diff options
| author | yangwei <[email protected]> | 2024-06-05 20:51:08 +0800 |
|---|---|---|
| committer | yangwei <[email protected]> | 2024-06-05 20:51:08 +0800 |
| commit | 0a0609fb518eaa73a91be95a0b8fd258380ce9f1 (patch) | |
| tree | 1952c87f6b26a5cb58394cffb947e31ab6d561a8 | |
| parent | 4a7df4a3906fa953a4747010c25fdf018e43b877 (diff) | |
✨ feat(ssh.h): export frag chello api get0 and free
| -rw-r--r-- | bin/ssl/ssl_main.conf | 1 | ||||
| -rw-r--r-- | src/SSL_Analyze.c | 27 | ||||
| -rw-r--r-- | src/SSL_Analyze.h | 6 | ||||
| -rw-r--r-- | src/SSL_Message.c | 26 | ||||
| -rw-r--r-- | src/ssl.h | 11 |
5 files changed, 50 insertions, 21 deletions
diff --git a/bin/ssl/ssl_main.conf b/bin/ssl/ssl_main.conf index 46d62ed..f1f16d8 100644 --- a/bin/ssl/ssl_main.conf +++ b/bin/ssl/ssl_main.conf @@ -11,4 +11,3 @@ STAT_FIELD_DST_IP=127.0.0.1 STAT_FIELD_DST_PORT=8125 DETAIN_FRAG_CHELLO_NUM=0 -SSL_STAT_REFRESH_S=0 diff --git a/src/SSL_Analyze.c b/src/SSL_Analyze.c index 64075b8..cff6096 100644 --- a/src/SSL_Analyze.c +++ b/src/SSL_Analyze.c @@ -210,21 +210,21 @@ extern "C" char SSL_DETAIN_ENTRY(const struct streaminfo *a_tcp, void**pme, int { if (a_tcp->curdir == DIR_C2S)// only c2s packet trigger frag chello finish { - struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx); + struct frag_chello_internal *pkts = (struct frag_chello_internal *)stream_bridge_async_data_get(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx); if (pkts && pkts->finish == 1) { struct detain_pkt *p = NULL; - for (unsigned int i = 0; i < pkts->p_sz; i++) + for (unsigned int i = 0; i < pkts->frag_chello.p_sz; i++) { - p = pkts->p[i]; + p = pkts->frag_chello.p[i]; if (p)MESA_detain_pkt_forward_based_on_stream(a_tcp, p); if(g_ssl_prog_para.stat_handler) { FS_operate(g_ssl_prog_para.stat_handler, g_ssl_prog_para.stat_field[FS_METRIC_DETAIN_FRAG_CHELLO_FORWARD], 0, FS_OP_ADD, 1); } - pkts->p[i] = NULL; + pkts->frag_chello.p[i] = NULL; } - pkts->p_sz = 0; + pkts->frag_chello.p_sz = 0; return APP_STATE_DROPME; } } @@ -233,22 +233,23 @@ extern "C" char SSL_DETAIN_ENTRY(const struct streaminfo *a_tcp, void**pme, int return APP_STATE_DROPME; } + static void ssl_retain_packet_bridge_free(const struct streaminfo *stream, int bridge_id, void *data) { - struct frag_chello *pkts = (struct frag_chello *)data; + struct frag_chello_internal *pkts = (struct frag_chello_internal *)data; struct detain_pkt *p=NULL; if (pkts) { - if(pkts->p_sz > 0) + if(pkts->frag_chello.p_sz > 0) { if(g_ssl_prog_para.stat_handler) { FS_operate(g_ssl_prog_para.stat_handler, g_ssl_prog_para.stat_field[FS_METRIC_DETAIN_FRAG_CHELLO_TIMEOUT], 0, FS_OP_ADD, 1); } } - for(unsigned int i = 0; i < pkts->p_sz; i++) + for(unsigned int i = 0; i < pkts->frag_chello.p_sz; i++) { - p=pkts->p[i]; + p=pkts->frag_chello.p[i]; if (p)MESA_detain_pkt_free(p); if(g_ssl_prog_para.stat_handler) { @@ -261,6 +262,14 @@ static void ssl_retain_packet_bridge_free(const struct streaminfo *stream, int b return; } +void ssl_frag_chello_free(struct streaminfo *a_tcp) +{ + if(g_ssl_prog_para.detain_frag_chello_num == 0)return; + struct frag_chello_internal *pkts = (struct frag_chello_internal *)stream_bridge_async_data_get(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx); + ssl_retain_packet_bridge_free(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx, pkts); + stream_bridge_async_data_put(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx, NULL); + return; +} int SSL_INIT(void) { diff --git a/src/SSL_Analyze.h b/src/SSL_Analyze.h index 62d37ed..57c77c1 100644 --- a/src/SSL_Analyze.h +++ b/src/SSL_Analyze.h @@ -95,11 +95,9 @@ struct ssl_proto_tag_t }; #define SSL_FRAG_CHELLO_BRIDEGE_NAME "SSL_FRAG_CHELLO_BRIDGE" -#define MAX_DETAIN_FRAG_CHELLO_NUM 8 -struct frag_chello +struct frag_chello_internal { - struct detain_pkt *p[MAX_DETAIN_FRAG_CHELLO_NUM]; - unsigned int p_sz; + struct ssl_frag_chello frag_chello; unsigned int finish; }; diff --git a/src/SSL_Message.c b/src/SSL_Message.c index 11cf8a4..15de60a 100644 --- a/src/SSL_Message.c +++ b/src/SSL_Message.c @@ -926,14 +926,26 @@ UCHAR ssl_analyseSsl(char *pcSslData, int iDataLen, int *res, ssl_stream *a_ssl_ } #include "field_stat2.h" + +struct ssl_frag_chello *ssl_frag_chello_get0(struct streaminfo *a_tcp) +{ + if(g_ssl_prog_para.detain_frag_chello_num == 0 || a_tcp->curdir != DIR_C2S || a_tcp->dir != DIR_DOUBLE)return NULL; + struct frag_chello_internal *pkts = (struct frag_chello_internal *)stream_bridge_async_data_get(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx); + if(pkts) + { + return &pkts->frag_chello; + } + return NULL; +} + static void ssl_detain_frag_chello(const struct streaminfo *a_tcp) { if(g_ssl_prog_para.detain_frag_chello_num == 0 || a_tcp->curdir != DIR_C2S || a_tcp->dir != DIR_DOUBLE)return; - struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx); + struct frag_chello_internal *pkts = (struct frag_chello_internal *)stream_bridge_async_data_get(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx); if (pkts == NULL) { - pkts=(struct frag_chello *)calloc(sizeof(struct frag_chello), 1); + pkts=(struct frag_chello_internal *)calloc(sizeof(struct frag_chello_internal), 1); if(g_ssl_prog_para.stat_handler) { FS_operate(g_ssl_prog_para.stat_handler, g_ssl_prog_para.stat_field[FS_METRIC_DETAIN_FRAG_CHELLO_SESSION], 0, FS_OP_ADD, 1); @@ -942,11 +954,11 @@ static void ssl_detain_frag_chello(const struct streaminfo *a_tcp) if(pkts->finish == 1)return; const void *p = get_current_rawpkt_from_streaminfo(a_tcp); struct detain_pkt *dpkt=MESA_rawpkt_detain(a_tcp, p); - if(dpkt && pkts->p_sz<g_ssl_prog_para.detain_frag_chello_num) + if(dpkt && pkts->frag_chello.p_sz<g_ssl_prog_para.detain_frag_chello_num) { - pkts->p[pkts->p_sz]=dpkt; - pkts->p_sz+=1; - if(pkts->p_sz==g_ssl_prog_para.detain_frag_chello_num)pkts->finish=1; + pkts->frag_chello.p[pkts->frag_chello.p_sz]=dpkt; + pkts->frag_chello.p_sz+=1; + if(pkts->frag_chello.p_sz==g_ssl_prog_para.detain_frag_chello_num)pkts->finish=1; if(g_ssl_prog_para.stat_handler) { FS_operate(g_ssl_prog_para.stat_handler, g_ssl_prog_para.stat_field[FS_METRIC_DETAIN_FRAG_CHELLO_NUM], 0, FS_OP_ADD, 1); @@ -959,7 +971,7 @@ static void ssl_detain_frag_chello(const struct streaminfo *a_tcp) static void ssl_detain_chello_finish(const struct streaminfo *a_tcp) { if(g_ssl_prog_para.detain_frag_chello_num == 0)return; - struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx); + struct frag_chello_internal *pkts = (struct frag_chello_internal *)stream_bridge_async_data_get(a_tcp, g_ssl_prog_para.frag_chello_exdata_idx); if(pkts)pkts->finish=1; if(g_ssl_prog_para.stat_handler) { @@ -332,6 +332,17 @@ int ssl_ja3_init(void); struct _ssl_ja3_info_t *ssl_get_ja3_fingerprint(struct streaminfo *stream, unsigned char *payload, int payload_len, int thread_seq); struct _ssl_ja3s_info_t *ssl_get_ja3s_fingerprint(struct streaminfo *stream, unsigned char *payload, int payload_len, int thread_seq); +#define MAX_DETAIN_FRAG_CHELLO_NUM 8 +struct ssl_frag_chello +{ + struct detain_pkt *p[MAX_DETAIN_FRAG_CHELLO_NUM]; + unsigned int p_sz; +}; + +struct ssl_frag_chello *ssl_frag_chello_get0(struct streaminfo *stream); +void ssl_frag_chello_free(struct streaminfo *stream); + + #ifdef __cplusplus } #endif |