gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-15307: TSG Master流状态同步时增加同步两侧封装包头

Browse Source
This commit is contained in:
杨玉波
2023-06-02 08:40:54 +00:00
committed by 刘学利
parent 380733e78b
commit 26ccdc1f64
4 changed files with 236 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/tsg_proxy.cpp
View File

@@ -443,6 +443,46 @@ static void tsg_proxy_cmsg_fqdn_category_fill(struct session_runtime_attribute *
return;
}
static void tsg_proxy_cmsg_tcp_is_intercept(const struct streaminfo *stream, struct proxy_cmsg *cmsg)
{
if (stream->dir == DIR_C2S || stream->dir == DIR_S2C)
{
cmsg->tcp_is_intercept |= TCP_IS_INTERCEPT_SINGLE;
}
unsigned short tunnel_type=0;
int tunnel_type_len=sizeof(tunnel_type);
int ret=MESA_get_stream_opt(stream, MSO_STREAM_UP_LAYER_TUNNEL_TYPE, (void *)&tunnel_type, &tunnel_type_len);
if(ret==0 && tunnel_type != STREAM_TUNNLE_NON)
{
cmsg->tcp_is_intercept |= TCP_IS_INTERCEPT_TUNNEL;
}
return;
}
static void tsg_proxy_cmsg_c2s_rpkt_header(const struct streaminfo *stream, struct cmsg_buff *c2s_rpkt_header)
{
c2s_rpkt_header->len = sizeof(int);
if (MESA_get_stream_opt(stream, MSO_STREAM_C2S_RAWPKT_HDR, (void *)&c2s_rpkt_header->buff, &c2s_rpkt_header->len) == -1)
{
c2s_rpkt_header->len = 0;
}
return;
}
static void tsg_proxy_cmsg_s2c_rpkt_header(const struct streaminfo *stream, struct cmsg_buff *s2c_rpkt_header)
{
s2c_rpkt_header->len = sizeof(int);
if (MESA_get_stream_opt(stream, MSO_STREAM_S2C_RAWPKT_HDR, (void *)&s2c_rpkt_header->buff, &s2c_rpkt_header->len) == -1)
{
s2c_rpkt_header->len = 0;
}
return;
}
static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, struct proxy_cmsg *cmsg, const struct streaminfo *stream)
{
struct tsg_proxy_tcp_option *client = &tcp_attr->tcp_opt_client;
@@ -489,7 +529,11 @@ static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, stru
"server ip city: %s\n"\
"client ip subdevision: %s\n"\
"server ip subdevision: %s\n"\
"ssl ja3 fingerprint:%s\n",
"ssl ja3 fingerprint:%s\n"\
"tcp_seq_route_ctx len: %d\n"\
"tcp_ack_route_ctx len: %d\n"\
"tcp_c2s_rpkt_header len: %d\n"\
"tcp_s2c_rpkt_header len: %d\n",
cmsg->src_sub_id,
cmsg->dst_sub_id,
cmsg->src_asn,
@@ -504,7 +548,11 @@ static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, stru
cmsg->dst_ip_location_city,
cmsg->src_ip_location_subdivision,
cmsg->dst_ip_location_subdivision,
cmsg->ssl_client_ja3_fingerprint);
cmsg->ssl_client_ja3_fingerprint,
cmsg->tcp_seq_route_ctx.len,
cmsg->tcp_ack_route_ctx.len,
cmsg->tcp_c2s_rpkt_header.len,
cmsg->tcp_s2c_rpkt_header.len);
return;
}
@@ -532,8 +580,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update
cmsg->tcp_window_client = client->window;
cmsg->tcp_ts_client_val = client->ts_val;
cmsg->tcp_seq_route_ctx.num = client->route_ctx_len;
memcpy(cmsg->tcp_seq_route_ctx.value, client->route_ctx, client->route_ctx_len);
cmsg->tcp_seq_route_ctx.len = client->route_ctx_len;
cmsg->tcp_seq_route_ctx.buff = (char *)client->route_ctx;
update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid
update_segment_sids(&cmsg->tcp_seq_sids, client->sid_list.sid_list, client->sid_list.sz_sidlist);
@@ -544,8 +592,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update
cmsg->tcp_window_server = server->window;
cmsg->tcp_ts_server_val = server->ts_val;
cmsg->tcp_ack_route_ctx.num = server->route_ctx_len;
memcpy(cmsg->tcp_ack_route_ctx.value, server->route_ctx, server->route_ctx_len);
cmsg->tcp_ack_route_ctx.len = server->route_ctx_len;
cmsg->tcp_ack_route_ctx.buff = (char *)server->route_ctx;
update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid
update_segment_sids(&cmsg->tcp_ack_sids, server->sid_list.sid_list, server->sid_list.sz_sidlist);
@@ -562,6 +610,11 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update
tsg_proxy_cmsg_ja3_fingerprint_fill(session_attr, cmsg);
tsg_proxy_cmsg_fqdn_category_fill(session_attr, cmsg);
tsg_proxy_cmsg_c2s_rpkt_header(stream, &cmsg->tcp_c2s_rpkt_header);
tsg_proxy_cmsg_s2c_rpkt_header(stream, &cmsg->tcp_s2c_rpkt_header);
tsg_proxy_cmsg_tcp_is_intercept(stream, cmsg);
tsg_proxy_tcp_attribute_dump(tcp_attr, cmsg, stream);
return;

27
src/tsg_sync_state.cpp
View File

@@ -138,16 +138,18 @@ static void mpack_append_tcp_sids(mpack_writer_t *writer, struct tcp_sids *array
return;
}
static void mpack_append_route_ctx(mpack_writer_t *writer, struct tcp_route_ctx *array)
static void mpack_append_cmsg_buff_bin(mpack_writer_t *writer, struct cmsg_buff *p_buff)
{
int num = MIN(array->num, TCP_XXX_ROUTE_CTX);
mpack_build_array(writer);
for (int i = 0; i < num; i++)
if (p_buff->buff == NULL || p_buff->len == 0)
{
mpack_write_u8(writer, array->value[i]);
mpack_start_bin(writer, 0);
mpack_finish_bin(writer);
}
else
{
mpack_write_bin(writer, p_buff->buff, p_buff->len);
}
mpack_complete_array(writer);
return;
}
@@ -214,10 +216,17 @@ static void mpack_append_cmsg_value(mpack_writer_t *writer, struct proxy_cmsg *c
mpack_append_tcp_sids(writer, &cmsg->tcp_ack_sids);
// tcp_seq_route_ctx
mpack_append_route_ctx(writer, &cmsg->tcp_seq_route_ctx);
mpack_append_cmsg_buff_bin(writer, &cmsg->tcp_seq_route_ctx);
// tcp_ack_route_ctx
mpack_append_route_ctx(writer, &cmsg->tcp_ack_route_ctx);
mpack_append_cmsg_buff_bin(writer, &cmsg->tcp_ack_route_ctx);
// raw_packet_header
mpack_append_cmsg_buff_bin(writer, &cmsg->tcp_c2s_rpkt_header);
mpack_append_cmsg_buff_bin(writer, &cmsg->tcp_s2c_rpkt_header);
// tcp_is_intercept
mpack_write_u8(writer, cmsg->tcp_is_intercept);
mpack_complete_array(writer); // array
}

20
src/tsg_sync_state.h
View File

@@ -40,13 +40,15 @@ struct tcp_sids
uint16_t value[TCP_XXX_SIDS];
};
#define TCP_XXX_ROUTE_CTX 64
struct tcp_route_ctx
struct cmsg_buff
{
size_t num;
uint8_t value[TCP_XXX_ROUTE_CTX];
char *buff;
int len;
};
#define TCP_IS_INTERCEPT_SINGLE 0X01
#define TCP_IS_INTERCEPT_TUNNEL 0X02
struct proxy_cmsg
{
uint8_t tcp_info_packet_cur_dir;
@@ -58,6 +60,7 @@ struct proxy_cmsg
uint8_t tcp_ts_client;
uint8_t tcp_ts_server;
uint8_t tcp_protocol;
uint8_t tcp_is_intercept; // 1: single 2: tunnel
uint16_t tcp_mss_client;
uint16_t tcp_mss_server;
uint16_t tcp_window_client;
@@ -65,7 +68,7 @@ struct proxy_cmsg
uint32_t tcp_ts_client_val;
uint32_t tcp_ts_server_val;
uint32_t tcp_seq;
uint32_t tcp_ack;
uint32_t tcp_ack;
char *src_sub_id;
char *dst_sub_id;
@@ -85,8 +88,11 @@ struct proxy_cmsg
struct fqdn_cat_id_val fqdn_cat_ids;
struct tcp_sids tcp_seq_sids;
struct tcp_sids tcp_ack_sids;
struct tcp_route_ctx tcp_seq_route_ctx;
struct tcp_route_ctx tcp_ack_route_ctx;
struct cmsg_buff tcp_seq_route_ctx;
struct cmsg_buff tcp_ack_route_ctx;
struct cmsg_buff tcp_c2s_rpkt_header;
struct cmsg_buff tcp_s2c_rpkt_header;
};
#define UPDATE_POLICY_RULE_IDS 8

175
test/src/gtest_sync_state.cpp
View File

@@ -463,17 +463,21 @@ static void gtest_cmsg_init(struct proxy_cmsg *cmsg)
cmsg->tcp_ack_sids.value[i] = i + 3;
}
cmsg->tcp_seq_route_ctx.num = 7;
for (size_t i = 0; i < 7; i++)
{
cmsg->tcp_seq_route_ctx.value[i] = i + 4;
}
cmsg->tcp_seq_route_ctx.buff = (char *)calloc(1, 256);
snprintf(cmsg->tcp_seq_route_ctx.buff, 256, "test: tcp_seq_route_ctx");
cmsg->tcp_seq_route_ctx.len = strlen("test: tcp_seq_route_ctx");
cmsg->tcp_ack_route_ctx.num = 8;
for (size_t i = 0; i < 8; i++)
{
cmsg->tcp_ack_route_ctx.value[i] = i + 5;
}
cmsg->tcp_ack_route_ctx.buff = (char *)calloc(1, 256);
snprintf(cmsg->tcp_ack_route_ctx.buff, 256, "test: tcp_ack_route_ctx");
cmsg->tcp_ack_route_ctx.len = strlen("test: tcp_ack_route_ctx");
cmsg->tcp_s2c_rpkt_header.buff = (char *)calloc(1, 256);
snprintf(cmsg->tcp_s2c_rpkt_header.buff, 256, "test: s2c_rawpkt_header");
cmsg->tcp_s2c_rpkt_header.len = strlen("test: s2c_rawpkt_header");
cmsg->tcp_c2s_rpkt_header.buff = (char *)calloc(1, 256);
snprintf(cmsg->tcp_c2s_rpkt_header.buff, 256, "test: c2s_rawpkt_header");
cmsg->tcp_c2s_rpkt_header.len = strlen("test: c2s_rawpkt_header");
return;
}
@@ -495,6 +499,28 @@ static void gtest_cmsg_destroy(struct proxy_cmsg *cmsg)
free(cmsg->src_ip_location_subdivision);
free(cmsg->dst_ip_location_subdivision);
free(cmsg->ssl_client_ja3_fingerprint);
if (cmsg->tcp_seq_route_ctx.buff)
{
free(cmsg->tcp_seq_route_ctx.buff);
}
if (cmsg->tcp_ack_route_ctx.buff)
{
free(cmsg->tcp_ack_route_ctx.buff);
}
if (cmsg->tcp_s2c_rpkt_header.buff)
{
free(cmsg->tcp_s2c_rpkt_header.buff);
}
if (cmsg->tcp_c2s_rpkt_header.buff)
{
free(cmsg->tcp_c2s_rpkt_header.buff);
}
return;
}
TEST(POLICY_UPDATE, Proxy)
@@ -505,7 +531,7 @@ TEST(POLICY_UPDATE, Proxy)
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
struct proxy_cmsg cmsg;
struct proxy_cmsg cmsg = {0};
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
@@ -555,12 +581,111 @@ TEST(POLICY_UPDATE, Proxy)
}
mpack_node_t tcp_ack_route_ctxs = mpack_node_array_at(tcp_handshake, 35);
EXPECT_EQ(8, mpack_node_array_length(tcp_ack_route_ctxs));
for (int i = 0; i < 8; i++)
EXPECT_EQ(mpack_type_bin, mpack_node_type(tcp_ack_route_ctxs));
memcpy(test_str, mpack_node_bin_data(tcp_ack_route_ctxs), mpack_node_bin_size(tcp_ack_route_ctxs));
EXPECT_STREQ("test: tcp_ack_route_ctx", test_str);
memset(test_str, 0, sizeof(test_str));
mpack_node_t tcp_seq_pkg_header = mpack_node_array_at(tcp_handshake, 36);
EXPECT_EQ(mpack_type_bin, mpack_node_type(tcp_seq_pkg_header));
memcpy(test_str, mpack_node_bin_data(tcp_seq_pkg_header), mpack_node_bin_size(tcp_seq_pkg_header));
EXPECT_STREQ("test: c2s_rawpkt_header", test_str);
memset(test_str, 0, sizeof(test_str));
mpack_node_t tcp_ack_pkg_header = mpack_node_array_at(tcp_handshake, 37);
EXPECT_EQ(mpack_type_bin, mpack_node_type(tcp_ack_pkg_header));
memcpy(test_str, mpack_node_bin_data(tcp_ack_pkg_header), mpack_node_bin_size(tcp_ack_pkg_header));
EXPECT_STREQ("test: s2c_rawpkt_header", test_str);
memset(test_str, 0, sizeof(test_str));
mpack_node_t tcp_is_intercept = mpack_node_array_at(tcp_handshake, 38);
EXPECT_EQ(0, mpack_node_u8(tcp_is_intercept));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
gtest_cmsg_destroy(&cmsg);
}
TEST(POLICY_UPDATE, ProxyTcpIsIntercept)
{
char ctrl_pkt_buf[1024] = {0};
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
struct proxy_cmsg cmsg = {0};
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
{
EXPECT_EQ(i + 5, mpack_node_u8(mpack_node_array_at(tcp_ack_route_ctxs, i)));
test.ids[i] = 10000 + i;
}
gtest_cmsg_init(&cmsg);
cmsg.tcp_is_intercept |=TCP_IS_INTERCEPT_SINGLE;
cmsg.tcp_is_intercept |=TCP_IS_INTERCEPT_TUNNEL;
memcpy(&test.cmsg, &cmsg, sizeof(struct proxy_cmsg));
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf));
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t params = mpack_node_map_cstr(root, "params");
// proxy
EXPECT_EQ(mpack_type_map, mpack_node_type(mpack_node_map_cstr(params, "proxy")));
mpack_node_t proxy_map = mpack_node_map_cstr(params, "proxy");
mpack_node_t tcp_handshake = mpack_node_map_cstr(proxy_map, "tcp_handshake");
mpack_node_t tcp_is_intercept = mpack_node_array_at(tcp_handshake, 38);
EXPECT_EQ(3, mpack_node_u8(tcp_is_intercept));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
gtest_cmsg_destroy(&cmsg);
}
TEST(POLICY_UPDATE, ProxyPkgHeader0)
{
char ctrl_pkt_buf[1024] = {0};
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
struct proxy_cmsg cmsg = {0};
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
{
test.ids[i] = 10000 + i;
}
gtest_cmsg_init(&cmsg);
cmsg.tcp_s2c_rpkt_header.len = 0;
cmsg.tcp_c2s_rpkt_header.len = 0;
cmsg.tcp_wsacle_exist = 0;
memcpy(&test.cmsg, &cmsg, sizeof(struct proxy_cmsg));
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf));
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t params = mpack_node_map_cstr(root, "params");
// proxy
EXPECT_EQ(mpack_type_map, mpack_node_type(mpack_node_map_cstr(params, "proxy")));
mpack_node_t proxy_map = mpack_node_map_cstr(params, "proxy");
mpack_node_t tcp_handshake = mpack_node_map_cstr(proxy_map, "tcp_handshake");
EXPECT_EQ(1, mpack_node_u32(mpack_node_array_at(tcp_handshake, 0)));
EXPECT_EQ(0, mpack_node_u32(mpack_node_array_at(tcp_handshake, 4)));
EXPECT_EQ(0, mpack_node_u32(mpack_node_array_at(tcp_handshake, 5)));
EXPECT_EQ(0, mpack_node_bin_size(mpack_node_array_at(tcp_handshake, 36)));
EXPECT_NE(nullptr, mpack_node_bin_data(mpack_node_array_at(tcp_handshake, 36)));
EXPECT_EQ(0, mpack_node_bin_size(mpack_node_array_at(tcp_handshake, 37)));
EXPECT_NE(nullptr, mpack_node_bin_data(mpack_node_array_at(tcp_handshake, 37)));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
gtest_cmsg_destroy(&cmsg);
}
@@ -573,7 +698,7 @@ TEST(POLICY_UPDATE, ProxyTcpWsacleExist0)
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
struct proxy_cmsg cmsg;
struct proxy_cmsg cmsg = {0};
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
@@ -614,7 +739,7 @@ TEST(POLICY_UPDATE, ProxyFqdnCatIds0)
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
struct proxy_cmsg cmsg;
struct proxy_cmsg cmsg = {0};
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
@@ -654,7 +779,7 @@ TEST(POLICY_UPDATE, ProxyTcpAckRouteCtxs0)
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
struct proxy_cmsg cmsg;
struct proxy_cmsg cmsg = {0};
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
@@ -663,7 +788,7 @@ TEST(POLICY_UPDATE, ProxyTcpAckRouteCtxs0)
}
gtest_cmsg_init(&cmsg);
cmsg.tcp_ack_route_ctx.num = 0;
cmsg.tcp_ack_route_ctx.len = 0;
memcpy(&test.cmsg, &cmsg, sizeof(struct proxy_cmsg));
tsg_sync_policy_update(&a_stream, &test, 1);
@@ -680,7 +805,7 @@ TEST(POLICY_UPDATE, ProxyTcpAckRouteCtxs0)
mpack_node_t tcp_handshake = mpack_node_map_cstr(proxy_map, "tcp_handshake");
mpack_node_t tcp_ack_route_ctxs = mpack_node_array_at(tcp_handshake, 35);
EXPECT_EQ(0, mpack_node_array_length(tcp_ack_route_ctxs));
EXPECT_EQ(0, mpack_node_bin_size(tcp_ack_route_ctxs));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
gtest_cmsg_destroy(&cmsg);
@@ -694,7 +819,7 @@ TEST(POLICY_UPDATE, ProxyTcpSeqSids0)
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
struct proxy_cmsg cmsg;
struct proxy_cmsg cmsg = {0};
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
@@ -732,7 +857,7 @@ TEST(POLICY_UPDATE, ProxyOverLimit)
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
struct proxy_cmsg cmsg;
struct proxy_cmsg cmsg = {0};
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
@@ -745,8 +870,6 @@ TEST(POLICY_UPDATE, ProxyOverLimit)
test.cmsg.fqdn_cat_ids.num += FQDN_CAT_ID_VALS;
test.cmsg.tcp_ack_sids.num += TCP_XXX_SIDS;
test.cmsg.tcp_seq_sids.num += TCP_XXX_SIDS;
test.cmsg.tcp_seq_route_ctx.num += TCP_XXX_ROUTE_CTX;
test.cmsg.tcp_ack_route_ctx.num += TCP_XXX_ROUTE_CTX;
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf));
@@ -771,12 +894,6 @@ TEST(POLICY_UPDATE, ProxyOverLimit)
mpack_node_t tcp_ack_sids = mpack_node_array_at(tcp_handshake, 33);
EXPECT_EQ(TCP_XXX_SIDS, mpack_node_array_length(tcp_ack_sids));
mpack_node_t tcp_seq_route_ctxs = mpack_node_array_at(tcp_handshake, 34);
EXPECT_EQ(TCP_XXX_ROUTE_CTX, mpack_node_array_length(tcp_seq_route_ctxs));
mpack_node_t tcp_ack_route_ctxs = mpack_node_array_at(tcp_handshake, 35);
EXPECT_EQ(TCP_XXX_ROUTE_CTX, mpack_node_array_length(tcp_ack_route_ctxs));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
gtest_cmsg_destroy(&cmsg);
}