gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tfe.conf中系统参数的section改为system,兼容kniv1测试完毕。

Browse Source
This commit is contained in:
zhengchao
2019-06-02 18:17:53 +08:00
parent 306dcc6ce0
commit ace31ae24a
6 changed files with 52 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
common/include/tfe_cmsg.h
View File

@@ -31,10 +31,10 @@ enum tfe_cmsg_tlv_type
TFE_CMSG_STREAM_TRACE_ID = 0x11, TFE_CMSG_STREAM_TRACE_ID = 0x11,
TFE_CMSG_SSL_INTERCEPT_STATE, //size uint64_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action TFE_CMSG_SSL_INTERCEPT_STATE, //size uint64_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
TFE_CMSG_SSL_UPSTREAM_LATENCY, //size uint64_t, milisecond TFE_CMSG_SSL_SERVER_SIDE_LATENCY, //size uint64_t, milisecond
TFE_CMSG_SSL_DOWNSTREAM_LATENCY, //size uint64_t, milisecond TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, //size uint64_t, milisecond
TFE_CMSG_SSL_UPSTREAM_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown TFE_CMSG_SSL_SERVER_SIDE_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
TFE_CMSG_SSL_DOWNSTREAM_VERSION, TFE_CMSG_SSL_CLIENT_SIDE_VERSION,
TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning
TFE_CMSG_SSL_CERT_VERIFY, TFE_CMSG_SSL_CERT_VERIFY,
TFE_CMSG_SSL_ERROR //string TFE_CMSG_SSL_ERROR //string

50
conf/tfe/tfe.conf
View File

@@ -1,38 +1,51 @@
[system]
nr_worker_threads=1
enable_kni_v1=1
enable_kni_v2=0
[kni] [kni]
uxdomain=/home/server_unixsocket_file uxdomain=/home/server_unixsocket_file
ip=127.0.0.1
scm_port=8888
[ssl] [ssl]
ssl_max_version=tls12 ssl_max_version=tls13
ssl_min_version=ssl3
no_session_cache=0
no_session_ticket=0 no_session_ticket=0
log_master_key=1 log_master_key=1
trusted_cert_file=resource/tfe/tls-ca-bundle.pem trusted_cert_file=resource/tfe/tls-ca-bundle.pem
trusted_cert_dir=resource/tfe/trusted_storage trusted_cert_dir=resource/tfe/trusted_storage
key_log_file=log/sslkeylog.log key_log_file=log/sslkeylog.log
no_alpn=1 no_alpn=0
stek_group_num=4
stek_rotation_time=3600
[key_keeper] [key_keeper]
#Mode: debug - generate cert with ca_path, normal - generate cert with cert store #Mode: debug - generate cert with ca_path, normal - generate cert with cert store
#mode = normal #0 on cache 1 off cache
mode = debug no_cache=0
cert_store_host=192.168.11.100 mode=normal
cert_store_host=192.168.10.8
cert_store_port=9991 cert_store_port=9991
ca_path=resource/tfe/mesalab-ca.pem ca_path=resource/tfe/tango-ca-trust-ca.pem
untrusted_ca_path=resource/tfe/mesalab-ca-untrust.pem untrusted_ca_path=resource/tfe/tango-ca-untrust-ca.pem
[ratelimit]
#read_rate=1048576
#read_burst=1048576
#write_rate=1048576
#write_burst=1048576
[debug] [debug]
passthrough_all_tcp=0 passthrough_all_tcp=0
[ratelimit]
#read_rate=200000
#read_burst=200000
#write_rate=200000
#write_burst=200000
[tcp] [tcp]
so_keepalive=0 so_keepalive=1
tcp_keepcnt=8 tcp_keepcnt=8
tcp_keepintvl=15 tcp_keepintvl=15
tcp_keepidle=30 tcp_keepidle=30
tcp_user_timeout=30 tcp_user_timeout=30
tcp_ttl_upstream=75
tcp_ttl_downstream=70
[log] [log]
level=10 level=10
@@ -40,9 +53,6 @@ level=10
[stat] [stat]
statsd_server=192.168.10.72 statsd_server=192.168.10.72
statsd_port=8126 statsd_port=8126
histogram_bins=0.50,0.80,0.9,0.95
[sender_scm] [http]
switch = 1 loglevel=20
kni_ip = 192.168.10.37
kni_port = 8888

4
platform/src/acceptor_kni_v1.cpp
View File

@@ -206,8 +206,8 @@ void __kni_event_cb(evutil_socket_t fd, short what, void * user)
struct tfe_cmsg * __tfe_cmsg; struct tfe_cmsg * __tfe_cmsg;
struct tfe_proxy_accept_para __accept_para{}; struct tfe_proxy_accept_para __accept_para{};
uint16_t session_type; uint8_t session_type;
uint16_t keyring_id; int32_t keyring_id;
int * __fds = NULL; int * __fds = NULL;
assert(__ctx != NULL && __ctx->thread == pthread_self()); assert(__ctx != NULL && __ctx->thread == pthread_self());

12
platform/src/proxy.cpp
View File

@@ -258,8 +258,8 @@ int tfe_proxy_work_thread_run(struct tfe_proxy * proxy)
int tfe_proxy_config(struct tfe_proxy * proxy, const char * profile) int tfe_proxy_config(struct tfe_proxy * proxy, const char * profile)
{ {
/* Worker threads */ /* Worker threads */
MESA_load_profile_uint_def(profile, "main", "nr_worker_threads", &proxy->nr_work_threads, 1); MESA_load_profile_uint_def(profile, "system", "nr_worker_threads", &proxy->nr_work_threads, 1);
MESA_load_profile_uint_def(profile, "main", "buffer_output_limit", &proxy->buffer_output_limit, 0); MESA_load_profile_uint_def(profile, "system", "buffer_output_limit", &proxy->buffer_output_limit, 0);
/* Debug */ /* Debug */
MESA_load_profile_uint_def(profile, "debug", "passthrough_all_tcp", &proxy->tcp_all_passthrough, 0); MESA_load_profile_uint_def(profile, "debug", "passthrough_all_tcp", &proxy->tcp_all_passthrough, 0);
@@ -355,13 +355,13 @@ int tfe_stat_init(struct tfe_proxy * proxy, const char * profile)
void tfe_proxy_acceptor_init(struct tfe_proxy * proxy, const char * profile) void tfe_proxy_acceptor_init(struct tfe_proxy * proxy, const char * profile)
{ {
MESA_load_profile_uint_def(profile, "acceptor", "en_kni_v1", &proxy->en_kni_v1_acceptor, 0); MESA_load_profile_uint_def(profile, "system", "enable_kni_v1", &proxy->en_kni_v1_acceptor, 0);
MESA_load_profile_uint_def(profile, "acceptor", "en_kni_v2", &proxy->en_kni_v2_acceptor, 1); MESA_load_profile_uint_def(profile, "system", "enable_kni_v2", &proxy->en_kni_v2_acceptor, 1);
if (proxy->en_kni_v1_acceptor) if (proxy->en_kni_v1_acceptor)
{ {
g_default_proxy->kni_v1_acceptor = acceptor_kni_v1_create(proxy, profile, proxy->logger); g_default_proxy->kni_v1_acceptor = acceptor_kni_v1_create(proxy, profile, proxy->logger);
CHECK_OR_EXIT(g_default_proxy->kni_v2_acceptor, "Failed at init KNIv2 acceptor. Exit. "); CHECK_OR_EXIT(g_default_proxy->kni_v1_acceptor, "Failed at init KNIv1 acceptor. Exit. ");
} }
if (proxy->en_kni_v2_acceptor) if (proxy->en_kni_v2_acceptor)
@@ -438,7 +438,7 @@ int main(int argc, char * argv[])
tfe_proxy_acceptor_init(g_default_proxy, main_profile); tfe_proxy_acceptor_init(g_default_proxy, main_profile);
/* SCM Sender */ /* SCM Sender */
g_default_proxy->scm_sender = sender_scm_init(main_profile, "sender_scm", g_default_logger); g_default_proxy->scm_sender = sender_scm_init(main_profile, "kni", g_default_logger);
CHECK_OR_EXIT(g_default_proxy->scm_sender != NULL, "Failed at creating scm sender, Exit."); CHECK_OR_EXIT(g_default_proxy->scm_sender != NULL, "Failed at creating scm sender, Exit.");
/* PLUGIN INIT */ /* PLUGIN INIT */

24
platform/src/sender_scm.cpp
View File

@@ -41,26 +41,14 @@ struct sender_scm* sender_scm_init(const char *profile, const char *section, voi
struct sockaddr_in server_addr; struct sockaddr_in server_addr;
struct sender_scm *sender = ALLOC(struct sender_scm, 1); struct sender_scm *sender = ALLOC(struct sender_scm, 1);
sender->logger = logger; sender->logger = logger;
int ret = MESA_load_profile_int_nodef(profile, section, "send_switch", &send_switch); MESA_load_profile_int_def(profile, section, "send_switch", &send_switch, 1);
if(ret < 0) if(send_switch)
{ {
TFE_LOG_ERROR(logger, "MESA_prof_load: send_switch not set, profile is %s, section is %s", profile, section); MESA_load_profile_string_def(profile, section, "ip", kni_ip, sizeof(kni_ip), "127.0.0.1");
goto error_out; MESA_load_profile_int_def(profile, section, "cmsg_port", &kni_port, 2475);
TFE_LOG_INFO(logger, "MESA_prof_load, [%s]:\n kni_ip: %s\n kni_port: %d",
section, kni_ip, kni_port);
} }
ret = MESA_load_profile_string_nodef(profile, section, "kni_ip", kni_ip, sizeof(kni_ip));
if(ret < 0)
{
TFE_LOG_ERROR(logger, "MESA_prof_load: kni_ip not set, profile is %s, section is %s", profile, section);
goto error_out;
}
ret = MESA_load_profile_int_nodef(profile, section, "kni_port", &kni_port);
if(ret < 0)
{
TFE_LOG_ERROR(logger, "MESA_prof_load: kni_port not set, profile is %s, section is %s", profile, section);
goto error_out;
}
TFE_LOG_INFO(logger, "MESA_prof_load, [%s]:\n kni_ip: %s\n kni_port: %d",
section, kni_ip, kni_port);
sender->send_switch = send_switch; sender->send_switch = send_switch;
if(send_switch == 0) if(send_switch == 0)
{ {

8
platform/src/ssl_stream.cpp
View File

@@ -1179,7 +1179,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect server latency %ld ms: addr=%s, sni=%s", jiffies_ms, s_stream->tcp_stream->str_stream_info, sni); TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect server latency %ld ms: addr=%s, sni=%s", jiffies_ms, s_stream->tcp_stream->str_stream_info, sni);
} }
s_stream->connect_latency_ms=jiffies_ms; s_stream->connect_latency_ms=jiffies_ms;
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_UPSTREAM_LATENCY, jiffies_ms); ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_SERVER_SIDE_LATENCY, jiffies_ms);
if(!SSL_session_reused(s_stream->ssl)) if(!SSL_session_reused(s_stream->ssl))
{ {
@@ -1253,7 +1253,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
} }
} }
s_stream->negotiated_version=SSL_version(s_stream->ssl); s_stream->negotiated_version=SSL_version(s_stream->ssl);
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_UPSTREAM_VERSION, SSL_get_version(s_stream->ssl)); ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_SERVER_SIDE_VERSION, SSL_get_version(s_stream->ssl));
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed); ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed);
promise_success(p, ctx); promise_success(p, ctx);
} }
@@ -1777,7 +1777,7 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect client latency %ld ms: addr=%s, sni=%s", jiffies_ms, s_stream->tcp_stream->str_stream_info, sni); TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect client latency %ld ms: addr=%s, sni=%s", jiffies_ms, s_stream->tcp_stream->str_stream_info, sni);
} }
s_stream->connect_latency_ms=jiffies_ms; s_stream->connect_latency_ms=jiffies_ms;
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_DOWNSTREAM_LATENCY, jiffies_ms); ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, jiffies_ms);
bufferevent_disable(ctx->bev_down, EV_READ | EV_WRITE); bufferevent_disable(ctx->bev_down, EV_READ | EV_WRITE);
bufferevent_setcb(ctx->bev_down, NULL, NULL, NULL, NULL); //leave a clean bev for on_success bufferevent_setcb(ctx->bev_down, NULL, NULL, NULL, NULL); //leave a clean bev for on_success
@@ -1786,7 +1786,7 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
log_ssl_master_key(s_stream->ssl, ctx->fd_downstream, CONN_DIR_DOWNSTREAM, mgr->fp_master_key); log_ssl_master_key(s_stream->ssl, ctx->fd_downstream, CONN_DIR_DOWNSTREAM, mgr->fp_master_key);
} }
s_stream->negotiated_version=SSL_version(s_stream->ssl); s_stream->negotiated_version=SSL_version(s_stream->ssl);
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_DOWNSTREAM_VERSION, SSL_get_version(s_stream->ssl)); ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_CLIENT_SIDE_VERSION, SSL_get_version(s_stream->ssl));
promise_success(p, ctx); promise_success(p, ctx);
} }