luwenpeng
|
8082a3f9e8
|
TSG-15240 对于Decrypted Traffic,TFE先执行Manipulation再执行Steering
|
2023-05-25 14:21:19 +08:00 |
|
luwenpeng
|
e1b16ee339
|
bugfix: close fd_fake_c/fd_fake_s on error
|
2023-05-22 16:03:06 +08:00 |
|
wangmenglan
|
fc2625c691
|
bugfix:修复packet io内存泄漏
|
2023-05-22 15:19:29 +08:00 |
|
wangmenglan
|
b931a3dc58
|
packet io增加fieldstat状态统计
|
2023-05-15 16:41:59 +08:00 |
|
wangmenglan
|
542f4cbdfa
|
TSG-14930 TFE支持发送控制报文给SAPP
|
2023-05-09 22:13:20 +08:00 |
|
luwenpeng
|
4e1c470720
|
TFE Acceptor V3 不扫描Service Chaining Rule;
tcp_passthrough执行优先级: No Intercept Rule大于Tcp Option Profile
|
2023-05-09 15:39:45 +08:00 |
|
wangmenglan
|
ceffc9b168
|
TSG-14930 TFE支持发送控制报文给SAPP
|
2023-05-09 14:23:39 +08:00 |
|
luwenpeng
|
7c3b77fb2f
|
TSG-14890 TFE输出Intercept Policy Hits Metrics
|
2023-05-08 15:32:55 +08:00 |
|
wangmenglan
|
5dcc85c1ee
|
解决编译报错
|
2023-05-06 20:48:09 +08:00 |
|
wangmenglan
|
8de8ec1c5f
|
TSG-14938 TFE支持新控制报文格式; 调整代码结构
|
2023-05-06 17:53:08 +08:00 |
|
wangmenglan
|
8a7c196c20
|
修改文件编码
|
2023-05-06 17:47:47 +08:00 |
|
wangmenglan
|
11a46269f1
|
将kni合并到tfe中
|
2023-05-06 17:47:38 +08:00 |
|
fengweihao
|
0bb38a6969
|
TSG-14786 TFE输出Proxy Rule Hits Metric
|
2023-04-25 10:13:38 +08:00 |
|
luwenpeng
|
cbf424884c
|
cmsg适配控制报文类型, TFE_CMSG_SSL_INTERCEPT_STATE/TFE_CMSG_SSL_PINNING_STATE/TFE_CMSG_SSL_CERT_VERIFY的类型从uint64改为uint8
|
2023-04-23 16:55:30 +08:00 |
|
luwenpeng
|
2138d7f13e
|
TFE适配MAAT4,编译表只注册一次
|
2023-04-23 16:35:42 +08:00 |
|
luwenpeng
|
2ee26d758d
|
bugfix
|
2023-04-21 18:31:36 +08:00 |
|
luwenpeng
|
f421e4df54
|
TSG-14789 TFE扫描service chaining策略,执行Decrypted Traffic Steering
|
2023-04-21 18:31:36 +08:00 |
|
luwenpeng
|
f741c3c025
|
TSG-14628 TFE适配TCP Option Profile库表的变更
|
2023-04-21 18:31:36 +08:00 |
|
fengweihao
|
df39fcda90
|
TSG-14484 Pxoxy支持Maat4
|
2023-03-30 19:39:18 +08:00 |
|
luwenpeng
|
a2a4c32384
|
TSG-13204 Decrypted Traffic Steering适配第三方设备状态的切换
-> 当第三方设备的状态从可用变为不可用时
* 当前Stream依然按照Steering的流程处理,从eventcb中退出
* 下一个新的Stream开始UnSteering
-> 当第三方设备的状态从不可用变为可用时
* 当前Stream依然按照UnSteering的流程处理
* 下一个新Stream开始Steering
|
2022-12-30 15:53:19 +08:00 |
|
luwenpeng
|
b2c01eaa05
|
修改Decrypted Traffic Steering access log的输出
* 将 FACKFD/ERR/DOWN 改为 FACKFD/ERR/CLIENT
* 将 FACKFD/EOF/DOWN 改为 FACKFD/EOF/CLIENT
* 将 FACKFD/ERR/UP 改为 FACKFD/ERR/SERVER
* 将 FACKFD/EOF/UP 改为 FACKFD/EOF/SERVER
|
2022-12-30 14:36:03 +08:00 |
|
luwenpeng
|
1e1214cf12
|
Decrypted Traffic Steering功能启用时仍然支持Pinning检测和Pinning Dynamic Bypass
|
2022-12-29 18:16:52 +08:00 |
|
luwenpeng
|
f2856eaa0b
|
TSG-13196 Decrypted Traffic Steering增加FieldStat字段
* stee_c_err
* stee_s_err
* stee_c_eof
* stee_s_eof
|
2022-12-29 17:24:06 +08:00 |
|
luwenpeng
|
cd93796cce
|
bugfix: 修正decrypted traffic steering debug log输出的BEV_EVENT
|
2022-12-29 15:29:23 +08:00 |
|
luwenpeng
|
2a2bead767
|
TSG-13196 Decrypted Traffic Steering时照常统计intercept bytes
* STAT_STREAM_INCPT_DOWN_BYTES
* STAT_STREAM_INCPT_UP_BYTES
* STAT_STREAM_INCPT_BYTES
|
2022-12-29 14:28:53 +08:00 |
|
luwenpeng
|
0f542d376f
|
TSG-13196 Decrypted Traffic Steering增加FieldStat字段
* stee_ssl_conn
* stee_http_conn
* stee_c_tx_B
* stee_s_rx_B
* stee_s_tx_B
* stee_c_rx_B
|
2022-12-29 10:24:05 +08:00 |
|
luwenpeng
|
3268648414
|
TSG-13196 STAT_FD_CLOSE字段不统计Decrypted Traffic Steering的FD
|
2022-12-28 17:35:43 +08:00 |
|
luwenpeng
|
60d8f67f85
|
TSG-13171 Decrypted Traffic Steering构造的SYN/SYN ACK/ACK支持TimeStamp选项
|
2022-12-27 18:40:57 +08:00 |
|
luwenpeng
|
ee9f66a196
|
TSG-13175 Decrypted Traffic Steering构造的SYN/SYN ACK支持MSS选项
|
2022-12-27 14:12:42 +08:00 |
|
luwenpeng
|
fdf203b25e
|
NF QUEUE未配置eth时,默认不绑定eth device
|
2022-12-26 17:09:33 +08:00 |
|
luwenpeng
|
dc4205c9b0
|
TSG-13170 Decrypted Traffic Steering构造的SYN/SYN ACK支持SACK选项
bugfix: IPv6 ACK Packet: invalid flag
|
2022-12-26 16:57:09 +08:00 |
|
luwenpeng
|
29a75b1d9c
|
TSG-13157 Decrypted Traffic Steering构造的SYN/SYN ACK支持窗口扩大选项
|
2022-12-26 14:31:22 +08:00 |
|
luwenpeng
|
9d12fe7304
|
TSG-13114 TFE的Decrypted Traffic Steering功能支持IPv6协议
tfe-env.service中增加Decrypted Traffic Steering的策略路由
|
2022-12-23 13:56:19 +08:00 |
|
luwenpeng
|
4142c18ddf
|
Decrypted Traffic Steering增加enable_steering_http和enable_steering_ssl开关,支持按照协议类型回流
|
2022-12-23 13:56:19 +08:00 |
|
luwenpeng
|
7978e74321
|
TSG-13042 构造三次握手报文,通过原始套接字注入tap_client和tap_server
|
2022-12-23 13:56:19 +08:00 |
|
luwenpeng
|
42dded52ac
|
TSG-13075 TFE的Decrypted Traffic Steering功能增加第三方设备保活检查
|
2022-12-23 13:56:19 +08:00 |
|
luwenpeng
|
c1d9a1ab0f
|
Decrypted Traffic Steering 回流回注测试通过
|
2022-12-23 13:56:19 +08:00 |
|
fengweihao
|
6a6fa97080
|
bugfix: mid-cert vsys_id is kept in policy
|
2022-11-11 10:30:11 +08:00 |
|
fengweihao
|
6e4fc2a978
|
TSG-12300 代理日志增加Traffic Vsys id字段
|
2022-11-11 02:09:15 +00:00 |
|
luwenpeng
|
87adce7cbf
|
TSG-12548 TFE适配拦截策略的keyring_for_untrusted字段
* keyring拆分为keyring_for_trusted与keyring_for_untrusted
|
2022-11-08 11:18:53 +08:00 |
|
fengweihao
|
d4dc6394ac
|
TSG-12005 Proxy日志增加common_vsys_id字段
TSG-12080 中间证书缓存Kafka输出Json增加vsys_id字段
|
2022-09-23 15:34:50 +08:00 |
|
fengweihao
|
b321486e3f
|
TSG-11849 tfe增加从环境变量中读入处理机ip
TSG-11742 IP Libraries统一使用.分隔地理层级
TSG-10722 日志中开始时间从解析层获取
|
2022-09-09 10:44:11 +08:00 |
|
luwenpeng
|
e0126b7d32
|
bugfix: 重置Server Cache的时间窗口
|
2022-05-12 13:48:55 +08:00 |
|
luwenpeng
|
e2be64b67b
|
TSG-4030 Security Event Logs 中的 SSL.Intercept State 为 Passthrough 时,并未说明引起 Passthrough 的原因
(当命中 tcp passthrough 时,将 ssl_intercept_status 设置为 passthrough)
|
2022-01-28 13:10:26 +08:00 |
|
luwenpeng
|
d201968652
|
bugfix: TSG-8634 命中Proxy Deny策略时,触发Zero eof被误判Pinninng
(触发Zero eof后当做protocol errors处理)
|
2021-12-20 16:35:47 +08:00 |
|
luwenpeng
|
000ab9f991
|
修改debug日志: 输出服务端证书验证结果
|
2021-11-20 19:29:44 +03:00 |
|
luwenpeng
|
ad481d77d9
|
accept线程与kni通信默认使用v3方案(iptables+NFQ)
|
2021-11-20 17:22:19 +03:00 |
|
luwenpeng
|
755c7efacf
|
TSG-8331 完善TFE的Watchdog功能
|
2021-11-04 18:04:44 +03:00 |
|
luwenpeng
|
cb15d3340f
|
bugfix: TSG-8003 预防证书链投毒
* 中间证书缓存openssl rebuild trust chain中可惜的中间证书, 不缓存服务端发送证书链中的证书
|
2021-11-03 16:24:09 +03:00 |
|
luwenpeng
|
f764a4bae1
|
优化 watchdog tfe worker thread 的实现逻辑
|
2021-08-20 15:36:58 +08:00 |
|