gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-15240 对于Decrypted Traffic,TFE先执行Manipulation再执行Steering

Browse Source
This commit is contained in:
luwenpeng
2023-05-23 14:25:46 +08:00
parent e1b16ee339
commit 8082a3f9e8
1 changed files with 42 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
platform/src/tcp_stream.cpp
View File

@@ -91,6 +91,11 @@ static inline struct tfe_conn_private * __peer_conn(struct tfe_stream_private *
return ((dir == CONN_DIR_DOWNSTREAM) ? (_stream->conn_upstream) : (_stream->conn_downstream)); return ((dir == CONN_DIR_DOWNSTREAM) ? (_stream->conn_upstream) : (_stream->conn_downstream));
} }
static inline struct tfe_conn_private *__steering_peer_conn(struct tfe_stream_private *_stream, enum tfe_conn_dir dir)
{
return ((dir == CONN_DIR_DOWNSTREAM) ? (_stream->conn_fake_c) : (_stream->conn_fake_s));
}
static inline enum tfe_conn_dir __bev_dir(struct tfe_stream_private * _stream, struct bufferevent * bev) static inline enum tfe_conn_dir __bev_dir(struct tfe_stream_private * _stream, struct bufferevent * bev)
{ {
if (_stream->conn_downstream && bev == _stream->conn_downstream->bev) if (_stream->conn_downstream && bev == _stream->conn_downstream->bev)
@@ -641,7 +646,6 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
{ {
struct tfe_stream_private * _stream = (struct tfe_stream_private *) arg; struct tfe_stream_private * _stream = (struct tfe_stream_private *) arg;
enum tfe_conn_dir dir = __bev_dir(_stream, bev); enum tfe_conn_dir dir = __bev_dir(_stream, bev);
struct tfe_conn_private * this_conn = NULL;
struct tfe_conn_private * peer_conn = NULL; struct tfe_conn_private * peer_conn = NULL;
struct evbuffer * inbuf = NULL; struct evbuffer * inbuf = NULL;
struct evbuffer * outbuf = NULL; struct evbuffer * outbuf = NULL;
@@ -649,71 +653,12 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
if (_stream->is_decrypted_traffic_steering) if (_stream->is_decrypted_traffic_steering)
{ {
if (bev == _stream->conn_downstream->bev) peer_conn = __steering_peer_conn(_stream, dir);
{ }
peer_conn = _stream->conn_fake_c; else
} {
else if (bev == _stream->conn_upstream->bev) peer_conn = __peer_conn(_stream, dir);
{
peer_conn = _stream->conn_fake_s;
}
else
{
assert(0);
}
if (_stream->is_first_call_rxcb == 0)
{
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INTERCEPT, 1);
_stream->is_first_call_rxcb = 1;
tfe_set_intercept_metric(&_stream->head, 1, 0, 0, 0, 0);
}
/*
* Peer connection is terminated, drain all data.
* This connection will be destoryed in __event_cb
*/
inbuf = bufferevent_get_input(bev);
inbuff_len = evbuffer_get_length(inbuf);
if (peer_conn == NULL)
{
evbuffer_drain(inbuf, inbuff_len);
return;
}
TFE_LOG_DEBUG(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s send %d bytes from %s to %s",
_stream->str_stream_addr,
inbuff_len,
bev == _stream->conn_downstream->bev ? "conn_downstream" : "conn_upstream",
bev == _stream->conn_downstream->bev ? "conn_fake_c" : "conn_fake_s");
outbuf = bufferevent_get_output(peer_conn->bev);
evbuffer_add_buffer(outbuf, inbuf);
if (bev == _stream->conn_downstream->bev)
{
TFE_PROXY_STAT_INCREASE(STAT_STEERING_CLIENT_TX_B, inbuff_len);
// TODO: Delete the following code when support calling the tfe-plugin
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INCPT_DOWN_BYTES, inbuff_len);
tfe_set_intercept_metric(&_stream->head, 0, 1, inbuff_len, 0, 0);
_stream->downstream_rx_offset += inbuff_len;
}
else
{
TFE_PROXY_STAT_INCREASE(STAT_STEERING_SERVER_TX_B, inbuff_len);
// TODO: Delete the following code when support calling the tfe-plugin
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INCPT_UP_BYTES, inbuff_len);
tfe_set_intercept_metric(&_stream->head, 0, 0, 0, 1, inbuff_len);
_stream->upstream_rx_offset += inbuff_len;
}
// TODO: Delete the following code when support calling the tfe-plugin
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INCPT_BYTES, inbuff_len);
return;
} }
this_conn = __this_conn(_stream, dir);
peer_conn = __peer_conn(_stream, dir);
/* Peer connection is terminated, drain all data. /* Peer connection is terminated, drain all data.
* This connection will be destoryed in __event_cb */ * This connection will be destoryed in __event_cb */
@@ -830,6 +775,23 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
/* Total Bytes */ /* Total Bytes */
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INCPT_BYTES, rx_offset_increase); TFE_PROXY_STAT_INCREASE(STAT_STREAM_INCPT_BYTES, rx_offset_increase);
if (_stream->is_decrypted_traffic_steering && action_final == ACTION_FORWARD_DATA)
{
TFE_LOG_DEBUG(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s send %d bytes from %s to %s",
_stream->str_stream_addr, rx_offset_increase,
dir == CONN_DIR_DOWNSTREAM ? "conn_downstream" : "conn_upstream",
dir == CONN_DIR_DOWNSTREAM ? "conn_fake_c" : "conn_fake_s");
if (dir == CONN_DIR_DOWNSTREAM)
{
TFE_PROXY_STAT_INCREASE(STAT_STEERING_CLIENT_TX_B, rx_offset_increase);
}
else
{
TFE_PROXY_STAT_INCREASE(STAT_STEERING_SERVER_TX_B, rx_offset_increase);
}
}
if(_stream->need_to_be_kill) if(_stream->need_to_be_kill)
{ {
const static struct linger sl{.l_onoff = 1, .l_linger = 0}; const static struct linger sl{.l_onoff = 1, .l_linger = 0};
@@ -933,7 +895,6 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void *
const char * str_conn_dir = __str_dir(conn_dir); const char * str_conn_dir = __str_dir(conn_dir);
enum tfe_conn_dir peer_conn_dir{}; enum tfe_conn_dir peer_conn_dir{};
size_t rx_offset = 0; size_t rx_offset = 0;
int need_close_connection = 0;
if (__bev_dir(_stream, bev) == CONN_DIR_UPSTREAM) if (__bev_dir(_stream, bev) == CONN_DIR_UPSTREAM)
{ {
@@ -1003,23 +964,6 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void *
__stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FD_EOF, conn_dir, 0, NULL); __stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FD_EOF, conn_dir, 0, NULL);
} }
need_close_connection = 1;
}
if (_stream->is_decrypted_traffic_steering)
{
TFE_LOG_DEBUG(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s %s run eventcb, %s %s",
_stream->str_stream_addr,
bev == _stream->conn_downstream->bev ? "conn_downstream" : "conn_upstream",
bev_event_to_string(events),
errno_to_string(errno)
);
tfe_stream_destory(_stream);
return;
}
if (need_close_connection)
{
goto __close_connection; goto __close_connection;
} }
@@ -1190,14 +1134,13 @@ static void __steering_stream_bev_eventcb(struct bufferevent *bev, short events,
{ {
struct tfe_stream_private *_stream = (struct tfe_stream_private *)arg; struct tfe_stream_private *_stream = (struct tfe_stream_private *)arg;
TFE_LOG_DEBUG(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s %s run eventcb, %s %s", TFE_LOG_ERROR(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s %s run eventcb, %s %s",
_stream->str_stream_addr, _stream->str_stream_addr,
bev == _stream->conn_fake_c->bev ? "conn_fake_c" : "conn_fake_s", bev == _stream->conn_fake_c->bev ? "conn_fake_c" : "conn_fake_s",
bev_event_to_string(events), bev_event_to_string(events),
errno_to_string(errno) errno_to_string(errno));
);
enum tfe_conn_dir conn_dir = (bev == _stream->conn_fake_c->bev) ? CONN_DIR_UPSTREAM : CONN_DIR_DOWNSTREAM; enum tfe_conn_dir conn_dir = (bev == _stream->conn_fake_c->bev) ? CONN_DIR_DOWNSTREAM : CONN_DIR_UPSTREAM;
if (events & BEV_EVENT_ERROR) if (events & BEV_EVENT_ERROR)
{ {
__stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FACKFD_ERROR, conn_dir, errno, errno_to_string(errno)); __stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FACKFD_ERROR, conn_dir, errno, errno_to_string(errno));
@@ -1206,6 +1149,8 @@ static void __steering_stream_bev_eventcb(struct bufferevent *bev, short events,
{ {
__stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FACKFD_EOF, conn_dir, errno, errno_to_string(errno)); __stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FACKFD_EOF, conn_dir, errno, errno_to_string(errno));
} }
call_plugin_close(_stream);
tfe_stream_destory(_stream); tfe_stream_destory(_stream);
} }
@@ -1389,7 +1334,7 @@ void __stream_access_log_write(struct tfe_stream_private * stream)
break; break;
case EVENT_LOG_CLOSE_BY_FACKFD_EOF: /* FALLTHROUGH */ case EVENT_LOG_CLOSE_BY_FACKFD_EOF: /* FALLTHROUGH */
case EVENT_LOG_CLOSE_BY_FACKFD_ERROR: /* FALLTHROUGH */ case EVENT_LOG_CLOSE_BY_FACKFD_ERROR: /* FALLTHROUGH */
str_dir = ev_log->dir == CONN_DIR_DOWNSTREAM ? "SERVER" : "CLIENT"; str_dir = ev_log->dir == CONN_DIR_DOWNSTREAM ? "CLIENT" : "SERVER";
break; break;
default: default:
str_dir = ""; str_dir = "";
@@ -1421,11 +1366,11 @@ void __ev_log_to_stat_map_init()
ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_SSL_ERROR][CONN_DIR_DOWNSTREAM] = STAT_STREAM_CLS_DOWN_ERR; ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_SSL_ERROR][CONN_DIR_DOWNSTREAM] = STAT_STREAM_CLS_DOWN_ERR;
ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_SSL_ERROR][CONN_DIR_UPSTREAM] = STAT_STREAM_CLS_UP_ERR; ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_SSL_ERROR][CONN_DIR_UPSTREAM] = STAT_STREAM_CLS_UP_ERR;
ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_FACKFD_EOF][CONN_DIR_DOWNSTREAM] = STAT_STEERING_SERVER_EOF; ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_FACKFD_EOF][CONN_DIR_DOWNSTREAM] = STAT_STEERING_CLIENT_EOF;
ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_FACKFD_EOF][CONN_DIR_UPSTREAM] = STAT_STEERING_CLIENT_EOF; ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_FACKFD_EOF][CONN_DIR_UPSTREAM] = STAT_STEERING_SERVER_EOF;
ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_FACKFD_ERROR][CONN_DIR_DOWNSTREAM] = STAT_STEERING_SERVER_ERR; ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_FACKFD_ERROR][CONN_DIR_DOWNSTREAM] = STAT_STEERING_CLIENT_ERR;
ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_FACKFD_ERROR][CONN_DIR_UPSTREAM] = STAT_STEERING_CLIENT_ERR; ev_log_to_stat_map[EVENT_LOG_CLOSE_BY_FACKFD_ERROR][CONN_DIR_UPSTREAM] = STAT_STEERING_SERVER_ERR;
} }
void __stream_close_stat(struct tfe_stream_private * stream) void __stream_close_stat(struct tfe_stream_private * stream)
@@ -1886,7 +1831,6 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
TFE_PROXY_STAT_INCREASE(STAT_STREAM_TCP_SSL, 1); TFE_PROXY_STAT_INCREASE(STAT_STREAM_TCP_SSL, 1);
} }
return 0; return 0;
__errout: __errout: