ssl_stream在本地记录伪造证书。
This commit is contained in:
zhengchao
@@ -1,9 +1,9 @@
|
||||
add_library(common src/tfe_utils.cpp src/tfe_future.cpp src/tfe_http.cpp src/tfe_plugin.cpp src/tfe_rpc.cpp)
|
||||
add_library(common src/tfe_utils.cpp src/tfe_types.cpp src/tfe_future.cpp src/tfe_http.cpp src/tfe_plugin.cpp src/tfe_rpc.cpp)
|
||||
target_include_directories(common PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)
|
||||
target_link_libraries(common MESA_handle_logger libevent-static libevent-static-openssl libevent-static-pthreads)
|
||||
|
||||
### UNITTEST CASE
|
||||
add_executable(test-addr test/test_addr.cpp)
|
||||
add_executable(test-addr test/test_addr.cpp src/tfe_types.cpp src/tfe_utils.cpp)
|
||||
target_include_directories(test-addr PRIVATE include)
|
||||
target_link_libraries(test-addr gtest)
|
||||
|
||||
|
||||
@@ -149,117 +149,13 @@ struct tfe_stream_addr
|
||||
unsigned char paddr[0];
|
||||
};
|
||||
};
|
||||
static inline const char* tfe_stream_conn_dir_to_str(enum tfe_conn_dir dir)
|
||||
{
|
||||
return (dir==CONN_DIR_DOWNSTREAM)?"downstream":"upstream";
|
||||
}
|
||||
static inline char * tfe_stream_addr_to_str(const struct tfe_stream_addr * addr)
|
||||
{
|
||||
char * __str_ret = NULL;
|
||||
if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V4)
|
||||
{
|
||||
const struct tfe_stream_addr_tuple4_v4 * tuple4_v4 = addr->tuple4_v4;
|
||||
char __src_addr[INET_ADDRSTRLEN];
|
||||
char __dst_addr[INET_ADDRSTRLEN];
|
||||
uint16_t __src_port = ntohs((uint16_t) tuple4_v4->source);
|
||||
uint16_t __dst_port = ntohs((uint16_t) tuple4_v4->dest);
|
||||
const char* tfe_stream_conn_dir_to_str(enum tfe_conn_dir dir);
|
||||
void tfe_stream_addr_free(struct tfe_stream_addr *addr);
|
||||
struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd, enum tfe_conn_dir dir);
|
||||
|
||||
inet_ntop(AF_INET, &tuple4_v4->saddr, __src_addr, sizeof(__src_addr));
|
||||
inet_ntop(AF_INET, &tuple4_v4->daddr, __dst_addr, sizeof(__dst_addr));
|
||||
asprintf(&__str_ret, "%s %u %s %u", __src_addr, __src_port, __dst_addr, __dst_port);
|
||||
}
|
||||
//Follow function's returned pointer should be passed to free to release the allocated storage when it is no longer needed.
|
||||
char* tfe_string_addr_create_by_fd(int fd, enum tfe_conn_dir dir);
|
||||
char * tfe_stream_addr_to_str(const struct tfe_stream_addr * addr);
|
||||
|
||||
if(addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V6)
|
||||
{
|
||||
const struct tfe_stream_addr_tuple4_v6 * tuple4_v6 = addr->tuple4_v6;
|
||||
char __src_addr[INET6_ADDRSTRLEN];
|
||||
char __dst_addr[INET6_ADDRSTRLEN];
|
||||
uint16_t __src_port = ntohs((uint16_t) tuple4_v6->source);
|
||||
uint16_t __dst_port = ntohs((uint16_t) tuple4_v6->dest);
|
||||
|
||||
inet_ntop(AF_INET6, &tuple4_v6->saddr, __src_addr, sizeof(__src_addr));
|
||||
inet_ntop(AF_INET6, &tuple4_v6->daddr, __dst_addr, sizeof(__dst_addr));
|
||||
asprintf(&__str_ret, "%s %u %s %u", __src_addr, __src_port, __dst_addr, __dst_port);
|
||||
}
|
||||
|
||||
return __str_ret;
|
||||
}
|
||||
static inline void tfe_stream_addr_free(struct tfe_stream_addr *addr)
|
||||
{
|
||||
free(addr);
|
||||
return;
|
||||
}
|
||||
static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd, enum tfe_conn_dir dir)
|
||||
{
|
||||
struct tfe_stream_addr * __stream_addr = NULL;
|
||||
|
||||
struct sockaddr_storage sk_src_storage{};
|
||||
struct sockaddr * sk_src_ptr = (struct sockaddr *) &sk_src_storage;
|
||||
socklen_t sk_src_len = sizeof(sk_src_storage);
|
||||
|
||||
struct sockaddr_storage sk_dst_storage{};
|
||||
struct sockaddr * sk_dst_ptr = (struct sockaddr *) &sk_dst_storage;
|
||||
socklen_t sk_dst_len = sizeof(sk_dst_storage);
|
||||
if(dir==CONN_DIR_UPSTREAM)
|
||||
{
|
||||
int ret = getsockname(fd, sk_src_ptr, &sk_src_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
|
||||
ret = getpeername(fd, sk_dst_ptr, &sk_dst_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
int ret = getsockname(fd, sk_dst_ptr, &sk_dst_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
|
||||
ret = getpeername(fd, sk_src_ptr, &sk_src_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
}
|
||||
|
||||
assert(sk_src_ptr->sa_family == sk_dst_ptr->sa_family);
|
||||
if (sk_src_ptr->sa_family == AF_INET)
|
||||
{
|
||||
__stream_addr = (struct tfe_stream_addr *) malloc(
|
||||
sizeof(struct tfe_stream_addr) + sizeof(struct tfe_stream_addr_tuple4_v4));
|
||||
|
||||
struct tfe_stream_addr_ipv4 * st_addr_v4 = __stream_addr->ipv4;
|
||||
struct sockaddr_in * sk_v4_src_ptr = (struct sockaddr_in *) sk_src_ptr;
|
||||
struct sockaddr_in * sk_v4_dst_ptr = (struct sockaddr_in *) sk_dst_ptr;
|
||||
|
||||
__stream_addr->addrtype = TFE_ADDR_STREAM_TUPLE4_V4;
|
||||
__stream_addr->addrlen = sizeof(struct tfe_stream_addr_tuple4_v4);
|
||||
|
||||
st_addr_v4->saddr.s_addr = sk_v4_src_ptr->sin_addr.s_addr;
|
||||
st_addr_v4->source = sk_v4_src_ptr->sin_port;
|
||||
st_addr_v4->daddr.s_addr = sk_v4_dst_ptr->sin_addr.s_addr;
|
||||
st_addr_v4->dest = sk_v4_dst_ptr->sin_port;
|
||||
}
|
||||
else if (sk_src_ptr->sa_family == AF_INET6)
|
||||
{
|
||||
assert(0);
|
||||
}
|
||||
else
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
|
||||
return __stream_addr;
|
||||
|
||||
__errout:
|
||||
if (__stream_addr != NULL) free(__stream_addr);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
131
common/src/tfe_types.cpp
Normal file
131
common/src/tfe_types.cpp
Normal file
@@ -0,0 +1,131 @@
|
||||
#include "tfe_types.h"
|
||||
#include "tfe_utils.h"
|
||||
const char* tfe_stream_conn_dir_to_str(enum tfe_conn_dir dir)
|
||||
{
|
||||
return (dir==CONN_DIR_DOWNSTREAM)?"downstream":"upstream";
|
||||
}
|
||||
|
||||
char * tfe_stream_addr_to_str(const struct tfe_stream_addr * addr)
|
||||
{
|
||||
char * __str_ret = NULL;
|
||||
if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V4)
|
||||
{
|
||||
const struct tfe_stream_addr_tuple4_v4 * tuple4_v4 = addr->tuple4_v4;
|
||||
char __src_addr[INET_ADDRSTRLEN];
|
||||
char __dst_addr[INET_ADDRSTRLEN];
|
||||
uint16_t __src_port = ntohs((uint16_t) tuple4_v4->source);
|
||||
uint16_t __dst_port = ntohs((uint16_t) tuple4_v4->dest);
|
||||
|
||||
inet_ntop(AF_INET, &tuple4_v4->saddr, __src_addr, sizeof(__src_addr));
|
||||
inet_ntop(AF_INET, &tuple4_v4->daddr, __dst_addr, sizeof(__dst_addr));
|
||||
asprintf(&__str_ret, "%s %u %s %u", __src_addr, __src_port, __dst_addr, __dst_port);
|
||||
}
|
||||
|
||||
if(addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V6)
|
||||
{
|
||||
const struct tfe_stream_addr_tuple4_v6 * tuple4_v6 = addr->tuple4_v6;
|
||||
char __src_addr[INET6_ADDRSTRLEN];
|
||||
char __dst_addr[INET6_ADDRSTRLEN];
|
||||
uint16_t __src_port = ntohs((uint16_t) tuple4_v6->source);
|
||||
uint16_t __dst_port = ntohs((uint16_t) tuple4_v6->dest);
|
||||
|
||||
inet_ntop(AF_INET6, &tuple4_v6->saddr, __src_addr, sizeof(__src_addr));
|
||||
inet_ntop(AF_INET6, &tuple4_v6->daddr, __dst_addr, sizeof(__dst_addr));
|
||||
asprintf(&__str_ret, "%s %u %s %u", __src_addr, __src_port, __dst_addr, __dst_port);
|
||||
}
|
||||
|
||||
return __str_ret;
|
||||
}
|
||||
void tfe_stream_addr_free(struct tfe_stream_addr *addr)
|
||||
{
|
||||
free(addr);
|
||||
return;
|
||||
}
|
||||
struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd, enum tfe_conn_dir dir)
|
||||
{
|
||||
struct tfe_stream_addr * __stream_addr = NULL;
|
||||
|
||||
struct sockaddr_storage sk_src_storage{};
|
||||
struct sockaddr * sk_src_ptr = (struct sockaddr *) &sk_src_storage;
|
||||
socklen_t sk_src_len = sizeof(sk_src_storage);
|
||||
|
||||
struct sockaddr_storage sk_dst_storage{};
|
||||
struct sockaddr * sk_dst_ptr = (struct sockaddr *) &sk_dst_storage;
|
||||
socklen_t sk_dst_len = sizeof(sk_dst_storage);
|
||||
if(dir==CONN_DIR_UPSTREAM)
|
||||
{
|
||||
int ret = getsockname(fd, sk_src_ptr, &sk_src_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
|
||||
ret = getpeername(fd, sk_dst_ptr, &sk_dst_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
int ret = getsockname(fd, sk_dst_ptr, &sk_dst_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
|
||||
ret = getpeername(fd, sk_src_ptr, &sk_src_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
}
|
||||
|
||||
assert(sk_src_ptr->sa_family == sk_dst_ptr->sa_family);
|
||||
if (sk_src_ptr->sa_family == AF_INET)
|
||||
{
|
||||
__stream_addr = (struct tfe_stream_addr *) malloc(
|
||||
sizeof(struct tfe_stream_addr) + sizeof(struct tfe_stream_addr_tuple4_v4));
|
||||
|
||||
struct tfe_stream_addr_ipv4 * st_addr_v4 = __stream_addr->ipv4;
|
||||
struct sockaddr_in * sk_v4_src_ptr = (struct sockaddr_in *) sk_src_ptr;
|
||||
struct sockaddr_in * sk_v4_dst_ptr = (struct sockaddr_in *) sk_dst_ptr;
|
||||
|
||||
__stream_addr->addrtype = TFE_ADDR_STREAM_TUPLE4_V4;
|
||||
__stream_addr->addrlen = sizeof(struct tfe_stream_addr_tuple4_v4);
|
||||
|
||||
st_addr_v4->saddr.s_addr = sk_v4_src_ptr->sin_addr.s_addr;
|
||||
st_addr_v4->source = sk_v4_src_ptr->sin_port;
|
||||
st_addr_v4->daddr.s_addr = sk_v4_dst_ptr->sin_addr.s_addr;
|
||||
st_addr_v4->dest = sk_v4_dst_ptr->sin_port;
|
||||
}
|
||||
else if (sk_src_ptr->sa_family == AF_INET6)
|
||||
{
|
||||
assert(0);
|
||||
}
|
||||
else
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
|
||||
return __stream_addr;
|
||||
|
||||
__errout:
|
||||
if (__stream_addr != NULL) free(__stream_addr);
|
||||
return NULL;
|
||||
}
|
||||
char* tfe_string_addr_create_by_fd(int fd, enum tfe_conn_dir dir)
|
||||
{
|
||||
char* addr_str=NULL;
|
||||
struct tfe_stream_addr * stream_addr=tfe_stream_addr_create_by_fd(fd, dir);
|
||||
if(stream_addr)
|
||||
{
|
||||
addr_str= tfe_stream_addr_to_str(stream_addr);
|
||||
}
|
||||
else
|
||||
{
|
||||
addr_str=tfe_strdup("null");
|
||||
}
|
||||
tfe_stream_addr_free(stream_addr);
|
||||
return addr_str;
|
||||
}
|
||||
@@ -853,16 +853,8 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
|
||||
{
|
||||
unsigned long sslerr=0;
|
||||
int fd=bufferevent_getfd(bev);
|
||||
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, dir);
|
||||
char* addr_string=NULL;
|
||||
if(addr)
|
||||
{
|
||||
addr_string=tfe_stream_addr_to_str(addr);
|
||||
}
|
||||
else
|
||||
{
|
||||
addr_string=tfe_strdup("null");
|
||||
}
|
||||
char* addr_string=tfe_string_addr_create_by_fd(fd, dir);
|
||||
|
||||
|
||||
/* Can happen for socket errs, ssl errs;
|
||||
* may happen for unclean ssl socket shutdowns. */
|
||||
@@ -941,7 +933,6 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
|
||||
ERR_func_error_string(sslerr));
|
||||
}
|
||||
}
|
||||
tfe_stream_addr_free(addr);
|
||||
free(addr_string);
|
||||
|
||||
}
|
||||
@@ -994,7 +985,9 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
else
|
||||
{
|
||||
ATOMIC_INC(&(mgr->stat_val[SSL_FAKE_CRT]));
|
||||
|
||||
char* addr_str=tfe_string_addr_create_by_fd(ctx->fd_upstream, CONN_DIR_UPSTREAM);
|
||||
TFE_LOG_INFO(mgr->logger, "Fake Cert %s %s", addr_str, ctx->s_stream->client_hello->sni);
|
||||
free(addr_str);
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -1470,7 +1463,7 @@ void ask_keyring_on_fail(enum e_future_error error, const char * what, void * us
|
||||
/*
|
||||
* Create a SSL stream for the incoming connection, based on the upstream.
|
||||
*/
|
||||
void ssl_async_downstream_create(struct future * f, struct ssl_mgr * mgr, struct ssl_stream * upstream,
|
||||
extern void ssl_async_downstream_create(struct future * f, struct ssl_mgr * mgr, struct ssl_stream * upstream,
|
||||
evutil_socket_t fd_downstream, int keyring_id, struct event_base * evbase)
|
||||
{
|
||||
|
||||
|
||||
Reference in New Issue
Block a user