haprox_rs/protocol_v2/

protocol_composer.rs

/*-
 * haprox-rs - a HaProxy protocol parser.
 * 
 * Copyright 2025 (c) Aleksandr Morozov
 * The scram-rs crate can be redistributed and/or modified
 * under the terms of either of the following licenses:
 *
 *   1. the Mozilla Public License Version 2.0 (the “MPL”) OR
 *
 *   2. The MIT License (MIT)
 *                     
 *   3. EUROPEAN UNION PUBLIC LICENCE v. 1.2 EUPL © the European Union 2007, 2016
 */

use std::{borrow::{Cow}, io::{Cursor, Write}, marker::PhantomData, mem::offset_of};

use byteorder::{BigEndian, WriteBytesExt};
use crc32fast::Hasher;

use crate::{common, protocol_raw, error::{HaProxErr, HaProxRes}, return_error};

use super::
{
    protocol::
    {
        self, 
        HdrV2Command, 
        PP2TlvClient, 
        PP2Tlvs, 
        ProxyTransportFam, 
        ProxyV2Addr
    }, 
    PP2TlvDump, 
    PP2TlvUniqId, 
    ProxyV2OpCode
};

/// A [ProxyV2OpCode] opcode which is used in [ProxyHdrV2]
/// 
/// A quote from original protocol documentation.
/// > the connection was established on purpose by the proxy
/// > without being relayed. The connection endpoints are the sender and the
/// > receiver. Such connections exist when the proxy sends health-checks to the
/// > server. The receiver must accept this connection as valid and must use the
/// > real connection endpoints and discard the protocol block including the
/// > family which is ignored.
/// 
/// ## Example
/// 
/// ```ignore
/// let mut comp = 
///     ProxyHdrV2::<HdrV2OpLocal>::new().unwrap();
/// ```
#[derive(Clone, Debug)]
pub struct HdrV2OpLocal;

/// A [ProxyV2OpCode] opcode which is used in [ProxyHdrV2]
/// 
/// A quote from original protocol documentation.
/// > the connection was established on behalf of another node,
/// > and reflects the original connection endpoints. The receiver must then use
/// > the information provided in the protocol block to get original the address.
/// 
/// ## Example 
/// 
/// ```ignore
/// let mut comp = 
///     ProxyHdrV2::<HdrV2OpProxy>::new(ProxyTransportFam::STREAM, addr)
///         .unwrap();
/// ```
#[derive(Clone, Debug)]
pub struct HdrV2OpProxy;

impl ProxyV2OpCode for HdrV2OpLocal
{
    /// A 0x00 opcode.
    const OPCODE: u8 = HdrV2Command::LOCAL as u8;
}

impl ProxyV2OpCode for HdrV2OpProxy
{
    /// A 0x01 opcode.
    const OPCODE: u8 = HdrV2Command::PROXY as u8;
}

/// A SSL TLV composer.
#[derive(Debug)]
pub struct TlvSubTypeSsl<'s>
{
    /// Begining of the SSL TLV block.
    start: u64,

    /// A current [TlType] consumed from the root.
    hdr: TlType<'s>,

    /// A TLV ID constraints.
    constraints: &'static [std::ops::RangeInclusive<u8>]
}

impl<'s> TlvSubTypeSsl<'s>
{
    fn new(mut main_tp: TlType<'s>, constraints: &'static [std::ops::RangeInclusive<u8>],
        client: PP2TlvClient, verify: u32) -> HaProxRes<Self>
    {
        let start = main_tp.hdr.buffer.position();

        main_tp.add_tlv(PP2Tlvs::TypeSsl{client, verify}, None)?;

        return Ok(
            Self
            {
                start: start,
                hdr: main_tp,
                constraints: constraints
            }
        );
    }

    #[inline]
    fn done_int(&mut self) -> HaProxRes<()>
    {
        let cur_pos = self.hdr.hdr.buffer.position();

        self.hdr.hdr.buffer.set_position(self.start + offset_of!(protocol_raw::PP2Tlv, length_hi) as u64);//1);

        self.hdr.hdr.buffer.write_u16::<BigEndian>((cur_pos - self.start - 3) as u16).map_err(common::map_io_err)?;

        self.hdr.hdr.buffer.set_position(cur_pos);

        return Ok(());
    }

    /// When all necessary SSL sub TLVs are added, this function calculates the 
    /// length of SSL TLV and writes the size.
    /// 
    /// # Returns
    /// 
    /// A [HaProxRes] is returned. On success the previous (root) [TlType] (which
    /// was consumed previously) will be returned.
    #[inline]
    pub 
    fn done(mut self) -> HaProxRes<TlType<'s>>
    {
        self.done_int()?;
        

        return Ok(self.hdr);
    }

    /// Sets the version of the SSL i,e TLSv1.2.
    /// 
    /// > US-ASCII string representation of the TLS version (format?)
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `ver` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sub_version(&mut self, ver: impl Into<String>) -> HaProxRes<()>
    {
        let version = ver.into();

        common::is_printable_ascii_nowp(&version, "version")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslVersion(Cow::Owned(version)), Some(self.constraints));
    }

    /// Sets borrowed the version of the SSL i,e TLSv1.2.
    /// 
    /// > US-ASCII string representation of the TLS version (format?)
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `ver` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sub_version_borrow<'a>(&mut self, ver: &'a str) -> HaProxRes<()>
    {
        common::is_printable_ascii_nowp(ver, "ssl_version")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslVersion(Cow::Borrowed(ver)), Some(self.constraints));
    }

    /// Sets the Common Name field.
    /// 
    /// > In all cases, the string representation (in UTF8) of the Common Name field
    /// > (OID: 2.5.4.3) of the client certificate's Distinguished Name, is appended
    /// > using the TLV format and the type PP2_SUBTYPE_SSL_CN. E.g. "example.com".
    /// 
    /// Does not perform validation. ToDo?
    pub 
    fn add_ssl_sub_cn(&mut self, cn: impl Into<String>) -> HaProxRes<()>
    {
        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslCn(Cow::Owned(cn.into())), Some(self.constraints));
    }

    /// Sets the borrowed Common Name field.
    /// 
    /// > In all cases, the string representation (in UTF8) of the Common Name field
    /// > (OID: 2.5.4.3) of the client certificate's Distinguished Name, is appended
    /// > using the TLV format and the type PP2_SUBTYPE_SSL_CN. E.g. "example.com".
    /// 
    /// Does not perform validation. ToDo?
    pub 
    fn add_ssl_sub_cn_borrow<'a>(&mut self, cn: &'a str) -> HaProxRes<()>
    {
        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslCn(Cow::Borrowed(cn)), Some(self.constraints));
    }

    /// Sets the Cipher type i.e "ECDHE-RSA-AES128-GCM-SHA256"
    /// 
    /// > US-ASCII string name of the used cipher, for example "ECDHE-RSA-AES128-GCM-SHA256".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `ver` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sub_cipher(&mut self, cip: impl Into<String>) -> HaProxRes<()>
    {
        let cipher = cip.into();

        common::is_printable_ascii_nowp(&cipher, "ssl_cipher")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslCipher(Cow::Owned(cipher)), Some(self.constraints));
    }

    /// Sets the borrowed Cipher type i.e "ECDHE-RSA-AES128-GCM-SHA256"
    /// 
    /// > US-ASCII string name of the used cipher, for example "ECDHE-RSA-AES128-GCM-SHA256".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `cip` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sub_cipher_borrow<'a>(&mut self, cip: &'a str) -> HaProxRes<()>
    {
        common::is_printable_ascii_nowp(cip, "ssl_cipher")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslCipher(Cow::Borrowed(cip)), Some(self.constraints));
    }
    
    /// Sets the signature algorithm i.e "SHA256"
    /// 
    /// > US-ASCII string name of the algorithm used to sign the certificate presented by the 
    /// > frontend when the incoming connection was made over an SSL/TLS transport layer, for example
    /// > "SHA256".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `sigalg` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sub_sigalg(&mut self, sigalg: impl Into<String>) -> HaProxRes<()>
    {
        let sig_alg = sigalg.into();

        common::is_printable_ascii_nowp(&sig_alg, "sig_alg")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslSigAlg(Cow::Owned(sig_alg)), Some(self.constraints));
    }

    /// Sets the signature algorithm i.e "SHA256"
    /// 
    /// > US-ASCII string name of the algorithm used to sign the certificate presented by the 
    /// > frontend when the incoming connection was made over an SSL/TLS transport layer, for example
    /// > "SHA256".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `sigalg` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sub_sigalg_borrow<'a>(&mut self, sigalg: &'a str) -> HaProxRes<()>
    {
        common::is_printable_ascii_nowp(sigalg, "ssl_sigalg")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslSigAlg(Cow::Borrowed(sigalg)), Some(self.constraints));
    }

    /// Sets the key algorithm i.e "RSA2048"
    /// 
    /// > US-ASCII string name of the algorithm used to generate the key of the certificate 
    /// > presented by the frontend when the incoming connection was made over an SSL/TLS 
    /// > transport layer, for example "RSA2048".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `key` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sub_keyalg(&mut self, key: impl Into<String>) -> HaProxRes<()>
    {
        let key_alg = key.into();

        common::is_printable_ascii_nowp(&key_alg, "sig_alg")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslKeyAlg(Cow::Owned(key_alg)), Some(self.constraints));
    }

    /// Sets the borrowed key algorithm i.e "RSA2048"
    /// 
    /// > US-ASCII string name of the algorithm used to generate the key of the certificate 
    /// > presented by the frontend when the incoming connection was made over an SSL/TLS 
    /// > transport layer, for example "RSA2048".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `key` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sub_keyalg_borrow<'a>(&mut self, key: &'a str) -> HaProxRes<()>
    {
        common::is_printable_ascii_nowp(key, "ssl_sigalg")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubtypeSslKeyAlg(Cow::Borrowed(key)), Some(self.constraints));
    }

    /// Sets the ssl group.
    /// 
    /// > US-ASCII string name of the key exchange algorithm used for the frontend TLS 
    /// > connection, for example "secp256r1".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `group` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_group(&mut self, group: impl Into<String>) -> HaProxRes<()>
    {
        let group_str = group.into();

        common::is_printable_ascii_nowp(&group_str, "ssl_group")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubTypeSslGroup(group_str.into()), Some(self.constraints));
    }

    /// Sets the borrowed ssl group.
    /// 
    /// > US-ASCII string name of the key exchange algorithm used for the frontend TLS 
    /// > connection, for example "secp256r1".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `group` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_group_group<'a>(&mut self, group: &'a str) -> HaProxRes<()>
    {
        common::is_printable_ascii_nowp(group, "ssl_group")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubTypeSslGroup(Cow::Borrowed(group)), Some(self.constraints));
    }

    /// Sets the SSL signature scheme.
    /// 
    /// > US-ASCII string name of the algorithm the frontend used to sign the ServerKeyExchange or
    /// > CertificateVerify message, for example "rsa_pss_rsae_sha256".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `sig_schm` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sig_scheme(&mut self, sig_schm: impl Into<String>) -> HaProxRes<()>
    {
        let sig_schm_str = sig_schm.into();

        common::is_printable_ascii_nowp(&sig_schm_str, "ssl_sig_schm")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubTypeSslSigScheme(sig_schm_str.into()), Some(self.constraints));
    }

    /// Sets the borrowed SSL signature scheme.
    /// 
    /// > US-ASCII string name of the algorithm the frontend used to sign the ServerKeyExchange or
    /// > CertificateVerify message, for example "rsa_pss_rsae_sha256".
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `sig_schm` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too.
    pub 
    fn add_ssl_sig_scheme_borrow<'a>(&mut self, sig_schm: &'a str) -> HaProxRes<()>
    {
        common::is_printable_ascii_nowp(sig_schm, "sig_schm")?;

        return self.hdr.add_tlv(PP2Tlvs::TypeSubTypeSslSigScheme(Cow::Borrowed(sig_schm)), Some(self.constraints));
    }
}

/// A root (main) TLV writer.
#[derive(Debug)]
pub struct TlType<'s>
{
    /// A reference to the header.
    hdr: &'s mut ProxyHdrV2<HdrV2OpProxy>,

    /// A TLVs which can be set on root level.
    constraints: &'static [std::ops::RangeInclusive<u8>]
}

impl<'s> TlType<'s>
{
    fn new(hdr: &'s mut ProxyHdrV2<HdrV2OpProxy>, constraints: &'static [std::ops::RangeInclusive<u8>]) -> Self
    {
        return
            Self
            {
                hdr,
                constraints
            };
    }

    /// Adds the Application-Layer Protocol Negotiation (ALPN)
    /// 
    /// The input is not validated! ToDo?
    pub 
    fn add_alpn<'a>(&mut self, alpns: impl Iterator<Item = &'a [u8]>) -> HaProxRes<()>
    {
        return 
            self
                .add_tlv(
                    PP2Tlvs::TypeAlpn( 
                        alpns
                            .map(|v| Cow::Borrowed(v))
                            .collect::<Vec<Cow<'a, [u8]>>>()
                            .into() 
                    ), 
                    None
                );
    }

    /// Adds padding 3 bytes.
    pub 
    fn add_noop(&mut self) -> HaProxRes<()>
    {
        return self.add_tlv(PP2Tlvs::TypeNoop, None);
    }

    /// Adds  US-ASCII string representation of the namespace's name
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `ns` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too. 
    pub 
    fn add_netns(&mut self, ns: impl Into<String>) -> HaProxRes<()>
    {
        let ns_str = ns.into();

        common::is_printable_ascii_nowp(&ns_str, "net_ns")?;

        return self.add_tlv(PP2Tlvs::TypeNetNs(ns_str.into()), None);
    }

    /// Adds (borrowed) US-ASCII string representation of the namespace's name
    /// 
    /// # Returns
    /// 
    /// An error will be returned if `ns` contains non-ascii, non-printable and
    /// whitespace.
    /// 
    /// Other error maybe returned too. 
    pub 
    fn add_netns_borrowed<'a>(&mut self, ns: &'a str) -> HaProxRes<()>
    {
        common::is_printable_ascii_nowp(ns, "net_ns")?;

        return self.add_tlv(PP2Tlvs::TypeNetNs(Cow::Borrowed(ns)), None);
    }

    /// Adds a 32-bit number storing the CRC32c checksum of the PROXY protocol header
    /// 
    /// It will be calculated later after finalization.
    pub 
    fn add_crc32(&mut self) -> HaProxRes<()>
    {
        return self.add_tlv(PP2Tlvs::TypeCrc32c(0), None);
    }

    /// Adds a uniqID. See [PP2TlvUniqId]. 128 bytes max.
    /// 
    /// The input is not validated! ToDo?
    pub 
    fn add_uniq_id<ID: PP2TlvUniqId>(&mut self, au: ID) -> HaProxRes<()>
    {
        let uniq_id = au.into_bytes();

        return self.add_tlv(PP2Tlvs::TypeUniqId(uniq_id.into()), None);
    }

    /// Adds a uniqID as slice borrow. See [PP2TlvUniqId]. 128 bytes max.
    /// 
    /// The input is not validated! ToDo?
    pub 
    fn add_uniq_id_borrow<ID: PP2TlvUniqId>(&mut self, au: ID) -> HaProxRes<()>
    {
        let uniq_id = au.as_slice();

        return self.add_tlv(PP2Tlvs::TypeUniqId(Cow::Borrowed(uniq_id)), None);
    }

    /// Adds "SNI" i.e the "server_name" extension as defined by RFC3546.
    /// 
    /// The input is not validated! ToDo?
    pub 
    fn add_authority(&mut self, authority: impl Into<String>) -> HaProxRes<()>
    {
        return self.add_tlv(PP2Tlvs::TypeAuthority(authority.into().into()), None);
    }

    /// Adds "SNI" borrow i.e the "server_name" extension as defined by RFC3546.
    pub 
    fn add_authority_borrrow<'a>(&mut self, authority: &'a str) -> HaProxRes<()>
    {
        return self.add_tlv(PP2Tlvs::TypeAuthority(Cow::Borrowed(authority)), None);
    }

    // --- SSL and subtypes ---

    /// Adds SSL properties.
    pub 
    fn add_ssl(self, client: PP2TlvClient, verify: u32) -> HaProxRes<TlvSubTypeSsl<'s>>
    {
        return TlvSubTypeSsl::new(self, PP2Tlvs::TLV_TYPE_SSL_SUB_RANGE, client, verify);
    }

    /// Adding external TLV. A [PP2TlvDump] should be implemeted by the `tlv`.
    pub 
    fn add_tlv<TLV: PP2TlvDump>(&mut self, tlv: TLV, 
        opt_constr: Option<&'static [std::ops::RangeInclusive<u8>]>) -> HaProxRes<()>
    {
        let tlv_id: u8 = tlv.get_type();

        let constr = opt_constr.unwrap_or(self.constraints);

        if constr.iter().any(|idr| idr.contains(&tlv_id)) == false
        {
            return_error!(ArgumentEinval, "TLV: {} is subtype of other type or type!", tlv);
        }

        if tlv_id == PP2Tlvs::TypeCrc32c(0).into()
        {
            if self.hdr.crc_tlv_offset != 0
            {
                return_error!(ArgumentEinval, "duplicate PLT CRC!");
            }

            self.hdr.crc_tlv_offset = self.hdr.buffer.position();
        }

        // write type
        self.hdr.buffer.write_u8(tlv_id).map_err(common::map_io_err)?;

        // store size_position
        let size_pos = self.hdr.buffer.position();

        // write fake size
        self.hdr.buffer.write_u16::<BigEndian>(0).map_err(common::map_io_err)?;   

        // write TLV's content
        tlv.dump(&mut self.hdr.buffer)?;

        // write size
        let cur_pos = self.hdr.buffer.position();
        self.hdr.buffer.set_position(size_pos);

        // size
        self.hdr.buffer.write_u16::<BigEndian>((cur_pos - size_pos - 2) as u16).map_err(common::map_io_err)?;

        // restore cursor
        self.hdr.buffer.set_position(cur_pos);

        return Ok(());
    }
}

/// A Proxy Network packet composer.
/// 
/// Depending on the type of the generic `OPC` a different composing options
/// are available.
/// 
/// OPC:
/// 
/// * [HdrV2OpLocal] - a local operation as described in the proxy documentation.
/// 
/// * [HdrV2OpProxy] - a proxy operation as described in the proxy documentation.
/// 
/// # Arguments
/// 
/// * `OPC` - [ProxyV2OpCode] a proxy opcode. It is intentionally made as a generic
///     to separate the options which are availabe for each type of HaProxy message.
/// 
/// # Example
/// 
/// ```ignore
/// // creating new instance
/// let mut comp = 
///     ProxyHdrV2::<HdrV2OpProxy>::new(ProxyTransportFam::STREAM, addr).unwrap();
/// 
/// // aquiring the plts to set fields
/// let plts = comp.set_plts();
/// 
/// // adding ssl info
/// let mut ssl = plts.add_ssl(PP2TlvClient::PP2_CLIENT_SSL, 0).unwrap();
/// ssl.add_ssl_sub_version("TLSv1.2").unwrap();
///     
/// // done writing ssl, returning the plts
/// let mut plts = ssl.done().unwrap();
/// 
/// // a custom TLV
/// let cust_plt = ProxyV2Dummy2::SomeTlvName(0x01020304, 0x05060708);
/// 
/// plts.add_tlv(cust_plt, Some(&[0xE0..=0xE0])).unwrap();
/// 
/// drop(plts);
/// 
/// // convert to vec of bytes
/// let pkt: Vec<u8> = comp.try_into().unwrap();
/// ```
/// 
#[derive(Clone, Debug)]
pub struct ProxyHdrV2<OPC: ProxyV2OpCode>
{
    /// Preallocard space for header.
    buffer: Cursor<Vec<u8>>,

    /// Offset to the location of the TLV CRC
    crc_tlv_offset: u64,

    /// Phantom for the [ProxyV2OpCode]
    _p: PhantomData<OPC>,
}

impl<OPC: ProxyV2OpCode> ProxyHdrV2<OPC>
{
    /// Offset to the message length field.
    pub const HDR_MSG_LEN_OFFSET: u64 = offset_of!(protocol_raw::ProxyHdrV2, len) as u64;
}

/// All functionality available for the opcode LOCAL.
impl ProxyHdrV2<HdrV2OpLocal>
{
    /// Creates a new message of type LOCAL [HdrV2Command::LOCAL].
    pub 
    fn new() -> Vec<u8>
    {
        return protocol_raw::MSG_HEADER_LOCAL_V2.to_vec();
    }
}

/// All functionality available for the opcode PROXY.
impl ProxyHdrV2<HdrV2OpProxy>
{
    /// Creates new message of type PROXY [HdrV2Command::PROXY]. A program should provide the
    /// type of the transport and address of the source and destination. The message compose instance 
    /// is returned which already contains a prepared header.
    /// 
    /// # Arguments
    /// 
    /// * `transport` - [ProxyTransportFam] a type of the transport.
    /// 
    /// * `address` - a source and destination address encapsulated in [ProxyV2Addr].
    /// 
    /// # Returns
    /// 
    /// A [HaProxRes] is returned:
    /// 
    /// * [Result::Ok] - with the instance
    /// 
    /// * [Result::Err] - error description
    pub 
    fn new(transport: ProxyTransportFam, address: ProxyV2Addr) -> HaProxRes<Self>
    {
        let buf: Vec<u8> = 
            Vec::with_capacity(size_of::<protocol_raw::ProxyHdrV2>());

        let mut cur = Cursor::new(buf);
        // writing header

        // header_magic
        cur.write_all(protocol_raw::HEADER_MAGIC_V2).map_err(common::map_io_err)?;

        // protocol version and command 
        cur.write_u8(0x20 | HdrV2OpProxy::OPCODE).map_err(common::map_io_err)?;

        // addr type and transport
        cur.write_u8(((address.as_addr_family() as u8) << 4) | transport as u8).map_err(common::map_io_err)?;

        // length offset is known, so it will be updated later
        cur.write_u16::<BigEndian>(address.get_len()).map_err(common::map_io_err)?;

        // writing address
        address.write(&mut cur)?;

        return Ok(
            Self
            {
                buffer: cur,
                crc_tlv_offset: 0,
                _p: PhantomData
            }
        );
    }

    /// Provides functionality to add the TLV to the payload of the message.
    pub 
    fn set_plts<'s>(&'s mut self) -> TlType<'s>
    {
        return TlType::new(self, PP2Tlvs::TLV_TYPE_MAIN_RANGES);
    }

    fn finalize(&mut self) -> HaProxRes<()>
    {
        let last_off = self.buffer.position();

        // set position to HEADER LENGTH
        self.buffer.set_position(Self::HDR_MSG_LEN_OFFSET);

        let tlv_len = last_off - size_of::<protocol_raw::ProxyHdrV2>() as u64;

        self.buffer.write_u16::<BigEndian>(tlv_len as u16).map_err(common::map_io_err)?;

        if self.crc_tlv_offset > 0
        {
            // init hasher
            let mut hasher = Hasher::new();

            // calculate crc32
            hasher.update(self.buffer.get_ref());

            // set position to start of the CRC's plt payload
            self.buffer.set_position(self.crc_tlv_offset + protocol::TLV_HEADER_LEN as u64);

            // write back CRC
            self.buffer.write_u32::<BigEndian>(hasher.finalize()).map_err(common::map_io_err)?;
        }
        return Ok(());
    }

    
}

/// Converts the instance to the vector. The message will be finalized i.e
/// length recalculated, CRC updated.
impl TryFrom<ProxyHdrV2<HdrV2OpProxy>> for Vec<u8>
{
    type Error = HaProxErr;

    fn try_from(mut value: ProxyHdrV2<HdrV2OpProxy>) -> Result<Self, Self::Error> 
    {
        value.finalize()?;

        return Ok(value.buffer.into_inner());
    }
}

impl<'sz> PP2TlvDump for PP2Tlvs<'sz>
{
    fn get_type(&self) -> u8 
    {
        return self.into();
    }

    fn dump(&self, cur: &mut Cursor<Vec<u8>>) -> HaProxRes<()> 
    {
        match self
        {
            Self::TypeAlpn(items) => 
            {
                // payload
                for alpn in items.iter()//.map(|v| v.as_bytes())
                {
                    // length u16
                    cur.write_u16::<BigEndian>(alpn.len() as u16).map_err(common::map_io_err)?;

                    // alpn bytes
                    cur.write_all(alpn).map_err(common::map_io_err)?;
                }
            },
            Self::TypeAuthority(auth) => 
            {
                // authority
                cur.write_all(auth.as_bytes()).map_err(common::map_io_err)?;
            },
            Self::TypeCrc32c(crc) => 
            {
                cur.write_u32::<BigEndian>(*crc).map_err(common::map_io_err)?;
            },
            Self::TypeNoop => 
            {

            },
            Self::TypeUniqId(items) =>
            {
                cur.write_all(items).map_err(common::map_io_err)?;
            },
            Self::TypeSsl{client, verify} => 
            {
                // client
                cur.write_u8(client.bits()).map_err(common::map_io_err)?;

                // verify
                cur.write_u32::<BigEndian>(*verify).map_err(common::map_io_err)?;
            },
            Self::TypeSubtypeSslVersion(v) => 
            {
                cur.write_all(v.as_bytes()).map_err(common::map_io_err)?;
            },
            Self::TypeSubtypeSslCn(cn) => 
            {
                cur.write_all(cn.as_bytes()).map_err(common::map_io_err)?;
            },
            Self::TypeSubtypeSslCipher(c) => 
            {
                cur.write_all(c.as_bytes()).map_err(common::map_io_err)?;
            },
            Self::TypeSubtypeSslSigAlg(sa) => 
            {
                cur.write_all(sa.as_bytes()).map_err(common::map_io_err)?;
            },
            Self::TypeSubtypeSslKeyAlg(ka) => 
            {
                cur.write_all(ka.as_bytes()).map_err(common::map_io_err)?;
            },
            Self::TypeSubTypeSslGroup(group) => 
            {
                cur.write_all(group.as_bytes()).map_err(common::map_io_err)?;
            },
            Self::TypeSubTypeSslSigScheme(sig) => 
            {
                cur.write_all(sig.as_bytes()).map_err(common::map_io_err)?;
            }
            Self::TypeNetNs(ns) => 
            {
                cur.write_all(ns.as_bytes()).map_err(common::map_io_err)?;
            },
        }

        return Ok(());
    }
}

#[cfg(test)]
mod tests
{
    use std::{fmt, io::Cursor};

    use byteorder::{BigEndian, WriteBytesExt};

    use crate::{common::map_io_err, protocol_v2::{protocol::{PP2TlvClient, PP2Tlvs}, PP2TlvDump}, HaProxRes, ProxyTransportFam, ProxyV2Addr};

    use super::{HdrV2OpProxy, ProxyHdrV2};

    #[test]
    fn test_comp0()
    {
        let addr = ProxyV2Addr::try_from(("127.0.0.1:39754", "127.0.0.67:11883")).unwrap();
        
        let mut comp = 
            ProxyHdrV2::<HdrV2OpProxy>::new(ProxyTransportFam::STREAM, addr).unwrap();

        let plts = comp.set_plts();

        let mut ssl = plts.add_ssl(PP2TlvClient::PP2_CLIENT_SSL, 0).unwrap();

        ssl.add_ssl_sub_version("TLSv1.2").unwrap();
        
        ssl.done().unwrap();

        let pkt: Vec<u8> = comp.try_into().unwrap();

        let ctrl = 
b"\x0d\x0a\x0d\x0a\x00\x0d\x0a\x51\x55\x49\x54\x0a\x21\x11\x00\x1e\
\x7f\x00\x00\x01\x7f\x00\x00\x43\x9b\x4a\x2e\x6b\x20\x00\x0f\x01\
\x00\x00\x00\x00\x21\x00\x07\x54\x4c\x53\x76\x31\x2e\x32";

        assert_eq!(pkt.as_slice(), ctrl.as_slice());
    }

    #[test]
    fn test_comp1()
    {
        #[derive(Clone, Debug)]
        pub enum ProxyV2Dummy2 
        {
            SomeTlvName(u32, u32),
        }

        impl fmt::Display for ProxyV2Dummy2
        {
            fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result 
            {
                write!(f, "DUMMY external reader")
            }
        }

        impl PP2TlvDump for ProxyV2Dummy2
        {
            fn get_type(&self) -> u8 
            {
                #[allow(irrefutable_let_patterns)]
                let Self::SomeTlvName(..) = self else { panic!("wrong") };

                return 0xE0;
            }

            fn dump(&self, cur: &mut Cursor<Vec<u8>>) -> HaProxRes<()> 
            {
                match self
                {
                    Self::SomeTlvName(arg0, arg1) =>
                    {
                        cur.write_u32::<BigEndian>(*arg0).map_err(map_io_err)?;
                        cur.write_u32::<BigEndian>(*arg1).map_err(map_io_err)?;
                    }
                }

                return Ok(());
            }
        }



        let addr = ProxyV2Addr::try_from(("127.0.0.1:39754", "127.0.0.67:11883")).unwrap();
        
        let mut comp = 
            ProxyHdrV2::<HdrV2OpProxy>::new(ProxyTransportFam::STREAM, addr).unwrap();

        let plts = comp.set_plts();

        let mut ssl = plts.add_ssl(PP2TlvClient::PP2_CLIENT_SSL, 0).unwrap();

        ssl.add_ssl_sub_version("TLSv1.2").unwrap();
        
        let mut plts = ssl.done().unwrap();


        let cust_plt = ProxyV2Dummy2::SomeTlvName(0x01020304, 0x05060708);

        plts.add_tlv(cust_plt, Some(&[0xE0..=0xE0])).unwrap();

        drop(plts);

        let pkt: Vec<u8> = comp.try_into().unwrap();

        let ctrl = 
b"\x0d\x0a\x0d\x0a\x00\x0d\x0a\x51\x55\x49\x54\x0a\x21\x11\x00\x29\
\x7f\x00\x00\x01\x7f\x00\x00\x43\x9b\x4a\x2e\x6b\x20\x00\x0f\x01\
\x00\x00\x00\x00\x21\x00\x07\x54\x4c\x53\x76\x31\x2e\x32\xE0\x00\
\x08\x01\x02\x03\x04\x05\x06\x07\x08";

        assert_eq!(pkt.as_slice(), ctrl.as_slice());
    }

    #[test]
    fn test_alpns()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let alpn = PP2Tlvs::TypeAlpn(vec![b"test".as_slice().to_vec().into()].into());

        alpn.dump(&mut cur).unwrap();

       // let op: u8 = (&alpn).into();

        let reference = b"\x00\x04test";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_authority()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let alpn = PP2Tlvs::TypeAuthority("tset".into());

        alpn.dump(&mut cur).unwrap();

        //let op: u8 = (&alpn).into();

        let reference = b"tset";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_crc32()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let alpn = PP2Tlvs::TypeCrc32c(0xABCDEF01);

        alpn.dump(&mut cur).unwrap();

        //let op: u8 = (&alpn).into();

        let reference = b"\xab\xcd\xef\x01";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_netns()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let alpn = PP2Tlvs::TypeNetNs("tstt".into());

        alpn.dump(&mut cur).unwrap();

        //let op: u8 = (&alpn).into();

        let reference = b"tstt";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_noop()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let alpn = PP2Tlvs::TypeNoop;

        alpn.dump(&mut cur).unwrap();

        let reference = b"";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_ssl()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let alpn = PP2Tlvs::TypeSsl{ client: PP2TlvClient::PP2_CLIENT_SSL, verify: 0x00003210};

        alpn.dump(&mut cur).unwrap();

        //let op: u8 = (&alpn).into();

        let reference = b"\x01\x00\x00\x32\x10";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_uniqid()
    {
        const ID: &'static [u8] = b"ABCD12345678901234567890";

        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let alpn = PP2Tlvs::TypeUniqId(ID.into());

        alpn.dump(&mut cur).unwrap();

        let reference = ID;

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference);
    }

    #[test]
    fn test_ssl_cipher()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let ciph = PP2Tlvs::TypeSubtypeSslCipher("ECDHE-RSA-AES128-GCM-SHA256".into());

        ciph.dump(&mut cur).unwrap();

       // let op: u8 = (&ciph).into();

        let reference = b"ECDHE-RSA-AES128-GCM-SHA256";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_ssl_cn()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let cn = PP2Tlvs::TypeSubtypeSslCn("example.com".into());

        cn.dump(&mut cur).unwrap();

        //let op: u8 = (&cn).into();

        let reference = b"example.com";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_ssl_keyalg()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let keyalg = PP2Tlvs::TypeSubtypeSslKeyAlg("RSA2048".into());

        keyalg.dump(&mut cur).unwrap();

       // let op: u8 = (&keyalg).into();

        let reference = b"RSA2048";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_ssl_sigalg()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let sigalg = PP2Tlvs::TypeSubtypeSslSigAlg("SHA256".into());

        sigalg.dump(&mut cur).unwrap();

       // let op: u8 = (&sigalg).into();

        let reference = b"SHA256";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }

    #[test]
    fn test_ssl_version()
    {
        let mut cur = Cursor::new(Vec::<u8>::with_capacity(64));

        let vers = PP2Tlvs::TypeSubtypeSslVersion("TLSv1_3".into());

        vers.dump(&mut cur).unwrap();

        //let op: u8 = (&vers).into();

        let reference = b"TLSv1_3";

        let generated = cur.into_inner();

        assert_eq!(generated.as_slice(), reference.as_slice());
    }
}