gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

向 tfe 的 FieldStat 中输出可信证书的数量

Browse Source
This commit is contained in:
luwenpeng
2020-01-08 14:16:23 +08:00
parent 3f88682d7d
commit 7930500cc1
4 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
common/include/tfe_utils.h
View File

@@ -93,6 +93,7 @@ do { if(!(condition)) { TFE_LOG_ERROR(g_default_logger, fmt, ##__VA_ARGS__); abo
#define ATOMIC_DEC(x) __atomic_fetch_sub(x,1,__ATOMIC_RELAXED) #define ATOMIC_DEC(x) __atomic_fetch_sub(x,1,__ATOMIC_RELAXED)
#define ATOMIC_READ(x) __atomic_fetch_add(x,0,__ATOMIC_RELAXED) #define ATOMIC_READ(x) __atomic_fetch_add(x,0,__ATOMIC_RELAXED)
#define ATOMIC_ADD(x, y) __atomic_fetch_add(x,y,__ATOMIC_RELAXED) #define ATOMIC_ADD(x, y) __atomic_fetch_add(x,y,__ATOMIC_RELAXED)
#define ATOMIC_ZERO(x) __atomic_fetch_and(x,0,__ATOMIC_RELAXED)
#ifndef MAX #ifndef MAX

26
platform/include/internal/ssl_service_cache.h
View File

@@ -3,6 +3,7 @@
#include <tfe_types.h> #include <tfe_types.h>
#include <ssl_utils.h> #include <ssl_utils.h>
#include <event2/event.h> #include <event2/event.h>
#include <MESA/MESA_htable.h>
#define PINNING_ST_NOT_PINNING 0 #define PINNING_ST_NOT_PINNING 0
#define PINNING_ST_PINNING 1 #define PINNING_ST_PINNING 1
@@ -16,13 +17,6 @@ struct ssl_service_status
char is_mutual_auth; char is_mutual_auth;
char has_protocol_errors; char has_protocol_errors;
}; };
struct ssl_service_cache;
struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int succ_as_app_not_pinning_cnt, int fail_time_win);
void ssl_service_cache_destroy(struct ssl_service_cache* cache);
int ssl_service_cache_read(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, struct ssl_service_status* result);
void ssl_service_cache_write(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, const struct ssl_service_status* status);
struct ssl_service_cache_statistics struct ssl_service_cache_statistics
{ {
long long pinning_cli_cnt; long long pinning_cli_cnt;
@@ -31,5 +25,23 @@ struct ssl_service_cache_statistics
long long ev_srv_cnt; long long ev_srv_cnt;
long long ct_srv_cnt; long long ct_srv_cnt;
long long app_not_pinning_cnt; long long app_not_pinning_cnt;
long long trusted_cert_cnt;
}; };
struct ssl_service_cache
{
MESA_htable_handle cli_st_hash;
MESA_htable_handle srv_st_hash;
MESA_htable_handle app_st_hash;
struct ssl_service_cache_statistics stat;
unsigned int fail_as_cli_pinning_count;
unsigned int fail_as_proto_err_count;
unsigned int fail_time_window;
unsigned int succ_as_app_not_pinning_count;
};
struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int succ_as_app_not_pinning_cnt, int fail_time_win);
void ssl_service_cache_destroy(struct ssl_service_cache* cache);
int ssl_service_cache_read(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, struct ssl_service_status* result);
void ssl_service_cache_write(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, const struct ssl_service_status* status);
void ssl_service_cache_stat(struct ssl_service_cache* svc_cache, struct ssl_service_cache_statistics* result); void ssl_service_cache_stat(struct ssl_service_cache* svc_cache, struct ssl_service_cache_statistics* result);

12
platform/src/ssl_service_cache.cpp
View File

@@ -25,18 +25,6 @@ struct ssl_svc_app_st
unsigned int down_ssl_success_cnt; unsigned int down_ssl_success_cnt;
struct ssl_service_cache* ref_svc_cache; struct ssl_service_cache* ref_svc_cache;
}; };
struct ssl_service_cache
{
MESA_htable_handle cli_st_hash;
MESA_htable_handle srv_st_hash;
MESA_htable_handle app_st_hash;
struct ssl_service_cache_statistics stat;
unsigned int fail_as_cli_pinning_count;
unsigned int fail_as_proto_err_count;
unsigned int fail_time_window;
unsigned int succ_as_app_not_pinning_count;
};
struct ssl_service_write_args struct ssl_service_write_args
{ {
struct ssl_service_cache* cache; struct ssl_service_cache* cache;

9
platform/src/ssl_stream.cpp
View File

@@ -106,6 +106,9 @@ enum ssl_stream_stat
SSL_SVC_CT_CERT, SSL_SVC_CT_CERT,
SSL_SVC_EV_CERT, SSL_SVC_EV_CERT,
SSL_SVC_APP_NOT_PINNING, SSL_SVC_APP_NOT_PINNING,
SSL_SVC_TRUSTED_CERT,
SSL_STAT_MAX SSL_STAT_MAX
}; };
@@ -362,6 +365,7 @@ ssl_stream_gc_cb(evutil_socket_t fd, short what, void * arg)
mgr->stat_val[SSL_SVC_CT_CERT]=svc_stat.ct_srv_cnt; mgr->stat_val[SSL_SVC_CT_CERT]=svc_stat.ct_srv_cnt;
mgr->stat_val[SSL_SVC_EV_CERT]=svc_stat.ev_srv_cnt; mgr->stat_val[SSL_SVC_EV_CERT]=svc_stat.ev_srv_cnt;
mgr->stat_val[SSL_SVC_APP_NOT_PINNING]=svc_stat.app_not_pinning_cnt; mgr->stat_val[SSL_SVC_APP_NOT_PINNING]=svc_stat.app_not_pinning_cnt;
mgr->stat_val[SSL_SVC_TRUSTED_CERT]=svc_stat.trusted_cert_cnt;
for(i=0;i<SSL_STAT_MAX;i++) for(i=0;i<SSL_STAT_MAX;i++)
{ {
FS_operate(mgr->fs_handle, mgr->fs_id[i], 0, FS_OP_SET, ATOMIC_READ(&(mgr->stat_val[i]))); FS_operate(mgr->fs_handle, mgr->fs_id[i], 0, FS_OP_SET, ATOMIC_READ(&(mgr->stat_val[i])));
@@ -419,6 +423,8 @@ void ssl_stat_init(struct ssl_mgr * mgr)
spec[SSL_SVC_EV_CERT]="ssl_ev_crt"; spec[SSL_SVC_EV_CERT]="ssl_ev_crt";
spec[SSL_SVC_APP_NOT_PINNING]="app_no_pinning"; spec[SSL_SVC_APP_NOT_PINNING]="app_no_pinning";
spec[SSL_SVC_TRUSTED_CERT]="trusted_cert_nums";
for(i=0;i<SSL_STAT_MAX;i++) for(i=0;i<SSL_STAT_MAX;i++)
{ {
@@ -2034,10 +2040,12 @@ void ssl_stream_free(struct ssl_stream * s_stream, struct event_base * evbase, s
int ssl_manager_add_trust_ca(struct ssl_mgr* mgr, const char* pem_file) int ssl_manager_add_trust_ca(struct ssl_mgr* mgr, const char* pem_file)
{ {
ATOMIC_INC(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
return ssl_trusted_cert_storage_add(mgr->trust_CA_store, SSL_X509_OBJ_CERT, pem_file); return ssl_trusted_cert_storage_add(mgr->trust_CA_store, SSL_X509_OBJ_CERT, pem_file);
} }
int ssl_manager_del_trust_ca(struct ssl_mgr* mgr, const char* pem_file) int ssl_manager_del_trust_ca(struct ssl_mgr* mgr, const char* pem_file)
{ {
ATOMIC_DEC(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
return ssl_trusted_cert_storage_del(mgr->trust_CA_store, SSL_X509_OBJ_CERT, pem_file); return ssl_trusted_cert_storage_del(mgr->trust_CA_store, SSL_X509_OBJ_CERT, pem_file);
} }
int ssl_manager_add_crl(struct ssl_mgr* mgr, const char* pem_file) int ssl_manager_add_crl(struct ssl_mgr* mgr, const char* pem_file)
@@ -2050,6 +2058,7 @@ int ssl_manager_del_crl(struct ssl_mgr* mgr, const char* pem_file)
} }
void ssl_manager_reset_trust_ca(struct ssl_mgr* mgr) void ssl_manager_reset_trust_ca(struct ssl_mgr* mgr)
{ {
ATOMIC_ZERO(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
ssl_trusted_cert_storage_reset(mgr->trust_CA_store); ssl_trusted_cert_storage_reset(mgr->trust_CA_store);
return; return;
} }