gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-4030 Security Event Logs 中的 SSL.Intercept State 为 Passthrough 时,并未说明引起 Passthrough 的原因

Browse Source 
(当命中 tcp passthrough 时,将 ssl_intercept_status 设置为 passthrough)
This commit is contained in:
luwenpeng
2021-12-31 14:06:19 +08:00
committed by luwenpeng
parent b54d87f82e
commit e2be64b67b
8 changed files with 118 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
platform/src/proxy.cpp
View File

@@ -192,10 +192,13 @@ int tfe_proxy_fds_accept(struct tfe_proxy * ctx, int fd_downstream, int fd_upstr
if (unlikely(ctx->tcp_all_passthrough) || tcp_passthrough > 0)
{
bool __true = true;
uint64_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
enum tfe_stream_proto __session_type = STREAM_PROTO_PLAIN;
tfe_stream_option_set(stream, TFE_STREAM_OPT_PASSTHROUGH, &__true, sizeof(__true));
tfe_stream_option_set(stream, TFE_STREAM_OPT_SESSION_TYPE, &__session_type, sizeof(__session_type));
tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)"TCP Passthrough", (uint16_t)strlen("TCP Passthrough"));
tfe_cmsg_set(cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, (const unsigned char *)&ssl_intercept_status, (uint16_t)sizeof(ssl_intercept_status));
}
TFE_LOG_DEBUG(ctx->logger, "%p: fetch tcp options: cmsg's tcp_passthrough: %d, conf's tcp_passthrough: %d, enalbe passthrough: %d",
stream, tcp_passthrough, ctx->tcp_all_passthrough, (ctx->tcp_all_passthrough > 0 || tcp_passthrough > 0) ? 1 : 0);