TSG-4030 Security Event Logs 中的 SSL.Intercept State 为 Passthrough 时,并未说明引起 Passthrough 的原因
(当命中 tcp passthrough 时,将 ssl_intercept_status 设置为 passthrough)
This commit is contained in:
luwenpeng
@@ -10,48 +10,70 @@
|
||||
|
||||
int main()
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
///////////////////////////////////////////////////////////////////////////
|
||||
// Set CMSG (If the current tlv has been set, the previous value will be overwritten)
|
||||
///////////////////////////////////////////////////////////////////////////
|
||||
|
||||
/*
|
||||
int main(){
|
||||
//init
|
||||
struct tfe_cmsg *cmsg = tfe_cmsg_init();
|
||||
struct tfe_cmsg *cmsg_encode = tfe_cmsg_init();
|
||||
|
||||
//set
|
||||
uint32_t value = 0x12345678;
|
||||
int ret = tfe_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (const unsigned char*)(&value), 4);
|
||||
printf("tfe_cmsg_set: ret is %d\n", ret);
|
||||
// set TFE_CMSG_TCP_RESTORE_SEQ
|
||||
uint32_t set_number_value = 0x12345678;
|
||||
uint16_t set_number_length = 4;
|
||||
int ret = tfe_cmsg_set(cmsg_encode, TFE_CMSG_TCP_RESTORE_SEQ, (const unsigned char *)(&set_number_value), set_number_length);
|
||||
assert(ret == 0);
|
||||
|
||||
//get TCP_RESTORE_INFO_TLV_SEQ
|
||||
uint16_t size = -1;
|
||||
unsigned char *value1 = NULL;
|
||||
ret = tfe_cmsg_get(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, &size, &value1);
|
||||
printf("tfe_cmsg_get: ret is %d, type is TCP_RESTORE_INFO_TLV_SEQ, value is 0x%02x, value_size is %d\n", ret, ((uint32_t*)value1)[0], size);
|
||||
// set TFE_CMSG_SSL_PASSTHROUGH_REASON
|
||||
char set_string_value_tcp[] = "TCP Passthrough";
|
||||
char set_string_value_ct[] = "Certificate Transparency";
|
||||
char set_string_value_ev[] = "EV Certificate";
|
||||
ret = tfe_cmsg_set(cmsg_encode, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)&set_string_value_tcp, strlen(set_string_value_tcp));
|
||||
assert(ret == 0);
|
||||
ret = tfe_cmsg_set(cmsg_encode, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)&set_string_value_ct, strlen(set_string_value_ct));
|
||||
assert(ret == 0);
|
||||
ret = tfe_cmsg_set(cmsg_encode, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)&set_string_value_ev, strlen(set_string_value_ev));
|
||||
assert(ret == 0);
|
||||
|
||||
//get_serialize_size
|
||||
size = tfe_cmsg_serialize_size_get(cmsg);
|
||||
printf("tfe_cmsg_serialize_size_get: size is %d\n", size);
|
||||
// Get buff size
|
||||
uint16_t buff_size = tfe_cmsg_serialize_size_get(cmsg_encode);
|
||||
printf("cmsg_encode: buff_size %d\n", buff_size);
|
||||
|
||||
//serialize
|
||||
unsigned char buff[size];
|
||||
// Serialize
|
||||
unsigned char *temp_buff = ALLOC(unsigned char, buff_size);
|
||||
uint16_t serialize_len = -1;
|
||||
ret = tfe_cmsg_serialize(cmsg, buff, size, &serialize_len);
|
||||
printf("tfe_cmsg_serialize: ret is %d, serialize_len is %d, serialize result is: ", ret, serialize_len);
|
||||
for(int i = 0; i < serialize_len; i++){
|
||||
printf("%02x ", buff[i]);
|
||||
ret = tfe_cmsg_serialize(cmsg_encode, temp_buff, buff_size, &serialize_len);
|
||||
assert(ret == 0);
|
||||
printf("cmsg_encode after serialize, len: %d data: ", serialize_len);
|
||||
for (int i = 0; i < serialize_len; i++)
|
||||
{
|
||||
printf("%02x ", temp_buff[i]);
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
//deserialize
|
||||
struct tfe_cmsg *cmsg1 = NULL;
|
||||
ret = tfe_cmsg_deserialize(buff, serialize_len, &cmsg1);
|
||||
printf("tfe_cmsg_deserialize: ret is %d\n", ret);
|
||||
tfe_cmsg_destroy(cmsg_encode);
|
||||
|
||||
//get TCP_RESTORE_INFO_TLV_SEQ
|
||||
size = -1;
|
||||
unsigned char *value2 = NULL;
|
||||
ret = tfe_cmsg_get(cmsg1, TFE_CMSG_TCP_RESTORE_SEQ, &size, &value2);
|
||||
printf("tfe_cmsg_get: ret is %d, type is TCP_RESTORE_INFO_TLV_SEQ, value is 0x%02x, value_size is %d\n", ret, ((uint32_t*)value2)[0], size);
|
||||
}
|
||||
*/
|
||||
///////////////////////////////////////////////////////////////////////////
|
||||
// Get CMSG
|
||||
///////////////////////////////////////////////////////////////////////////
|
||||
|
||||
struct tfe_cmsg *cmsg_decode = NULL;
|
||||
ret = tfe_cmsg_deserialize(temp_buff, serialize_len, &cmsg_decode);
|
||||
assert(ret == 0);
|
||||
|
||||
// get TCP_RESTORE_INFO_TLV_SEQ
|
||||
uint32_t get_number_value = 0;
|
||||
uint16_t get_number_length = 0;
|
||||
ret = tfe_cmsg_get_value(cmsg_decode, TFE_CMSG_TCP_RESTORE_SEQ, (unsigned char *)&get_number_value, sizeof(get_number_value), &get_number_length);
|
||||
assert(ret == 0);
|
||||
printf("cmsg_decode: TCP_RESTORE_INFO_TLV_SEQ, value is 0x%02x, size is %d\n", get_number_value, get_number_length);
|
||||
|
||||
// get TFE_CMSG_SSL_PASSTHROUGH_REASON
|
||||
unsigned char get_string_value[32] = {0};
|
||||
uint16_t get_string_len = 0;
|
||||
ret = tfe_cmsg_get_value(cmsg_decode, TFE_CMSG_SSL_PASSTHROUGH_REASON, (unsigned char *)&get_string_value, sizeof(get_string_value), &get_string_len);
|
||||
assert(ret == 0);
|
||||
printf("cmsg_decode: TFE_CMSG_SSL_PASSTHROUGH_REASON, value is %s, size is %d\n", get_string_value, get_string_len);
|
||||
|
||||
tfe_cmsg_destroy(cmsg_decode);
|
||||
|
||||
return 0;
|
||||
}
|
||||
Reference in New Issue
Block a user