🐞 fix(Fix TSG-16297 ): 支持扣留chello分片的数据包

author: yangwei <[email protected]> 2024-04-26 20:29:11 +0800
committer: yangwei <[email protected]> 2024-04-27 03:18:04 +0800
commit: edecb5505f60497597c7a827de7e8c0c65ad4f4c (patch)
tree: f12c11edeb011533e746e03e170141e333778e4e
parent: 48018375d2283b11ea428f50fc77b68d465c1249 (diff)
4 files changed, 104 insertions, 3 deletions
diff --git a/bin/ssl.inf b/bin/ssl.inf
index f73af40..3471805 100644
--- a/bin/ssl.inf
+++ b/bin/ssl.inf
@@ -10,3 +10,7 @@ GETPLUGID_FUNC=SSL_GETPLUGID
 [TCP]
 FUNC_FLAG=ALL
 FUNC_NAME=SSL_ENTRY
+
+[TCP_ALL]
+FUNC_FLAG=ALL
+FUNC_NAME=SSL_DETAIN_ENTRY
+\ No newline at end of file
diff --git a/src/SSL_Analyze.c b/src/SSL_Analyze.c
index d361b42..aa2e98d 100644
--- a/src/SSL_Analyze.c
+++ b/src/SSL_Analyze.c
@@ -17,6 +17,7 @@
 #include <MESA/MESA_prof_load.h>
 #include "SSL_Proc.h"
 
+#include <assert.h>
 
 #define GIT_VERSION_CATTER(v) __attribute__((__used__)) const char * GIT_VERSION_##v = NULL
 #define GIT_VERSION_EXPEND(v) GIT_VERSION_CATTER(v)
@@ -203,6 +204,44 @@ extern "C" char SSL_ENTRY(const struct streaminfo *a_tcp, void**pme, int thread_
 	return state;
 }
 
+extern "C" char SSL_DETAIN_ENTRY(const struct streaminfo *a_tcp, void**pme, int thread_seq, const void *a_packet)
+{
+	if(g_ssl_runtime_para.detain_frag_chello_enable==0)return APP_STATE_DROPME;
+
+	if(a_tcp->ptcpdetail->serverpktnum <= MAX_DETAIN_FRAG_CHELLO_NUM)
+	{
+		struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx);
+		if(pkts && pkts->finish==1)
+		{
+			struct detain_pkt *p=NULL;
+			for(unsigned int i = 0; i < pkts->p_sz; i++)
+			{
+				p=pkts->p[i];
+   		        if (p)MESA_detain_pkt_forward_based_on_stream(a_tcp, p);
+				pkts->p[i]=NULL;
+			}
+			pkts->p_sz=0;
+        }
+		return APP_STATE_GIVEME;
+	}
+	return APP_STATE_DROPME;
+}
+
+static void ssl_retain_packet_bridge_free(const struct streaminfo *stream, int bridge_id, void *data)
+{
+    struct frag_chello *pkts = (struct frag_chello *)data;
+	struct detain_pkt *p=NULL;
+    if (pkts)
+    {
+		for(unsigned int i = 0; i < pkts->p_sz; i++)
+		{
+            if (p)MESA_detain_pkt_free(p);
+		}
+        free(pkts);
+    }
+    return;
+}
+
 extern "C" int SSL_INIT(void)
 {
 	memset(&g_ssl_runtime_para, 0, sizeof(struct ssl_runtime_para));
@@ -215,9 +254,17 @@ extern "C" int SSL_INIT(void)
 	const char *filename="./conf/ssl/ssl_main.conf";
 	MESA_load_profile_int_def(filename, "SSL", "MAX_CACHE_LEN", &g_ssl_runtime_para.max_cache_len, 10240);
 	MESA_load_profile_int_def(filename, "SSL", "PARSE_CERTIFICATE_DETAIL", &g_ssl_runtime_para.parse_certificate_detail, 1);
+	MESA_load_profile_uint_def(filename, "SSL", "DETAIN_FRAG_CHELLO_ENABLE", &g_ssl_runtime_para.detain_frag_chello_enable, 0);
 
 	g_ssl_runtime_para.proto_tag_id=project_producer_register("MESA_PROTO", "struct", ssl_proto_tag_free);
 
+	if(g_ssl_runtime_para.detain_frag_chello_enable>0)
+	{
+		g_ssl_runtime_para.frag_chello_exdata_idx=stream_bridge_build(SSL_FRAG_CHELLO_BRIDEGE_NAME, "w");
+		assert(g_ssl_runtime_para.frag_chello_exdata_idx >= 0);
+		stream_bridge_register_data_free_cb(g_ssl_runtime_para.frag_chello_exdata_idx, ssl_retain_packet_bridge_free);
+	}
+
 	return 0;
 }
 
diff --git a/src/SSL_Analyze.h b/src/SSL_Analyze.h
index a58f024..f45e98e 100644
--- a/src/SSL_Analyze.h
+++ b/src/SSL_Analyze.h
@@ -41,6 +41,16 @@ struct ssl_proto_tag
 	char buf[8];
 };
 
+
+#define SSL_FRAG_CHELLO_BRIDEGE_NAME "SSL_FRAG_CHELLO_BRIDGE"
+#define MAX_DETAIN_FRAG_CHELLO_NUM 8
+struct frag_chello
+{
+	struct detain_pkt *p[MAX_DETAIN_FRAG_CHELLO_NUM];
+	unsigned int p_sz;
+	unsigned int finish;
+};
+
 struct ssl_runtime_para
 { 	
 	unsigned long long 	ssl_interested_region_flag;
@@ -53,6 +63,9 @@ struct ssl_runtime_para
 	int proto_tag_id ;
 	int max_cache_len;
 	int parse_certificate_detail;
+	unsigned int detain_frag_chello_enable;
+	unsigned int max_check_c2s_num;
+	int frag_chello_exdata_idx;
 };
 
 struct ssl_business_info
diff --git a/src/SSL_Message.c b/src/SSL_Message.c
index 5e335fa..3bbc393 100644
--- a/src/SSL_Message.c
+++ b/src/SSL_Message.c
@@ -1,4 +1,6 @@
 #include <stdio.h>
+#include <stream_inc/stream_base.h>
+#include <stream_inc/stream_rawpkt.h>
 #include <string.h>
 #include <stdlib.h>
 #include <openssl/md5.h>
@@ -12,6 +14,7 @@
 #include "SSL_Certificate.h"
 
 
+
 #define SUITE_VALUELEN					2
 #define KEY_EXCHANGELEN_LEN				4
 #define RECORD_DIGESTLEN_LEN			2
@@ -983,6 +986,35 @@ int ssl_parse_version(const struct streaminfo *a_tcp, struct ssl_runtime_context
 	return SSL_TRUE;
 }
 
+static void ssl_detain_frag_chello(const struct streaminfo *a_tcp)
+{
+	if(g_ssl_runtime_para.detain_frag_chello_enable == 0 || a_tcp->curdir != DIR_C2S)return;
+	
+    struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx);
+    if (pkts == NULL)
+    {
+        pkts=(struct frag_chello *)calloc(sizeof(struct frag_chello), 1);
+    }
+	if(pkts->finish == 1)return;
+	const void *p = get_current_rawpkt_from_streaminfo(a_tcp);
+	struct detain_pkt *dpkt=MESA_rawpkt_detain(a_tcp, p);
+	if(dpkt)
+	{
+		pkts->p[pkts->p_sz]=dpkt;
+		pkts->p_sz+=1;
+	}
+    stream_bridge_async_data_put(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx, pkts);
+	return;
+}
+
+static void ssl_detain_chello_finish(const struct streaminfo *a_tcp)
+{
+	if(g_ssl_runtime_para.detain_frag_chello_enable == 0)return;
+	struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx);
+	if(pkts)pkts->finish=1;
+	return;
+}
+
 int ssl_parse_message(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet)
 {
 	int offset=0;
@@ -1013,10 +1045,11 @@ int ssl_parse_message(const struct streaminfo *a_tcp, struct ssl_runtime_context
 			if((payload_len-offset) < one_record_len)
 			{
 				ssl_trunk_cache(ssl_context, payload+offset, payload_len-offset, thread_seq);
-				break; //cache
+				if(*(unsigned char *)((ssl_context->record.cache_buff)+sizeof(struct ssl_record_header))==CLIENT_HELLO)
+					ssl_detain_frag_chello(a_tcp);
+                break; //cache
 			}
-			
-			offset+=SSL_RECORD_HDRLEN;
+            offset+=SSL_RECORD_HDRLEN;
 		}
 		
 		switch (ssl_record->content_type)
@@ -1054,6 +1087,8 @@ int ssl_parse_message(const struct streaminfo *a_tcp, struct ssl_runtime_context
 			ssl_context->record.is_offset_header=1;
 			ssl_context->record.header=*ssl_record;
 			ssl_trunk_cache(ssl_context, payload+offset, payload_len-offset, thread_seq);
+			if(*(unsigned char *)((ssl_context->record.cache_buff)+sizeof(struct ssl_record_header))==CLIENT_HELLO)
+				ssl_detain_frag_chello(a_tcp);
 			break;
 		}
 		
@@ -1062,6 +1097,8 @@ int ssl_parse_message(const struct streaminfo *a_tcp, struct ssl_runtime_context
 
 	if(offset==payload_len)
 	{
+		if(ssl_context->record.cache_buff!=NULL && *(unsigned char *)((ssl_context->record.cache_buff)+sizeof(struct ssl_record_header))==CLIENT_HELLO)
+			ssl_detain_chello_finish(a_tcp);
 		ssl_trunk_free(ssl_context, thread_seq);
 	}
author	yangwei <[email protected]>	2024-04-26 20:29:11 +0800
committer	yangwei <[email protected]>	2024-04-27 03:18:04 +0800
commit	edecb5505f60497597c7a827de7e8c0c65ad4f4c (patch)
tree	f12c11edeb011533e746e03e170141e333778e4e
parent	48018375d2283b11ea428f50fc77b68d465c1249 (diff)