gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-15163,TSG-15711: 支持ech协议作为安全策略条件

Browse Source
This commit is contained in:
liuxueli
2023-06-27 17:05:49 +08:00
parent 2fda08dc43
commit 3a8041198f
4 changed files with 27 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/tsg_entry.cpp
View File

@@ -1420,7 +1420,16 @@ int session_l7_protocol_identify(const struct streaminfo *a_stream, struct sessi
srt_process_context->ssl_sni=malloc_copy_string(chello->sni, strlen(chello->sni), a_stream->threadnum);
}
srt_process_context->is_esni=(int)chello->is_encrypt_sni;
if(chello->is_encrypt_sni==1)
{
srt_process_context->is_esni=1;
}
if(chello->is_encrypt_chello==1)
{
srt_process_context->is_ech=1;
}
ssl_chello_free(chello);
return 1;
@@ -2025,6 +2034,12 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI", 4);
matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
}
if(srt_process_context->is_ech)
{
unsigned int protocol_id=tsg_l7_protocol_name2id("ECH", 3);
matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
}
if(srt_process_context->proto==PROTO_HTTP && srt_process_context->http_url!=NULL)
{