returns the US-ASCII string representation of the used TLS cipher and whether that extension exists.

func (PP2SSL) SSLVersion 

func (s PP2SSL) SSLVersion() (string, bool)

SSLVersion returns the US-ASCII string representation of the TLS version and whether that extension exists.

func (PP2SSL) Verified 

func (s PP2SSL) Verified() bool

Verified is true if the client presented a certificate and it was successfully verified.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.