1、将dynamic bypass 从tsg_entry.cpp 拆分出来 2、使用ja3信息代替chello信息做bypass ssl信息 3、增加获取ja3流标签,通过cmsg发送给tfe 4、增加dynamic bypass 配置文件开关
This commit is contained in:
fumingwei
12
entry/include/kni_dynamic_bypass.h
Normal file
12
entry/include/kni_dynamic_bypass.h
Normal file
@@ -0,0 +1,12 @@
|
||||
#pragma once
|
||||
#ifndef __KNI_DYNAMIC_BYPASS_H__
|
||||
#define __KNI_DYNAMIC_BYPASS_H__
|
||||
|
||||
#include "kni_entry.h"
|
||||
|
||||
int first_data_ssl_dynamic_bypass(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq);
|
||||
void next_data_ssl_dynamic_bypass(struct pkt_info *pktinfo);
|
||||
int ssl_dynamic_bypass_htable_add(struct pme_info *pmeinfo);
|
||||
int ssl_dynamic_bypass_htable_init(const char *profile,void * local_logger);
|
||||
|
||||
#endif
|
||||
@@ -12,7 +12,6 @@
|
||||
#define CALLER_SAPP 0
|
||||
#define CALLER_TFE 1
|
||||
|
||||
#define SSL_INFO_LEN 2048
|
||||
#define _MAX_MAAT_TABLE_NAME_LEN 64
|
||||
|
||||
#define MAX_STRING_LEN 32
|
||||
@@ -216,7 +215,8 @@ struct kni_handle{
|
||||
char dst_mac_addr[6];
|
||||
int tsg_diagnose_enable;
|
||||
int *arr_last_tfe_dispatch_index;
|
||||
struct security_policy_shunt_tsg_diagnose secpolicyid_shunt_tsg_diagnose;
|
||||
struct security_policy_shunt_tsg_diagnose secpolicyid_shunt_tsg_diagnose;
|
||||
int ssl_dynamic_bypass_enable;
|
||||
MESA_htable_handle sslinfo2bypass_htable;
|
||||
int pxy_tcp_option_enable; //for proxy tcp option enable
|
||||
int pxy_tcp_option_enable_override;
|
||||
@@ -231,10 +231,7 @@ struct traceid2pme_search_cb_args{
|
||||
void *logger;
|
||||
};
|
||||
|
||||
struct dynamic_bypass_ssl_feature{
|
||||
char value[SSL_INFO_LEN];
|
||||
size_t vlen;
|
||||
};
|
||||
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
@@ -1,36 +0,0 @@
|
||||
#pragma once
|
||||
#include <stdint.h>
|
||||
enum chello_parse_result
|
||||
{
|
||||
CHELLO_PARSE_SUCCESS = 0,
|
||||
CHELLO_PARSE_INVALID_FORMAT = -1,
|
||||
CHELLO_PARSE_NOT_ENOUGH_BUFF = -2
|
||||
};
|
||||
|
||||
struct ssl_version
|
||||
{
|
||||
uint8_t minor;
|
||||
uint8_t major;
|
||||
uint16_t ossl_format;
|
||||
};
|
||||
|
||||
struct ssl_chello
|
||||
{
|
||||
struct ssl_version min_version;
|
||||
struct ssl_version max_version;
|
||||
|
||||
char *sni;
|
||||
char *alpn;
|
||||
char *sign_algos;
|
||||
uint16_t sign_algos_len;
|
||||
char *supported_groups;
|
||||
uint16_t supported_groups_len;
|
||||
char *cipher_suites;
|
||||
uint16_t cipher_suites_len;
|
||||
};
|
||||
struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result);
|
||||
|
||||
void ssl_chello_free(struct ssl_chello* chello);
|
||||
|
||||
void ssl_cipher_suites_to_name(const char *source, int source_len, char *result_common, size_t sz_common, char *result_tls13, size_t sz_tls13);
|
||||
|
||||
Reference in New Issue
Block a user