gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复扫描mail协议ID失败的BUG

Browse Source 
判断出是SSL协议之后再调用生成JA3指纹的函数
This commit is contained in:
liuxueli
2020-09-21 20:23:11 +08:00
parent e57ad7f8ec
commit 50ea6dc7d9
2 changed files with 58 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
src/tsg_entry.cpp
View File

@@ -507,31 +507,6 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
if(g_tsg_para.proto_flag&(1<<PROTO_SSL)) //ssl if(g_tsg_para.proto_flag&(1<<PROTO_SSL)) //ssl
{ {
struct _ssl_ja3_info_t *ja3_info=NULL;
ja3_info=ssl_get_ja3_fingerprint(a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
if(ja3_info!=NULL)
{
identify_info->proto=PROTO_SSL;
if(ja3_info->sni==NULL || ja3_info->sni_len<=0)
{
identify_info->domain_len = 0;
}
else
{
identify_info->domain_len = strnlen(ja3_info->sni, sizeof(identify_info->domain) - 1);
strncpy(identify_info->domain, ja3_info->sni, identify_info->domain_len);
}
if(attribute_label!=NULL && ja3_info->fp!=NULL && ja3_info->fp_len>0)
{
attribute_label->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
memcpy(attribute_label->ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
attribute_label->ja3_fingerprint[ja3_info->fp_len]='\0';
}
return 1;
}
#if 0
enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT; enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
struct ssl_chello *chello = NULL; struct ssl_chello *chello = NULL;
@@ -550,11 +525,35 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
} }
ssl_chello_free(chello); ssl_chello_free(chello);
struct _ssl_ja3_info_t *ja3_info=NULL;
ja3_info=ssl_get_ja3_fingerprint(a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
if(ja3_info!=NULL)
{
if(ja3_info->sni==NULL || ja3_info->sni_len<=0)
{
identify_info->domain_len = 0;
}
else
{
identify_info->domain_len = strnlen(ja3_info->sni, sizeof(identify_info->domain) - 1);
strncpy(identify_info->domain, ja3_info->sni, identify_info->domain_len);
}
if(attribute_label!=NULL && ja3_info->fp!=NULL && ja3_info->fp_len>0)
{
attribute_label->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
memcpy(attribute_label->ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
attribute_label->ja3_fingerprint[ja3_info->fp_len]='\0';
}
return 1;
}
return 1; return 1;
} }
ssl_chello_free(chello); ssl_chello_free(chello);
#endif
} }
if(g_tsg_para.proto_flag&(1<<PROTO_FTP)) //ftp if(g_tsg_para.proto_flag&(1<<PROTO_FTP)) //ftp
@@ -712,37 +711,40 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
//q_result=tsg_policy_decision_criteria(a_tcp, all_result, hit_num, NULL, thread_seq); //q_result=tsg_policy_decision_criteria(a_tcp, all_result, hit_num, NULL, thread_seq);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
} }
ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq);
if(ret>0)
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_FQDN",
"Hit %s: %s policy_id: %d service: %d action: %d addr: %s",
(identify_info.proto==PROTO_HTTP) ? "host" : "sni",
identify_info.domain,
all_result[hit_num].config_id,
all_result[hit_num].service_id,
(unsigned char)all_result[hit_num].action,
printaddr(&a_tcp->addr, thread_seq)
);
hit_num+=ret; if(identify_info.proto==PROTO_HTTP || identify_info.proto==PROTO_SSL)
}
else
{ {
MESA_handle_runtime_log(g_tsg_para.logger, ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq);
RLOG_LV_DEBUG, if(ret>0)
"SCAN_FQDN", {
"Not hit %s: %s ret: %d stream_dir: %d addr: %s", FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
(ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), MESA_handle_runtime_log(g_tsg_para.logger,
(ret==-1) ? "NULL" : identify_info.domain, RLOG_LV_DEBUG,
ret, "SCAN_FQDN",
a_tcp->dir, "Hit %s: %s policy_id: %d service: %d action: %d addr: %s",
printaddr(&a_tcp->addr, thread_seq) (identify_info.proto==PROTO_HTTP) ? "host" : "sni",
); identify_info.domain,
all_result[hit_num].config_id,
all_result[hit_num].service_id,
(unsigned char)all_result[hit_num].action,
printaddr(&a_tcp->addr, thread_seq)
);
hit_num+=ret;
}
else
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_FQDN",
"Not hit %s: %s ret: %d stream_dir: %d addr: %s",
(ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"),
(ret==-1) ? "NULL" : identify_info.domain,
ret,
a_tcp->dir,
printaddr(&a_tcp->addr, thread_seq)
);
}
} }
if(mid!=NULL) if(mid!=NULL)

1
src/tsg_rule.cpp
View File

@@ -103,6 +103,7 @@ static int proto_str2id(tsg_protocol_t proto)
case PROTO_TCP: return 100; case PROTO_TCP: return 100;
case PROTO_UDP: return 101; case PROTO_UDP: return 101;
case PROTO_HTTP: return 106; case PROTO_HTTP: return 106;
case PROTO_MAIL: return 110;
case PROTO_IMAP: return 110; case PROTO_IMAP: return 110;
case PROTO_POP3: return 110;//116 case PROTO_POP3: return 110;//116
case PROTO_SMTP: return 110;//122 case PROTO_SMTP: return 110;//122