feature:TSG-9431:KNI发送安全日志时增加ssl_passthrough_reason字段

2022-01-18 16:31:32 +08:00
parent 5718d879f3
commit cc234d4a1c
4 changed files with 11 additions and 0 deletions
--- a/common/include/kni_cmsg.h
+++ b/common/include/kni_cmsg.h
@@ -83,6 +83,7 @@ enum tfe_cmsg_tlv_type
    TFE_CMSG_FQDN_CAT_ID_VAL,                // string max size 8 * sizeof(uint32_t)
    //cmsg common_direction
    TFE_CMSG_COMMON_DIRECTION,
+    TFE_CMSG_SSL_PASSTHROUGH_REASON,
    //cmsg tlv max
    KNI_CMSG_TLV_NR_MAX,
 };
--- a/common/src/kni_cmsg.cpp
+++ b/common/src/kni_cmsg.cpp
@@ -255,5 +255,6 @@ void tfe_cmsg_enum_to_string()

 	tfe_cmsg_tlv_type_to_string[TFE_CMSG_COMMON_DIRECTION] = "TFE_CMSG_COMMON_DIRECTION";

+	tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_PASSTHROUGH_REASON] = "TFE_CMSG_SSL_PASSTHROUGH_REASON";
 }

--- a/entry/include/kni_entry.h
+++ b/entry/include/kni_entry.h
@@ -151,6 +151,8 @@ struct pme_info{
    struct proxy_tcp_option pxy_tcp_option;
 	int pxy_tcp_option_is_scan;
 	struct session_attribute_label *session_attribute;
+	//for ssl passthrough reason
+	char ssl_passthrough_reason[KNI_SYMBOL_MAX];
 };

 struct wrapped_packet{
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -209,6 +209,9 @@ static int log_generate(struct pme_info *pmeinfo){
 		if(pmeinfo->ssl_cert_verify != -1){
 			TLD_append(tld_handle, (char*)"ssl_cert_verify", (void*)pmeinfo->ssl_cert_verify, TLD_TYPE_LONG);
 		}
+		if (pmeinfo->ssl_intercept_state == 0){
+			TLD_append(tld_handle, (char*)"ssl_passthrough_reason", (void*)pmeinfo->ssl_passthrough_reason, TLD_TYPE_STRING);
+		}
 	}
 	//host
 	if(pmeinfo->protocol == PROTO_HTTP){
@@ -2005,6 +2008,9 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg,
 		case TFE_CMSG_SSL_ERROR:
 			memcpy((char*)&(pmeinfo->ssl_error), value, value_size);
 			break;
+		case TFE_CMSG_SSL_PASSTHROUGH_REASON:
+			memcpy(pmeinfo->ssl_passthrough_reason, value, value_size);
+			break;
 		default:
 			break;
 	}
@@ -2028,6 +2034,7 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size
 		wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_PINNING_STATE, sizeof(pmeinfo->ssl_pinningst), logger);
 		wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_CERT_VERIFY, sizeof(pmeinfo->ssl_cert_verify), logger);
 		wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger);
+		wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, sizeof(pmeinfo->ssl_passthrough_reason), logger);
 		KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d ,pinning state = %d", 
 							pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst);