为了识别第二种pinning:在tcp_stream的event callback中,若接收字节数为0,调用ssl_stream_process_zero_eof。
This commit is contained in:
zhengchao
@@ -48,6 +48,7 @@ struct tfe_conn_private
|
||||
struct bufferevent * bev;
|
||||
struct ev_token_bucket_cfg * ratelimit_bucket;
|
||||
uint8_t on_writing;
|
||||
size_t total_rx_bytes, total_tx_bytes;
|
||||
};
|
||||
|
||||
enum tfe_stream_event_log_type
|
||||
|
||||
@@ -24,6 +24,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
|
||||
void ssl_manager_set_new_upstream_cb(struct ssl_mgr * mgr, ssl_stream_new_hook* new_upstream_cb, void* u_para);
|
||||
void ssl_manager_destroy(struct ssl_mgr * mgr);
|
||||
unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr);
|
||||
void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* mgr);
|
||||
|
||||
|
||||
enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result);
|
||||
|
||||
@@ -1182,6 +1182,24 @@ void ssl_stream_process_error(struct ssl_stream * s_stream, unsigned long sslerr
|
||||
return;
|
||||
}
|
||||
|
||||
void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* mgr)
|
||||
{
|
||||
struct ssl_upstream_parts* s_upstream=NULL;
|
||||
if(s_stream->dir==CONN_DIR_UPSTREAM)
|
||||
{
|
||||
return;
|
||||
}
|
||||
assert(mgr==s_stream->mgr);
|
||||
s_upstream=&s_stream->peer->up_parts;
|
||||
if(s_upstream->verify_result.is_hostmatched && s_upstream->is_server_cert_verify_passed )
|
||||
{
|
||||
s_upstream->svc_status.pinning_status=PINNING_ST_MAYBE_PINNING;
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_MAYBE_PINNING);
|
||||
ssl_service_cache_write(mgr->svc_cache, s_stream->peer->up_parts.client_hello, s_stream->tcp_stream->addr, &(s_stream->peer->up_parts.svc_status));
|
||||
}
|
||||
s_stream->error=SSL_STREAM_R_CLIENT_CLOSED;
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
@@ -1805,13 +1823,7 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
|
||||
else if(events & BEV_EVENT_EOF)
|
||||
{
|
||||
ATOMIC_INC(&(mgr->stat_val[SSL_DOWN_ERR]));
|
||||
if(s_upstream->verify_result.is_hostmatched && s_upstream->is_server_cert_verify_passed )
|
||||
{
|
||||
s_upstream->svc_status.pinning_status=PINNING_ST_MAYBE_PINNING;
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_MAYBE_PINNING);
|
||||
ssl_service_cache_write(mgr->svc_cache, s_stream->peer->up_parts.client_hello, s_stream->tcp_stream->addr, &(s_stream->peer->up_parts.svc_status));
|
||||
}
|
||||
s_stream->error=SSL_STREAM_R_CLIENT_CLOSED;
|
||||
ssl_stream_process_zero_eof(s_stream, mgr);
|
||||
}
|
||||
else if(events & BEV_EVENT_TIMEOUT)
|
||||
{
|
||||
|
||||
@@ -526,11 +526,14 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
|
||||
{
|
||||
struct tfe_stream_private * _stream = (struct tfe_stream_private *) arg;
|
||||
enum tfe_conn_dir dir = __bev_dir(_stream, bev);
|
||||
struct tfe_conn_private * this_conn = __this_conn(_stream, dir);
|
||||
struct tfe_conn_private * peer_conn = __peer_conn(_stream, dir);
|
||||
|
||||
/* Peer connection is terminated, drain all data.
|
||||
* This connection will be destoryed in __event_cb */
|
||||
struct evbuffer * inbuf = bufferevent_get_input(bev);
|
||||
size_t contigous_len = evbuffer_get_length(inbuf);
|
||||
this_conn->total_rx_bytes+=contigous_len;
|
||||
if (peer_conn == NULL)
|
||||
{
|
||||
evbuffer_drain(inbuf, evbuffer_get_length(inbuf));
|
||||
@@ -544,7 +547,6 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
|
||||
enum tfe_stream_action action_final = ACTION_FORWARD_DATA;
|
||||
|
||||
size_t drain_size = 0;
|
||||
size_t contigous_len = evbuffer_get_length(inbuf);
|
||||
unsigned char * contiguous_data = evbuffer_pullup(inbuf, contigous_len);
|
||||
|
||||
_stream->defer_bytes = 0;
|
||||
@@ -585,10 +587,12 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
|
||||
if (_stream->forward_bytes > 0)
|
||||
{
|
||||
evbuffer_remove_buffer(inbuf, outbuf, _stream->forward_bytes);
|
||||
peer_conn->total_tx_bytes+=_stream->forward_bytes;
|
||||
}
|
||||
else
|
||||
{
|
||||
evbuffer_add_buffer(outbuf, inbuf);
|
||||
peer_conn->total_tx_bytes+=contigous_len;
|
||||
}
|
||||
break;
|
||||
|
||||
@@ -743,7 +747,10 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void *
|
||||
_stream->str_stream_addr, str_conn_dir, errno, strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
else if(events & BEV_EVENT_EOF && (*ref_this_conn)->total_rx_bytes==0 && _stream->session_type==STREAM_PROTO_SSL)
|
||||
{
|
||||
ssl_stream_process_zero_eof(*ref_this_ssl_stream, g_default_proxy->ssl_mgr_handler);
|
||||
}
|
||||
if(events & BEV_EVENT_ERROR) __stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FD_ERROR, conn_dir, 0, NULL);
|
||||
if(events & BEV_EVENT_EOF) __stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FD_EOF, conn_dir, 0, NULL);
|
||||
goto __close_connection;
|
||||
|
||||
Reference in New Issue
Block a user