cmsg适配控制报文类型, TFE_CMSG_SSL_INTERCEPT_STATE/TFE_CMSG_SSL_PINNING_STATE/TFE_CMSG_SSL_CERT_VERIFY的类型从uint64改为uint8
This commit is contained in:
luwenpeng
@@ -41,13 +41,13 @@ enum tfe_cmsg_tlv_type
|
|||||||
TFE_CMSG_KEYRING_FOR_TRUSTED_ID, // size int
|
TFE_CMSG_KEYRING_FOR_TRUSTED_ID, // size int
|
||||||
TFE_CMSG_KEYRING_FOR_UNTRUSTED, // size int
|
TFE_CMSG_KEYRING_FOR_UNTRUSTED, // size int
|
||||||
|
|
||||||
TFE_CMSG_SSL_INTERCEPT_STATE, //size uint64_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
|
TFE_CMSG_SSL_INTERCEPT_STATE, //size uint8_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
|
||||||
TFE_CMSG_SSL_SERVER_SIDE_LATENCY, //size uint64_t, milisecond
|
TFE_CMSG_SSL_SERVER_SIDE_LATENCY, //size uint64_t, milisecond
|
||||||
TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, //size uint64_t, milisecond
|
TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, //size uint64_t, milisecond
|
||||||
TFE_CMSG_SSL_SERVER_SIDE_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
|
TFE_CMSG_SSL_SERVER_SIDE_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
|
||||||
TFE_CMSG_SSL_CLIENT_SIDE_VERSION,
|
TFE_CMSG_SSL_CLIENT_SIDE_VERSION,
|
||||||
TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning
|
TFE_CMSG_SSL_PINNING_STATE, // size uint8_t, 0-not pinning 1-pinning 2-maybe pinning
|
||||||
TFE_CMSG_SSL_CERT_VERIFY,
|
TFE_CMSG_SSL_CERT_VERIFY, // size uint8_t
|
||||||
TFE_CMSG_SSL_ERROR, //string
|
TFE_CMSG_SSL_ERROR, //string
|
||||||
|
|
||||||
/* Original Traffic's src & dst MAC address */
|
/* Original Traffic's src & dst MAC address */
|
||||||
|
|||||||
@@ -194,7 +194,7 @@ int tfe_proxy_fds_accept(struct tfe_proxy *ctx, int fd_downstream, int fd_upstre
|
|||||||
if (unlikely(ctx->tcp_all_passthrough) || tcp_passthrough > 0)
|
if (unlikely(ctx->tcp_all_passthrough) || tcp_passthrough > 0)
|
||||||
{
|
{
|
||||||
bool __true = true;
|
bool __true = true;
|
||||||
uint64_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
|
uint8_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
|
||||||
enum tfe_stream_proto __session_type = STREAM_PROTO_PLAIN;
|
enum tfe_stream_proto __session_type = STREAM_PROTO_PLAIN;
|
||||||
|
|
||||||
tfe_stream_option_set(stream, TFE_STREAM_OPT_PASSTHROUGH, &__true, sizeof(__true));
|
tfe_stream_option_set(stream, TFE_STREAM_OPT_PASSTHROUGH, &__true, sizeof(__true));
|
||||||
|
|||||||
@@ -202,7 +202,7 @@ struct ssl_upstream_parts
|
|||||||
int keyring_for_trusted;
|
int keyring_for_trusted;
|
||||||
int keyring_for_untrusted;
|
int keyring_for_untrusted;
|
||||||
struct ssl_chello * client_hello;
|
struct ssl_chello * client_hello;
|
||||||
int is_server_cert_verify_passed;
|
uint8_t is_server_cert_verify_passed;
|
||||||
};
|
};
|
||||||
struct ssl_downstream_parts
|
struct ssl_downstream_parts
|
||||||
{
|
{
|
||||||
@@ -1082,6 +1082,13 @@ void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_typ
|
|||||||
assert(ret==0);
|
assert(ret==0);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
static void ssl_stream_set_cmsg_uint8(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, uint8_t value_int)
|
||||||
|
{
|
||||||
|
struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream);
|
||||||
|
UNUSED int ret=tfe_cmsg_set(cmsg, type, (const unsigned char*)&value_int, (uint16_t)sizeof(value_int));
|
||||||
|
assert(ret==0);
|
||||||
|
return;
|
||||||
|
}
|
||||||
static void ssl_stream_set_cmsg_integer(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, uint64_t value_int)
|
static void ssl_stream_set_cmsg_integer(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, uint64_t value_int)
|
||||||
{
|
{
|
||||||
struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream);
|
struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream);
|
||||||
@@ -1329,7 +1336,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
s_upstream->is_server_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
|
s_upstream->is_server_cert_verify_passed = !!ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
|
||||||
s_stream->ssl, s_stream->up_parts.client_hello->sni, &(s_stream->up_parts.verify_param),
|
s_stream->ssl, s_stream->up_parts.client_hello->sni, &(s_stream->up_parts.verify_param),
|
||||||
error_str, sizeof(error_str), &(s_stream->up_parts.verify_result));
|
error_str, sizeof(error_str), &(s_stream->up_parts.verify_result));
|
||||||
TFE_LOG_DEBUG(g_default_logger,
|
TFE_LOG_DEBUG(g_default_logger,
|
||||||
@@ -1407,7 +1414,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
|||||||
}
|
}
|
||||||
s_stream->negotiated_version=SSL_version(s_stream->ssl);
|
s_stream->negotiated_version=SSL_version(s_stream->ssl);
|
||||||
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_SERVER_SIDE_VERSION, SSL_get_version(s_stream->ssl));
|
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_SERVER_SIDE_VERSION, SSL_get_version(s_stream->ssl));
|
||||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed);
|
ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed);
|
||||||
promise_success(p, ctx);
|
promise_success(p, ctx);
|
||||||
}
|
}
|
||||||
if(s_stream->error)
|
if(s_stream->error)
|
||||||
@@ -1453,15 +1460,15 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
|
|||||||
{
|
{
|
||||||
case JA3_PINNING_STATUS_NOT_PINNING:
|
case JA3_PINNING_STATUS_NOT_PINNING:
|
||||||
ctx->mgr->svc_cache->stat.app_not_pinning_cnt++;
|
ctx->mgr->svc_cache->stat.app_not_pinning_cnt++;
|
||||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_NOT_PINNING);
|
ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_NOT_PINNING);
|
||||||
break;
|
break;
|
||||||
case JA3_PINNING_STATUS_IS_PINNING:
|
case JA3_PINNING_STATUS_IS_PINNING:
|
||||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
|
ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
|
||||||
break;
|
break;
|
||||||
case JA3_PINNING_STATUS_UNKNOWN:
|
case JA3_PINNING_STATUS_UNKNOWN:
|
||||||
/* fall through */
|
/* fall through */
|
||||||
default:
|
default:
|
||||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, svc_status->cli_pinning_status);
|
ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, svc_status->cli_pinning_status);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2213,7 +2220,7 @@ uint64_t ssl_stream_get_policy_id(struct ssl_stream *upstream)
|
|||||||
uint16_t out_size;
|
uint16_t out_size;
|
||||||
uint64_t policy_id = 0;
|
uint64_t policy_id = 0;
|
||||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)policy_id, sizeof(policy_id), &out_size);
|
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&policy_id, sizeof(policy_id), &out_size);
|
||||||
assert(ret == 0);
|
assert(ret == 0);
|
||||||
|
|
||||||
return policy_id;
|
return policy_id;
|
||||||
@@ -2224,7 +2231,7 @@ int ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream)
|
|||||||
uint16_t out_size;
|
uint16_t out_size;
|
||||||
int profile_id = 0;
|
int profile_id = 0;
|
||||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)profile_id, sizeof(profile_id), &out_size);
|
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)&profile_id, sizeof(profile_id), &out_size);
|
||||||
assert(ret == 0);
|
assert(ret == 0);
|
||||||
|
|
||||||
return profile_id;
|
return profile_id;
|
||||||
@@ -2235,7 +2242,7 @@ int ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream)
|
|||||||
uint16_t out_size;
|
uint16_t out_size;
|
||||||
int keyring_id = 0;
|
int keyring_id = 0;
|
||||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)keyring_id, sizeof(keyring_id), &out_size);
|
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size);
|
||||||
assert(ret == 0);
|
assert(ret == 0);
|
||||||
|
|
||||||
return keyring_id;
|
return keyring_id;
|
||||||
@@ -2246,7 +2253,7 @@ int ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream)
|
|||||||
uint16_t out_size;
|
uint16_t out_size;
|
||||||
int keyring_id = 0;
|
int keyring_id = 0;
|
||||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)keyring_id, sizeof(keyring_id), &out_size);
|
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size);
|
||||||
assert(ret == 0);
|
assert(ret == 0);
|
||||||
|
|
||||||
return keyring_id;
|
return keyring_id;
|
||||||
|
|||||||
Reference in New Issue
Block a user