gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

接口增加protocol参数

Browse Source
This commit is contained in:
崔一鸣
2019-11-13 19:56:19 +08:00
parent db7282dab7
commit c76bc5534d
2 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
inc/tsg_rule.h
View File

@@ -16,6 +16,13 @@ typedef enum _PULL_RESULT_TYPE
PULL_FW_RESULT PULL_FW_RESULT
}PULL_RESULT_TYPE; }PULL_RESULT_TYPE;
enum tsg_protocol{
TSG_PROTOCOL_UNKNOWN = 0,
TSG_PROTOCOL_SSL,
TSG_PROTOCOL_HTTP
};
#define TSG_DOMAIN_MAX 256
extern Maat_feather_t g_tsg_maat_feather; extern Maat_feather_t g_tsg_maat_feather;
int tsg_rule_init(const char *conffile); int tsg_rule_init(const char *conffile);
@@ -23,7 +30,7 @@ int tsg_rule_init(const char *conffile);
int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
//return 0 if failed, return >0 on success; //return 0 if failed, return >0 on success;
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, char *domain, int *domain_len); int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, enum tsg_protocol *protocol, char *domain, int *domain_len);
//return -1 if failed, return 0 on success; //return -1 if failed, return 0 on success;
int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger); int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger);

29
src/tsg_rule.cpp
View File

@@ -3,25 +3,17 @@
#include "Maat_rule.h" #include "Maat_rule.h"
#include "Maat_command.h" #include "Maat_command.h"
#include "ssl_utils.h" #include "ssl_utils.h"
#include "tsg_rule.h"
#define KNI_DOMAIN_MAX 256 enum kni_scan_table{
enum kni_protocol{
KNI_PROTOCOL_UNKNOWN = 0,
KNI_PROTOCOL_SSL,
KNI_PROTOCOL_HTTP,
};
enum kni_scan_table
{
TSG_FIELD_SSL_SNI, TSG_FIELD_SSL_SNI,
TSG_FIELD_HTTP_HOST, TSG_FIELD_HTTP_HOST,
SCAN_TABLE_MAX SCAN_TABLE_MAX
}; };
struct kni_protocol_identify_result{ struct kni_protocol_identify_result{
int protocol; enum tsg_protocol protocol;
char domain[KNI_DOMAIN_MAX]; char domain[TSG_DOMAIN_MAX];
int domain_len; int domain_len;
}; };
@@ -30,7 +22,7 @@ const char *g_kni_scan_table_name[SCAN_TABLE_MAX];
int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0}; int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0};
static void protocol_identify(char *buff, int buff_len, struct kni_protocol_identify_result *result){ static void protocol_identify(char *buff, int buff_len, struct kni_protocol_identify_result *result){
result->protocol = KNI_PROTOCOL_UNKNOWN; result->protocol = TSG_PROTOCOL_UNKNOWN;
//TODO: http: get from http protocol plugin //TODO: http: get from http protocol plugin
//ssl //ssl
@@ -38,7 +30,7 @@ static void protocol_identify(char *buff, int buff_len, struct kni_protocol_iden
struct ssl_chello *chello = NULL; struct ssl_chello *chello = NULL;
chello = ssl_chello_parse((const unsigned char*)buff, buff_len, &chello_status); chello = ssl_chello_parse((const unsigned char*)buff, buff_len, &chello_status);
if(chello_status == CHELLO_PARSE_SUCCESS){ if(chello_status == CHELLO_PARSE_SUCCESS){
result->protocol = KNI_PROTOCOL_SSL; result->protocol = TSG_PROTOCOL_SSL;
if(chello->sni == NULL){ if(chello->sni == NULL){
result->domain_len = 0; result->domain_len = 0;
} }
@@ -69,21 +61,22 @@ int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, voi
} }
//return -1 if failed, return 0 on success //return -1 if failed, return 0 on success
int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, char *domain, int *domain_len, int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, enum tsg_protocol *protocol, char *domain, int *domain_len,
scan_status_t *mid, void *logger, int thread_seq){ scan_status_t *mid, void *logger, int thread_seq){
struct kni_protocol_identify_result protocol_identify_res; struct kni_protocol_identify_result protocol_identify_res;
memset(&protocol_identify_res, 0, sizeof(protocol_identify_res)); memset(&protocol_identify_res, 0, sizeof(protocol_identify_res));
protocol_identify((char*)pkt, pkt_len, &protocol_identify_res); protocol_identify((char*)pkt, pkt_len, &protocol_identify_res);
if(protocol_identify_res.protocol == KNI_PROTOCOL_UNKNOWN){ if(protocol_identify_res.protocol == TSG_PROTOCOL_UNKNOWN){
return -1; return -1;
} }
*protocol = protocol_identify_res.protocol;
*domain_len = protocol_identify_res.domain_len; *domain_len = protocol_identify_res.domain_len;
strncpy(domain, protocol_identify_res.domain, *domain_len); strncpy(domain, protocol_identify_res.domain, *domain_len);
int tableid; int tableid;
if(protocol_identify_res.protocol == KNI_PROTOCOL_SSL){ if(protocol_identify_res.protocol == TSG_PROTOCOL_SSL){
tableid = g_kni_scan_tableid[TSG_FIELD_SSL_SNI]; tableid = g_kni_scan_tableid[TSG_FIELD_SSL_SNI];
} }
if(protocol_identify_res.protocol == KNI_PROTOCOL_HTTP){ if(protocol_identify_res.protocol == TSG_PROTOCOL_HTTP){
tableid = g_kni_scan_tableid[TSG_FIELD_HTTP_HOST]; tableid = g_kni_scan_tableid[TSG_FIELD_HTTP_HOST];
} }
return Maat_full_scan_string(g_kni_maat_feather, tableid, CHARSET_UTF8, domain, *domain_len, return Maat_full_scan_string(g_kni_maat_feather, tableid, CHARSET_UTF8, domain, *domain_len,