diff options
| author | fumingwei <[email protected]> | 2022-01-18 16:31:32 +0800 |
|---|---|---|
| committer | fumingwei <[email protected]> | 2022-01-18 16:31:32 +0800 |
| commit | cc234d4a1c6a224fcb8f192af1d53ded48822323 (patch) | |
| tree | 19eebe4b8fe7f7ba28b2de531dcb0fecb5700aed | |
| parent | 5718d879f3b37d1e90b8f9834b3837137fb69766 (diff) | |
feature:TSG-9431:KNI发送安全日志时增加ssl_passthrough_reason字段v22.02.01
| -rw-r--r-- | common/include/kni_cmsg.h | 1 | ||||
| -rw-r--r-- | common/src/kni_cmsg.cpp | 1 | ||||
| -rw-r--r-- | entry/include/kni_entry.h | 2 | ||||
| -rw-r--r-- | entry/src/kni_entry.cpp | 7 |
4 files changed, 11 insertions, 0 deletions
diff --git a/common/include/kni_cmsg.h b/common/include/kni_cmsg.h index e39e81e..83294b8 100644 --- a/common/include/kni_cmsg.h +++ b/common/include/kni_cmsg.h @@ -83,6 +83,7 @@ enum tfe_cmsg_tlv_type TFE_CMSG_FQDN_CAT_ID_VAL, // string max size 8 * sizeof(uint32_t) //cmsg common_direction TFE_CMSG_COMMON_DIRECTION, + TFE_CMSG_SSL_PASSTHROUGH_REASON, //cmsg tlv max KNI_CMSG_TLV_NR_MAX, }; diff --git a/common/src/kni_cmsg.cpp b/common/src/kni_cmsg.cpp index 3e834e9..4ba75f3 100644 --- a/common/src/kni_cmsg.cpp +++ b/common/src/kni_cmsg.cpp @@ -255,5 +255,6 @@ void tfe_cmsg_enum_to_string() tfe_cmsg_tlv_type_to_string[TFE_CMSG_COMMON_DIRECTION] = "TFE_CMSG_COMMON_DIRECTION"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_PASSTHROUGH_REASON] = "TFE_CMSG_SSL_PASSTHROUGH_REASON"; } diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h index 45e37e3..1983caf 100644 --- a/entry/include/kni_entry.h +++ b/entry/include/kni_entry.h @@ -151,6 +151,8 @@ struct pme_info{ struct proxy_tcp_option pxy_tcp_option; int pxy_tcp_option_is_scan; struct session_attribute_label *session_attribute; + //for ssl passthrough reason + char ssl_passthrough_reason[KNI_SYMBOL_MAX]; }; struct wrapped_packet{ diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index ee1bc7b..773cf95 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -209,6 +209,9 @@ static int log_generate(struct pme_info *pmeinfo){ if(pmeinfo->ssl_cert_verify != -1){ TLD_append(tld_handle, (char*)"ssl_cert_verify", (void*)pmeinfo->ssl_cert_verify, TLD_TYPE_LONG); } + if (pmeinfo->ssl_intercept_state == 0){ + TLD_append(tld_handle, (char*)"ssl_passthrough_reason", (void*)pmeinfo->ssl_passthrough_reason, TLD_TYPE_STRING); + } } //host if(pmeinfo->protocol == PROTO_HTTP){ @@ -2005,6 +2008,9 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg, case TFE_CMSG_SSL_ERROR: memcpy((char*)&(pmeinfo->ssl_error), value, value_size); break; + case TFE_CMSG_SSL_PASSTHROUGH_REASON: + memcpy(pmeinfo->ssl_passthrough_reason, value, value_size); + break; default: break; } @@ -2028,6 +2034,7 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_PINNING_STATE, sizeof(pmeinfo->ssl_pinningst), logger); wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_CERT_VERIFY, sizeof(pmeinfo->ssl_cert_verify), logger); wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger); + wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, sizeof(pmeinfo->ssl_passthrough_reason), logger); KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d ,pinning state = %d", pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst); |