diff --git a/src/tsg_proxy.cpp b/src/tsg_proxy.cpp index 12eac3e..a788eb3 100644 --- a/src/tsg_proxy.cpp +++ b/src/tsg_proxy.cpp @@ -443,6 +443,46 @@ static void tsg_proxy_cmsg_fqdn_category_fill(struct session_runtime_attribute * return; } +static void tsg_proxy_cmsg_tcp_is_intercept(const struct streaminfo *stream, struct proxy_cmsg *cmsg) +{ + if (stream->dir == DIR_C2S || stream->dir == DIR_S2C) + { + cmsg->tcp_is_intercept |= TCP_IS_INTERCEPT_SINGLE; + } + + unsigned short tunnel_type=0; + int tunnel_type_len=sizeof(tunnel_type); + int ret=MESA_get_stream_opt(stream, MSO_STREAM_UP_LAYER_TUNNEL_TYPE, (void *)&tunnel_type, &tunnel_type_len); + if(ret==0 && tunnel_type != STREAM_TUNNLE_NON) + { + cmsg->tcp_is_intercept |= TCP_IS_INTERCEPT_TUNNEL; + } + + return; +} + +static void tsg_proxy_cmsg_c2s_rpkt_header(const struct streaminfo *stream, struct cmsg_buff *c2s_rpkt_header) +{ + c2s_rpkt_header->len = sizeof(int); + if (MESA_get_stream_opt(stream, MSO_STREAM_C2S_RAWPKT_HDR, (void *)&c2s_rpkt_header->buff, &c2s_rpkt_header->len) == -1) + { + c2s_rpkt_header->len = 0; + } + + return; +} + +static void tsg_proxy_cmsg_s2c_rpkt_header(const struct streaminfo *stream, struct cmsg_buff *s2c_rpkt_header) +{ + s2c_rpkt_header->len = sizeof(int); + if (MESA_get_stream_opt(stream, MSO_STREAM_S2C_RAWPKT_HDR, (void *)&s2c_rpkt_header->buff, &s2c_rpkt_header->len) == -1) + { + s2c_rpkt_header->len = 0; + } + + return; +} + static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, struct proxy_cmsg *cmsg, const struct streaminfo *stream) { struct tsg_proxy_tcp_option *client = &tcp_attr->tcp_opt_client; @@ -489,7 +529,11 @@ static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, stru "server ip city: %s\n"\ "client ip subdevision: %s\n"\ "server ip subdevision: %s\n"\ - "ssl ja3 fingerprint:%s\n", + "ssl ja3 fingerprint:%s\n"\ + "tcp_seq_route_ctx len: %d\n"\ + "tcp_ack_route_ctx len: %d\n"\ + "tcp_c2s_rpkt_header len: %d\n"\ + "tcp_s2c_rpkt_header len: %d\n", cmsg->src_sub_id, cmsg->dst_sub_id, cmsg->src_asn, @@ -504,7 +548,11 @@ static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, stru cmsg->dst_ip_location_city, cmsg->src_ip_location_subdivision, cmsg->dst_ip_location_subdivision, - cmsg->ssl_client_ja3_fingerprint); + cmsg->ssl_client_ja3_fingerprint, + cmsg->tcp_seq_route_ctx.len, + cmsg->tcp_ack_route_ctx.len, + cmsg->tcp_c2s_rpkt_header.len, + cmsg->tcp_s2c_rpkt_header.len); return; } @@ -532,8 +580,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update cmsg->tcp_window_client = client->window; cmsg->tcp_ts_client_val = client->ts_val; - cmsg->tcp_seq_route_ctx.num = client->route_ctx_len; - memcpy(cmsg->tcp_seq_route_ctx.value, client->route_ctx, client->route_ctx_len); + cmsg->tcp_seq_route_ctx.len = client->route_ctx_len; + cmsg->tcp_seq_route_ctx.buff = (char *)client->route_ctx; update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid update_segment_sids(&cmsg->tcp_seq_sids, client->sid_list.sid_list, client->sid_list.sz_sidlist); @@ -544,8 +592,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update cmsg->tcp_window_server = server->window; cmsg->tcp_ts_server_val = server->ts_val; - cmsg->tcp_ack_route_ctx.num = server->route_ctx_len; - memcpy(cmsg->tcp_ack_route_ctx.value, server->route_ctx, server->route_ctx_len); + cmsg->tcp_ack_route_ctx.len = server->route_ctx_len; + cmsg->tcp_ack_route_ctx.buff = (char *)server->route_ctx; update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid update_segment_sids(&cmsg->tcp_ack_sids, server->sid_list.sid_list, server->sid_list.sz_sidlist); @@ -562,6 +610,11 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update tsg_proxy_cmsg_ja3_fingerprint_fill(session_attr, cmsg); tsg_proxy_cmsg_fqdn_category_fill(session_attr, cmsg); + tsg_proxy_cmsg_c2s_rpkt_header(stream, &cmsg->tcp_c2s_rpkt_header); + tsg_proxy_cmsg_s2c_rpkt_header(stream, &cmsg->tcp_s2c_rpkt_header); + + tsg_proxy_cmsg_tcp_is_intercept(stream, cmsg); + tsg_proxy_tcp_attribute_dump(tcp_attr, cmsg, stream); return; diff --git a/src/tsg_sync_state.cpp b/src/tsg_sync_state.cpp index da8174b..e9cecc5 100644 --- a/src/tsg_sync_state.cpp +++ b/src/tsg_sync_state.cpp @@ -138,16 +138,18 @@ static void mpack_append_tcp_sids(mpack_writer_t *writer, struct tcp_sids *array return; } -static void mpack_append_route_ctx(mpack_writer_t *writer, struct tcp_route_ctx *array) +static void mpack_append_cmsg_buff_bin(mpack_writer_t *writer, struct cmsg_buff *p_buff) { - - int num = MIN(array->num, TCP_XXX_ROUTE_CTX); - mpack_build_array(writer); - for (int i = 0; i < num; i++) + + if (p_buff->buff == NULL || p_buff->len == 0) { - mpack_write_u8(writer, array->value[i]); + mpack_start_bin(writer, 0); + mpack_finish_bin(writer); + } + else + { + mpack_write_bin(writer, p_buff->buff, p_buff->len); } - mpack_complete_array(writer); return; } @@ -214,10 +216,17 @@ static void mpack_append_cmsg_value(mpack_writer_t *writer, struct proxy_cmsg *c mpack_append_tcp_sids(writer, &cmsg->tcp_ack_sids); // tcp_seq_route_ctx - mpack_append_route_ctx(writer, &cmsg->tcp_seq_route_ctx); + mpack_append_cmsg_buff_bin(writer, &cmsg->tcp_seq_route_ctx); // tcp_ack_route_ctx - mpack_append_route_ctx(writer, &cmsg->tcp_ack_route_ctx); + mpack_append_cmsg_buff_bin(writer, &cmsg->tcp_ack_route_ctx); + + // raw_packet_header + mpack_append_cmsg_buff_bin(writer, &cmsg->tcp_c2s_rpkt_header); + mpack_append_cmsg_buff_bin(writer, &cmsg->tcp_s2c_rpkt_header); + + // tcp_is_intercept + mpack_write_u8(writer, cmsg->tcp_is_intercept); mpack_complete_array(writer); // array } diff --git a/src/tsg_sync_state.h b/src/tsg_sync_state.h index fdd3005..a585de1 100644 --- a/src/tsg_sync_state.h +++ b/src/tsg_sync_state.h @@ -40,13 +40,15 @@ struct tcp_sids uint16_t value[TCP_XXX_SIDS]; }; -#define TCP_XXX_ROUTE_CTX 64 -struct tcp_route_ctx +struct cmsg_buff { - size_t num; - uint8_t value[TCP_XXX_ROUTE_CTX]; + char *buff; + int len; }; +#define TCP_IS_INTERCEPT_SINGLE 0X01 +#define TCP_IS_INTERCEPT_TUNNEL 0X02 + struct proxy_cmsg { uint8_t tcp_info_packet_cur_dir; @@ -58,6 +60,7 @@ struct proxy_cmsg uint8_t tcp_ts_client; uint8_t tcp_ts_server; uint8_t tcp_protocol; + uint8_t tcp_is_intercept; // 1: single 2: tunnel uint16_t tcp_mss_client; uint16_t tcp_mss_server; uint16_t tcp_window_client; @@ -65,7 +68,7 @@ struct proxy_cmsg uint32_t tcp_ts_client_val; uint32_t tcp_ts_server_val; uint32_t tcp_seq; - uint32_t tcp_ack; + uint32_t tcp_ack; char *src_sub_id; char *dst_sub_id; @@ -85,8 +88,11 @@ struct proxy_cmsg struct fqdn_cat_id_val fqdn_cat_ids; struct tcp_sids tcp_seq_sids; struct tcp_sids tcp_ack_sids; - struct tcp_route_ctx tcp_seq_route_ctx; - struct tcp_route_ctx tcp_ack_route_ctx; + struct cmsg_buff tcp_seq_route_ctx; + struct cmsg_buff tcp_ack_route_ctx; + + struct cmsg_buff tcp_c2s_rpkt_header; + struct cmsg_buff tcp_s2c_rpkt_header; }; #define UPDATE_POLICY_RULE_IDS 8 diff --git a/test/src/gtest_sync_state.cpp b/test/src/gtest_sync_state.cpp index d75c344..b28bef9 100644 --- a/test/src/gtest_sync_state.cpp +++ b/test/src/gtest_sync_state.cpp @@ -463,17 +463,21 @@ static void gtest_cmsg_init(struct proxy_cmsg *cmsg) cmsg->tcp_ack_sids.value[i] = i + 3; } - cmsg->tcp_seq_route_ctx.num = 7; - for (size_t i = 0; i < 7; i++) - { - cmsg->tcp_seq_route_ctx.value[i] = i + 4; - } + cmsg->tcp_seq_route_ctx.buff = (char *)calloc(1, 256); + snprintf(cmsg->tcp_seq_route_ctx.buff, 256, "test: tcp_seq_route_ctx"); + cmsg->tcp_seq_route_ctx.len = strlen("test: tcp_seq_route_ctx"); - cmsg->tcp_ack_route_ctx.num = 8; - for (size_t i = 0; i < 8; i++) - { - cmsg->tcp_ack_route_ctx.value[i] = i + 5; - } + cmsg->tcp_ack_route_ctx.buff = (char *)calloc(1, 256); + snprintf(cmsg->tcp_ack_route_ctx.buff, 256, "test: tcp_ack_route_ctx"); + cmsg->tcp_ack_route_ctx.len = strlen("test: tcp_ack_route_ctx"); + + cmsg->tcp_s2c_rpkt_header.buff = (char *)calloc(1, 256); + snprintf(cmsg->tcp_s2c_rpkt_header.buff, 256, "test: s2c_rawpkt_header"); + cmsg->tcp_s2c_rpkt_header.len = strlen("test: s2c_rawpkt_header"); + + cmsg->tcp_c2s_rpkt_header.buff = (char *)calloc(1, 256); + snprintf(cmsg->tcp_c2s_rpkt_header.buff, 256, "test: c2s_rawpkt_header"); + cmsg->tcp_c2s_rpkt_header.len = strlen("test: c2s_rawpkt_header"); return; } @@ -495,6 +499,28 @@ static void gtest_cmsg_destroy(struct proxy_cmsg *cmsg) free(cmsg->src_ip_location_subdivision); free(cmsg->dst_ip_location_subdivision); free(cmsg->ssl_client_ja3_fingerprint); + + if (cmsg->tcp_seq_route_ctx.buff) + { + free(cmsg->tcp_seq_route_ctx.buff); + } + + if (cmsg->tcp_ack_route_ctx.buff) + { + free(cmsg->tcp_ack_route_ctx.buff); + } + + if (cmsg->tcp_s2c_rpkt_header.buff) + { + free(cmsg->tcp_s2c_rpkt_header.buff); + } + + if (cmsg->tcp_c2s_rpkt_header.buff) + { + free(cmsg->tcp_c2s_rpkt_header.buff); + } + + return; } TEST(POLICY_UPDATE, Proxy) @@ -505,7 +531,7 @@ TEST(POLICY_UPDATE, Proxy) struct streaminfo a_stream = {0}; struct update_policy test; memset(&test, 0, sizeof(test)); - struct proxy_cmsg cmsg; + struct proxy_cmsg cmsg = {0}; test.type = POLICY_UPDATE_INTERCEPT; test.n_ids = 6; for (int i = 0; i < test.n_ids; i++) @@ -555,12 +581,111 @@ TEST(POLICY_UPDATE, Proxy) } mpack_node_t tcp_ack_route_ctxs = mpack_node_array_at(tcp_handshake, 35); - EXPECT_EQ(8, mpack_node_array_length(tcp_ack_route_ctxs)); - for (int i = 0; i < 8; i++) + EXPECT_EQ(mpack_type_bin, mpack_node_type(tcp_ack_route_ctxs)); + memcpy(test_str, mpack_node_bin_data(tcp_ack_route_ctxs), mpack_node_bin_size(tcp_ack_route_ctxs)); + EXPECT_STREQ("test: tcp_ack_route_ctx", test_str); + memset(test_str, 0, sizeof(test_str)); + + mpack_node_t tcp_seq_pkg_header = mpack_node_array_at(tcp_handshake, 36); + EXPECT_EQ(mpack_type_bin, mpack_node_type(tcp_seq_pkg_header)); + memcpy(test_str, mpack_node_bin_data(tcp_seq_pkg_header), mpack_node_bin_size(tcp_seq_pkg_header)); + EXPECT_STREQ("test: c2s_rawpkt_header", test_str); + memset(test_str, 0, sizeof(test_str)); + + mpack_node_t tcp_ack_pkg_header = mpack_node_array_at(tcp_handshake, 37); + EXPECT_EQ(mpack_type_bin, mpack_node_type(tcp_ack_pkg_header)); + memcpy(test_str, mpack_node_bin_data(tcp_ack_pkg_header), mpack_node_bin_size(tcp_ack_pkg_header)); + EXPECT_STREQ("test: s2c_rawpkt_header", test_str); + memset(test_str, 0, sizeof(test_str)); + + mpack_node_t tcp_is_intercept = mpack_node_array_at(tcp_handshake, 38); + EXPECT_EQ(0, mpack_node_u8(tcp_is_intercept)); + EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); + gtest_cmsg_destroy(&cmsg); +} + +TEST(POLICY_UPDATE, ProxyTcpIsIntercept) +{ + char ctrl_pkt_buf[1024] = {0}; + int ctrl_pkt_len = 0; + struct streaminfo a_stream = {0}; + struct update_policy test; + memset(&test, 0, sizeof(test)); + struct proxy_cmsg cmsg = {0}; + test.type = POLICY_UPDATE_INTERCEPT; + test.n_ids = 6; + for (int i = 0; i < test.n_ids; i++) { - EXPECT_EQ(i + 5, mpack_node_u8(mpack_node_array_at(tcp_ack_route_ctxs, i))); + test.ids[i] = 10000 + i; } + gtest_cmsg_init(&cmsg); + cmsg.tcp_is_intercept |=TCP_IS_INTERCEPT_SINGLE; + cmsg.tcp_is_intercept |=TCP_IS_INTERCEPT_TUNNEL; + memcpy(&test.cmsg, &cmsg, sizeof(struct proxy_cmsg)); + tsg_sync_policy_update(&a_stream, &test, 1); + + ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf)); + mpack_tree_t tree; + mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len); + mpack_tree_parse(&tree); + mpack_node_t root = mpack_tree_root(&tree); + mpack_node_t params = mpack_node_map_cstr(root, "params"); + + // proxy + EXPECT_EQ(mpack_type_map, mpack_node_type(mpack_node_map_cstr(params, "proxy"))); + mpack_node_t proxy_map = mpack_node_map_cstr(params, "proxy"); + + mpack_node_t tcp_handshake = mpack_node_map_cstr(proxy_map, "tcp_handshake"); + mpack_node_t tcp_is_intercept = mpack_node_array_at(tcp_handshake, 38); + EXPECT_EQ(3, mpack_node_u8(tcp_is_intercept)); + + EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); + gtest_cmsg_destroy(&cmsg); +} + +TEST(POLICY_UPDATE, ProxyPkgHeader0) +{ + char ctrl_pkt_buf[1024] = {0}; + int ctrl_pkt_len = 0; + struct streaminfo a_stream = {0}; + struct update_policy test; + memset(&test, 0, sizeof(test)); + struct proxy_cmsg cmsg = {0}; + test.type = POLICY_UPDATE_INTERCEPT; + test.n_ids = 6; + for (int i = 0; i < test.n_ids; i++) + { + test.ids[i] = 10000 + i; + } + + gtest_cmsg_init(&cmsg); + cmsg.tcp_s2c_rpkt_header.len = 0; + cmsg.tcp_c2s_rpkt_header.len = 0; + cmsg.tcp_wsacle_exist = 0; + memcpy(&test.cmsg, &cmsg, sizeof(struct proxy_cmsg)); + tsg_sync_policy_update(&a_stream, &test, 1); + + ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf)); + mpack_tree_t tree; + mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len); + mpack_tree_parse(&tree); + mpack_node_t root = mpack_tree_root(&tree); + mpack_node_t params = mpack_node_map_cstr(root, "params"); + + // proxy + EXPECT_EQ(mpack_type_map, mpack_node_type(mpack_node_map_cstr(params, "proxy"))); + mpack_node_t proxy_map = mpack_node_map_cstr(params, "proxy"); + + mpack_node_t tcp_handshake = mpack_node_map_cstr(proxy_map, "tcp_handshake"); + EXPECT_EQ(1, mpack_node_u32(mpack_node_array_at(tcp_handshake, 0))); + EXPECT_EQ(0, mpack_node_u32(mpack_node_array_at(tcp_handshake, 4))); + EXPECT_EQ(0, mpack_node_u32(mpack_node_array_at(tcp_handshake, 5))); + EXPECT_EQ(0, mpack_node_bin_size(mpack_node_array_at(tcp_handshake, 36))); + EXPECT_NE(nullptr, mpack_node_bin_data(mpack_node_array_at(tcp_handshake, 36))); + EXPECT_EQ(0, mpack_node_bin_size(mpack_node_array_at(tcp_handshake, 37))); + EXPECT_NE(nullptr, mpack_node_bin_data(mpack_node_array_at(tcp_handshake, 37))); + EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); gtest_cmsg_destroy(&cmsg); } @@ -573,7 +698,7 @@ TEST(POLICY_UPDATE, ProxyTcpWsacleExist0) struct streaminfo a_stream = {0}; struct update_policy test; memset(&test, 0, sizeof(test)); - struct proxy_cmsg cmsg; + struct proxy_cmsg cmsg = {0}; test.type = POLICY_UPDATE_INTERCEPT; test.n_ids = 6; for (int i = 0; i < test.n_ids; i++) @@ -614,7 +739,7 @@ TEST(POLICY_UPDATE, ProxyFqdnCatIds0) struct streaminfo a_stream = {0}; struct update_policy test; memset(&test, 0, sizeof(test)); - struct proxy_cmsg cmsg; + struct proxy_cmsg cmsg = {0}; test.type = POLICY_UPDATE_INTERCEPT; test.n_ids = 6; for (int i = 0; i < test.n_ids; i++) @@ -654,7 +779,7 @@ TEST(POLICY_UPDATE, ProxyTcpAckRouteCtxs0) struct streaminfo a_stream = {0}; struct update_policy test; memset(&test, 0, sizeof(test)); - struct proxy_cmsg cmsg; + struct proxy_cmsg cmsg = {0}; test.type = POLICY_UPDATE_INTERCEPT; test.n_ids = 6; for (int i = 0; i < test.n_ids; i++) @@ -663,7 +788,7 @@ TEST(POLICY_UPDATE, ProxyTcpAckRouteCtxs0) } gtest_cmsg_init(&cmsg); - cmsg.tcp_ack_route_ctx.num = 0; + cmsg.tcp_ack_route_ctx.len = 0; memcpy(&test.cmsg, &cmsg, sizeof(struct proxy_cmsg)); tsg_sync_policy_update(&a_stream, &test, 1); @@ -680,7 +805,7 @@ TEST(POLICY_UPDATE, ProxyTcpAckRouteCtxs0) mpack_node_t tcp_handshake = mpack_node_map_cstr(proxy_map, "tcp_handshake"); mpack_node_t tcp_ack_route_ctxs = mpack_node_array_at(tcp_handshake, 35); - EXPECT_EQ(0, mpack_node_array_length(tcp_ack_route_ctxs)); + EXPECT_EQ(0, mpack_node_bin_size(tcp_ack_route_ctxs)); EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); gtest_cmsg_destroy(&cmsg); @@ -694,7 +819,7 @@ TEST(POLICY_UPDATE, ProxyTcpSeqSids0) struct streaminfo a_stream = {0}; struct update_policy test; memset(&test, 0, sizeof(test)); - struct proxy_cmsg cmsg; + struct proxy_cmsg cmsg = {0}; test.type = POLICY_UPDATE_INTERCEPT; test.n_ids = 6; for (int i = 0; i < test.n_ids; i++) @@ -732,7 +857,7 @@ TEST(POLICY_UPDATE, ProxyOverLimit) int ctrl_pkt_len = 0; struct streaminfo a_stream = {0}; struct update_policy test; - struct proxy_cmsg cmsg; + struct proxy_cmsg cmsg = {0}; test.type = POLICY_UPDATE_INTERCEPT; test.n_ids = 6; for (int i = 0; i < test.n_ids; i++) @@ -745,8 +870,6 @@ TEST(POLICY_UPDATE, ProxyOverLimit) test.cmsg.fqdn_cat_ids.num += FQDN_CAT_ID_VALS; test.cmsg.tcp_ack_sids.num += TCP_XXX_SIDS; test.cmsg.tcp_seq_sids.num += TCP_XXX_SIDS; - test.cmsg.tcp_seq_route_ctx.num += TCP_XXX_ROUTE_CTX; - test.cmsg.tcp_ack_route_ctx.num += TCP_XXX_ROUTE_CTX; tsg_sync_policy_update(&a_stream, &test, 1); ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf)); @@ -771,12 +894,6 @@ TEST(POLICY_UPDATE, ProxyOverLimit) mpack_node_t tcp_ack_sids = mpack_node_array_at(tcp_handshake, 33); EXPECT_EQ(TCP_XXX_SIDS, mpack_node_array_length(tcp_ack_sids)); - mpack_node_t tcp_seq_route_ctxs = mpack_node_array_at(tcp_handshake, 34); - EXPECT_EQ(TCP_XXX_ROUTE_CTX, mpack_node_array_length(tcp_seq_route_ctxs)); - - mpack_node_t tcp_ack_route_ctxs = mpack_node_array_at(tcp_handshake, 35); - EXPECT_EQ(TCP_XXX_ROUTE_CTX, mpack_node_array_length(tcp_ack_route_ctxs)); - EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); gtest_cmsg_destroy(&cmsg); }