gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ssl policy增加调试输出。

Browse Source
This commit is contained in:
zhengchao
2019-06-14 18:58:03 +08:00
parent 39c84b0bbd
commit b2eb88a7ad
3 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
common/include/ssl_stream.h
View File

@@ -1,5 +1,5 @@
#pragma once #pragma once
#include <stdlib.h>
struct ssl_stream; struct ssl_stream;
enum ssl_stream_action enum ssl_stream_action
@@ -26,11 +26,14 @@ enum SSL_STREAM_OPT
SSL_STREAM_OPT_PROTOCOL_MIN_VERSION, SSL_STREAM_OPT_PROTOCOL_MIN_VERSION,
SSL_STREAM_OPT_PROTOCOL_MAX_VERSION, SSL_STREAM_OPT_PROTOCOL_MAX_VERSION,
SSL_STREAM_OPT_ENABLE_ALPN, SSL_STREAM_OPT_ENABLE_ALPN,
SSL_STREAM_OPT_KEYRING_ID SSL_STREAM_OPT_KEYRING_ID,
SSL_STREAM_OPT_SNI, //VALUE is string
SSL_STREAM_OPT_ADDR //VALUE is string
}; };
int sslver_str2num(const char * version_str); int sslver_str2num(const char * version_str);
//s_stream must be upstream. //s_stream must be upstream.
int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int opt_val); int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int opt_val);
int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int *opt_val); int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int *opt_val);
int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char* in_buff, size_t sz);

17
platform/src/ssl_stream.cpp
View File

@@ -2174,4 +2174,21 @@ int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT
return 0; return 0;
} }
int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char* in_buff, size_t sz)
{
const char* sni=upstream->up_parts.client_hello->sni?upstream->up_parts.client_hello->sni:"null";
switch(opt_type)
{
case SSL_STREAM_OPT_SNI:
strncpy(in_buff, sni, sz);
break;
case SSL_STREAM_OPT_ADDR:
strncpy(in_buff, upstream->tcp_stream->str_stream_info, sz);
break;
default:
assert(0);
return -1;
}
return 0;
}

7
plugin/business/ssl-policy/src/ssl_policy.cpp
View File

@@ -195,6 +195,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
UNUSED int ret=0; UNUSED int ret=0;
int policy_id=0; int policy_id=0;
char policy_id_str[16]={0}; char policy_id_str[16]={0};
char sni[512], addr_string[512];
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_INTERCEPT_POLICY_ID, &policy_id); ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_INTERCEPT_POLICY_ID, &policy_id);
assert(ret==0); assert(ret==0);
snprintf(policy_id_str, sizeof(policy_id_str), "%d", policy_id); snprintf(policy_id_str, sizeof(policy_id_str), "%d", policy_id);
@@ -204,6 +205,12 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
TFE_LOG_INFO(enforcer->logger, "Failed to get intercept parameter of policy %d.", policy_id); TFE_LOG_INFO(enforcer->logger, "Failed to get intercept parameter of policy %d.", policy_id);
return SSL_ACTION_PASSTHROUGH; return SSL_ACTION_PASSTHROUGH;
} }
else
{
ssl_stream_get_string_opt(upstream, SSL_STREAM_OPT_SNI, sni, sizeof(sni));
ssl_stream_get_string_opt(upstream, SSL_STREAM_OPT_ADDR, sni, sizeof(addr_string));
TFE_LOG_DEBUG(enforcer->logger, "%s %s enforce policy %d", addr_string, sni, policy_id);
}
int pinning_staus=0, is_ev=0, is_ct=0, is_mauth=0, has_error=0; int pinning_staus=0, is_ev=0, is_ct=0, is_mauth=0, has_error=0;
if(!param->mirror_client_version) if(!param->mirror_client_version)
{ {