diff options
| author | luwenpeng <[email protected]> | 2021-12-31 14:06:19 +0800 |
|---|---|---|
| committer | luwenpeng <[email protected]> | 2022-01-28 13:10:26 +0800 |
| commit | e2be64b67bd5b737f163d9f24fe6e36126770996 (patch) | |
| tree | adf1914db35c5068df6bb184de512d28970cbf1a /platform/src/proxy.cpp | |
| parent | b54d87f82e7d883421d589b63acf1d29e1c0db0f (diff) | |
TSG-4030 Security Event Logs 中的 SSL.Intercept State 为 Passthrough 时,并未说明引起 Passthrough 的原因v4.5.34-20220128
(当命中 tcp passthrough 时,将 ssl_intercept_status 设置为 passthrough)
Diffstat (limited to 'platform/src/proxy.cpp')
| -rw-r--r-- | platform/src/proxy.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/platform/src/proxy.cpp b/platform/src/proxy.cpp index b485209..b43129f 100644 --- a/platform/src/proxy.cpp +++ b/platform/src/proxy.cpp @@ -192,10 +192,13 @@ int tfe_proxy_fds_accept(struct tfe_proxy * ctx, int fd_downstream, int fd_upstr if (unlikely(ctx->tcp_all_passthrough) || tcp_passthrough > 0) { bool __true = true; + uint64_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH; enum tfe_stream_proto __session_type = STREAM_PROTO_PLAIN; tfe_stream_option_set(stream, TFE_STREAM_OPT_PASSTHROUGH, &__true, sizeof(__true)); tfe_stream_option_set(stream, TFE_STREAM_OPT_SESSION_TYPE, &__session_type, sizeof(__session_type)); + tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)"TCP Passthrough", (uint16_t)strlen("TCP Passthrough")); + tfe_cmsg_set(cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, (const unsigned char *)&ssl_intercept_status, (uint16_t)sizeof(ssl_intercept_status)); } TFE_LOG_DEBUG(ctx->logger, "%p: fetch tcp options: cmsg's tcp_passthrough: %d, conf's tcp_passthrough: %d, enalbe passthrough: %d", stream, tcp_passthrough, ctx->tcp_all_passthrough, (ctx->tcp_all_passthrough > 0 || tcp_passthrough > 0) ? 1 : 0); |