cmsg适配控制报文类型, TFE_CMSG_SSL_INTERCEPT_STATE/TFE_CMSG_SSL_PINNING_STATE/TFE_CMSG_SSL_CERT_VERIFY的类型从uint64改为uint8
This commit is contained in:
luwenpeng
@@ -41,13 +41,13 @@ enum tfe_cmsg_tlv_type
|
||||
TFE_CMSG_KEYRING_FOR_TRUSTED_ID, // size int
|
||||
TFE_CMSG_KEYRING_FOR_UNTRUSTED, // size int
|
||||
|
||||
TFE_CMSG_SSL_INTERCEPT_STATE, //size uint64_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
|
||||
TFE_CMSG_SSL_INTERCEPT_STATE, //size uint8_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
|
||||
TFE_CMSG_SSL_SERVER_SIDE_LATENCY, //size uint64_t, milisecond
|
||||
TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, //size uint64_t, milisecond
|
||||
TFE_CMSG_SSL_SERVER_SIDE_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
|
||||
TFE_CMSG_SSL_CLIENT_SIDE_VERSION,
|
||||
TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning
|
||||
TFE_CMSG_SSL_CERT_VERIFY,
|
||||
TFE_CMSG_SSL_PINNING_STATE, // size uint8_t, 0-not pinning 1-pinning 2-maybe pinning
|
||||
TFE_CMSG_SSL_CERT_VERIFY, // size uint8_t
|
||||
TFE_CMSG_SSL_ERROR, //string
|
||||
|
||||
/* Original Traffic's src & dst MAC address */
|
||||
|
||||
@@ -194,7 +194,7 @@ int tfe_proxy_fds_accept(struct tfe_proxy *ctx, int fd_downstream, int fd_upstre
|
||||
if (unlikely(ctx->tcp_all_passthrough) || tcp_passthrough > 0)
|
||||
{
|
||||
bool __true = true;
|
||||
uint64_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
|
||||
uint8_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
|
||||
enum tfe_stream_proto __session_type = STREAM_PROTO_PLAIN;
|
||||
|
||||
tfe_stream_option_set(stream, TFE_STREAM_OPT_PASSTHROUGH, &__true, sizeof(__true));
|
||||
|
||||
@@ -202,7 +202,7 @@ struct ssl_upstream_parts
|
||||
int keyring_for_trusted;
|
||||
int keyring_for_untrusted;
|
||||
struct ssl_chello * client_hello;
|
||||
int is_server_cert_verify_passed;
|
||||
uint8_t is_server_cert_verify_passed;
|
||||
};
|
||||
struct ssl_downstream_parts
|
||||
{
|
||||
@@ -1082,6 +1082,13 @@ void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_typ
|
||||
assert(ret==0);
|
||||
return;
|
||||
}
|
||||
static void ssl_stream_set_cmsg_uint8(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, uint8_t value_int)
|
||||
{
|
||||
struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream);
|
||||
UNUSED int ret=tfe_cmsg_set(cmsg, type, (const unsigned char*)&value_int, (uint16_t)sizeof(value_int));
|
||||
assert(ret==0);
|
||||
return;
|
||||
}
|
||||
static void ssl_stream_set_cmsg_integer(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, uint64_t value_int)
|
||||
{
|
||||
struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream);
|
||||
@@ -1329,7 +1336,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
}
|
||||
else
|
||||
{
|
||||
s_upstream->is_server_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
|
||||
s_upstream->is_server_cert_verify_passed = !!ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
|
||||
s_stream->ssl, s_stream->up_parts.client_hello->sni, &(s_stream->up_parts.verify_param),
|
||||
error_str, sizeof(error_str), &(s_stream->up_parts.verify_result));
|
||||
TFE_LOG_DEBUG(g_default_logger,
|
||||
@@ -1407,7 +1414,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
}
|
||||
s_stream->negotiated_version=SSL_version(s_stream->ssl);
|
||||
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_SERVER_SIDE_VERSION, SSL_get_version(s_stream->ssl));
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed);
|
||||
ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed);
|
||||
promise_success(p, ctx);
|
||||
}
|
||||
if(s_stream->error)
|
||||
@@ -1453,15 +1460,15 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
|
||||
{
|
||||
case JA3_PINNING_STATUS_NOT_PINNING:
|
||||
ctx->mgr->svc_cache->stat.app_not_pinning_cnt++;
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_NOT_PINNING);
|
||||
ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_NOT_PINNING);
|
||||
break;
|
||||
case JA3_PINNING_STATUS_IS_PINNING:
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
|
||||
ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
|
||||
break;
|
||||
case JA3_PINNING_STATUS_UNKNOWN:
|
||||
/* fall through */
|
||||
default:
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, svc_status->cli_pinning_status);
|
||||
ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, svc_status->cli_pinning_status);
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -2213,7 +2220,7 @@ uint64_t ssl_stream_get_policy_id(struct ssl_stream *upstream)
|
||||
uint16_t out_size;
|
||||
uint64_t policy_id = 0;
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)policy_id, sizeof(policy_id), &out_size);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&policy_id, sizeof(policy_id), &out_size);
|
||||
assert(ret == 0);
|
||||
|
||||
return policy_id;
|
||||
@@ -2224,7 +2231,7 @@ int ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream)
|
||||
uint16_t out_size;
|
||||
int profile_id = 0;
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)profile_id, sizeof(profile_id), &out_size);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)&profile_id, sizeof(profile_id), &out_size);
|
||||
assert(ret == 0);
|
||||
|
||||
return profile_id;
|
||||
@@ -2235,7 +2242,7 @@ int ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream)
|
||||
uint16_t out_size;
|
||||
int keyring_id = 0;
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)keyring_id, sizeof(keyring_id), &out_size);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size);
|
||||
assert(ret == 0);
|
||||
|
||||
return keyring_id;
|
||||
@@ -2246,7 +2253,7 @@ int ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream)
|
||||
uint16_t out_size;
|
||||
int keyring_id = 0;
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)keyring_id, sizeof(keyring_id), &out_size);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size);
|
||||
assert(ret == 0);
|
||||
|
||||
return keyring_id;
|
||||
|
||||
Reference in New Issue
Block a user