gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加从配置文件读取 service_cache_succ_as_app_not_pinning_cnt 配置项的功能

Browse Source
This commit is contained in:
luwenpeng
2019-08-26 15:28:04 +08:00
parent 90e6ec4fdc
commit f9420b16bb
4 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
conf/tfe/tfe.conf
View File

@@ -21,6 +21,7 @@ key_log_file=log/sslkeylog.log
no_alpn=0 no_alpn=0
stek_group_num=4 stek_group_num=4
stek_rotation_time=3600 stek_rotation_time=3600
service_cache_succ_as_app_not_pinning_cnt=3
[key_keeper] [key_keeper]
#Mode: debug - generate cert with ca_path, normal - generate cert with cert store #Mode: debug - generate cert with ca_path, normal - generate cert with cert store

2
platform/include/internal/ssl_service_cache.h
View File

@@ -18,7 +18,7 @@ struct ssl_service_status
}; };
struct ssl_service_cache; struct ssl_service_cache;
struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int fail_time_win); struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int succ_as_app_not_pinning_cnt, int fail_time_win);
void ssl_service_cache_destroy(struct ssl_service_cache* cache); void ssl_service_cache_destroy(struct ssl_service_cache* cache);
int ssl_service_cache_read(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, struct ssl_service_status* result); int ssl_service_cache_read(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, struct ssl_service_status* result);

8
platform/src/ssl_service_cache.cpp
View File

@@ -4,10 +4,6 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#define FAIL_AS_PINNING_COUNT 4
#define FAIL_TIME_WINDOW 30
#define FAIL_AS_PROTO_ERR_COUNT 5
#define SUCC_AS_APP_NOT_PINNING 3
struct ssl_svc_client_st struct ssl_svc_client_st
{ {
time_t last_update_time; time_t last_update_time;
@@ -399,7 +395,7 @@ void ssl_service_cache_write(struct ssl_service_cache* svc_cache, const struct s
MESA_htable_search_cb(svc_cache->app_st_hash, hash_key, (unsigned int) hash_key_sz, app_st_write_cb, &write_args, &svr_st_cb_ret); MESA_htable_search_cb(svc_cache->app_st_hash, hash_key, (unsigned int) hash_key_sz, app_st_write_cb, &write_args, &svr_st_cb_ret);
} }
} }
struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int fail_time_win) struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int succ_as_app_not_pinning_cnt, int fail_time_win)
{ {
struct ssl_service_cache * cache = ALLOC(struct ssl_service_cache, 1); struct ssl_service_cache * cache = ALLOC(struct ssl_service_cache, 1);
unsigned max_num = slot_size * 4; unsigned max_num = slot_size * 4;
@@ -409,7 +405,7 @@ struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsig
cache->fail_as_cli_pinning_count=fail_as_pinning_cnt; cache->fail_as_cli_pinning_count=fail_as_pinning_cnt;
cache->fail_as_proto_err_count=fail_as_proto_err_cnt; cache->fail_as_proto_err_count=fail_as_proto_err_cnt;
cache->fail_time_window=fail_time_win; cache->fail_time_window=fail_time_win;
cache->succ_as_app_not_pinning_count=SUCC_AS_APP_NOT_PINNING;//TODO: read from profile. cache->succ_as_app_not_pinning_count = succ_as_app_not_pinning_cnt;
void (*free_func[])(void *)={ssl_svc_free_client_st, ssl_svc_free_server_st, ssl_svc_free_app_st}; void (*free_func[])(void *)={ssl_svc_free_client_st, ssl_svc_free_server_st, ssl_svc_free_app_st};
for(i=0; i<3; i++) for(i=0; i<3; i++)
{ {

4
platform/src/ssl_stream.cpp
View File

@@ -134,6 +134,7 @@ struct ssl_mgr
unsigned int svc_expire_seconds; unsigned int svc_expire_seconds;
unsigned int svc_fail_as_pinning_cnt; unsigned int svc_fail_as_pinning_cnt;
unsigned int svc_fail_as_proto_err_cnt; unsigned int svc_fail_as_proto_err_cnt;
unsigned int svc_succ_as_app_not_pinning_cnt;
unsigned int svc_cnt_time_window; unsigned int svc_cnt_time_window;
struct sess_cache * down_sess_cache; struct sess_cache * down_sess_cache;
@@ -694,12 +695,15 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
&(mgr->svc_fail_as_pinning_cnt), 4); &(mgr->svc_fail_as_pinning_cnt), 4);
MESA_load_profile_uint_def(ini_profile, section, "service_cache_fail_as_proto_err_cnt", MESA_load_profile_uint_def(ini_profile, section, "service_cache_fail_as_proto_err_cnt",
&(mgr->svc_fail_as_proto_err_cnt), 5); &(mgr->svc_fail_as_proto_err_cnt), 5);
MESA_load_profile_uint_def(ini_profile, section, "service_cache_succ_as_app_not_pinning_cnt",
&(mgr->svc_succ_as_app_not_pinning_cnt), 3);
MESA_load_profile_uint_def(ini_profile, section, "service_cache_fail_time_window", MESA_load_profile_uint_def(ini_profile, section, "service_cache_fail_time_window",
&(mgr->svc_cnt_time_window), 30); &(mgr->svc_cnt_time_window), 30);
mgr->svc_cache=ssl_service_cache_create(mgr->svc_cache_slots, mgr->svc_expire_seconds, mgr->svc_cache=ssl_service_cache_create(mgr->svc_cache_slots, mgr->svc_expire_seconds,
mgr->svc_fail_as_pinning_cnt, mgr->svc_fail_as_pinning_cnt,
mgr->svc_fail_as_proto_err_cnt, mgr->svc_fail_as_proto_err_cnt,
mgr->svc_succ_as_app_not_pinning_cnt,
mgr->svc_cnt_time_window); mgr->svc_cnt_time_window);
mgr->key_keeper = key_keeper_init(ini_profile, "key_keeper", logger); mgr->key_keeper = key_keeper_init(ini_profile, "key_keeper", logger);