add sid for connector log
This commit is contained in:
@@ -25,7 +25,7 @@ func Sniffing(ctx context.Context, rdw io.ReadWriter) (rw io.ReadWriter, host st
|
||||
if err == nil &&
|
||||
hdr[0] == dissector.Handshake &&
|
||||
(tlsVersion >= tls.VersionTLS10 && tlsVersion <= tls.VersionTLS13) {
|
||||
rw, host, err = sniffSNI(ctx, rw)
|
||||
rw, host, err = sniffSNI(rw)
|
||||
protocol = ProtoTLS
|
||||
return
|
||||
}
|
||||
@@ -48,32 +48,19 @@ func Sniffing(ctx context.Context, rdw io.ReadWriter) (rw io.ReadWriter, host st
|
||||
return
|
||||
}
|
||||
|
||||
func sniffSNI(ctx context.Context, rw io.ReadWriter) (io.ReadWriter, string, error) {
|
||||
func sniffSNI(rw io.ReadWriter) (io.ReadWriter, string, error) {
|
||||
buf := new(bytes.Buffer)
|
||||
host, err := getServerName(ctx, io.TeeReader(rw, buf))
|
||||
host, err := getServerName(io.TeeReader(rw, buf))
|
||||
rw = xio.NewReadWriter(io.MultiReader(buf, rw), rw)
|
||||
return rw, host, err
|
||||
}
|
||||
|
||||
func getServerName(ctx context.Context, r io.Reader) (host string, err error) {
|
||||
record, err := dissector.ReadRecord(r)
|
||||
func getServerName(r io.Reader) (host string, err error) {
|
||||
clientHello, err := dissector.ParseClientHello(r)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
clientHello := dissector.ClientHelloMsg{}
|
||||
if err = clientHello.Decode(record.Opaque); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
for _, ext := range clientHello.Extensions {
|
||||
if ext.Type() == dissector.ExtServerName {
|
||||
snExtension := ext.(*dissector.ServerNameExtension)
|
||||
host = snExtension.Name
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
host = clientHello.ServerName
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
+92
-23
@@ -6,6 +6,7 @@ import (
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@@ -20,7 +21,9 @@ const (
|
||||
VersionTLS13 = "VersionTLS13"
|
||||
)
|
||||
|
||||
// Cipher suites from https://pkg.go.dev/crypto/tls#pkg-constants
|
||||
const (
|
||||
// TLS 1.0 - 1.2 cipher suites.
|
||||
TLS_RSA_WITH_RC4_128_SHA = "TLS_RSA_WITH_RC4_128_SHA"
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA = "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA"
|
||||
@@ -43,8 +46,74 @@ const (
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
|
||||
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
|
||||
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
|
||||
|
||||
// TLS 1.3 cipher suites.
|
||||
TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256"
|
||||
TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384"
|
||||
TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256"
|
||||
|
||||
// TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator
|
||||
// that the client is doing version fallback. See RFC 7507.
|
||||
TLS_FALLBACK_SCSV = "TLS_FALLBACK_SCSV"
|
||||
)
|
||||
|
||||
var (
|
||||
cipherSuites = map[uint16]string{
|
||||
tls.TLS_RSA_WITH_RC4_128_SHA: TLS_RSA_WITH_RC4_128_SHA,
|
||||
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA: TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA: TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_256_CBC_SHA: TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA256: TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
tls.TLS_RSA_WITH_AES_128_GCM_SHA256: TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_RSA_WITH_AES_256_GCM_SHA384: TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA: TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
|
||||
tls.TLS_AES_128_GCM_SHA256: TLS_AES_128_GCM_SHA256,
|
||||
tls.TLS_AES_256_GCM_SHA384: TLS_AES_256_GCM_SHA384,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256: TLS_CHACHA20_POLY1305_SHA256,
|
||||
}
|
||||
|
||||
versions = map[uint16]string{
|
||||
tls.VersionSSL30: "sslv3",
|
||||
tls.VersionTLS10: "tls1.0",
|
||||
tls.VersionTLS11: "tls1.1",
|
||||
tls.VersionTLS12: "tls1.2",
|
||||
tls.VersionTLS13: "tls1.3",
|
||||
}
|
||||
)
|
||||
|
||||
type CipherSuite uint16
|
||||
|
||||
func (cs CipherSuite) String() string {
|
||||
if v, ok := cipherSuites[uint16(cs)]; ok {
|
||||
return v
|
||||
}
|
||||
return strconv.Itoa(int(cs))
|
||||
}
|
||||
|
||||
type Version uint16
|
||||
|
||||
func (ver Version) String() string {
|
||||
if v, ok := versions[uint16(ver)]; ok {
|
||||
return v
|
||||
}
|
||||
return strconv.Itoa(int(ver))
|
||||
}
|
||||
|
||||
// LoadDefaultConfig loads the certificate from cert & key files and optional CA file.
|
||||
func LoadDefaultConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
|
||||
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||
@@ -175,50 +244,50 @@ func SetTLSOptions(cfg *tls.Config, opts *config.TLSOptions) {
|
||||
cfg.MaxVersion = tls.VersionTLS13
|
||||
}
|
||||
for _, v := range opts.CipherSuites {
|
||||
switch strings.ToLower(v) {
|
||||
case strings.ToLower(TLS_RSA_WITH_RC4_128_SHA):
|
||||
switch strings.ToUpper(v) {
|
||||
case TLS_RSA_WITH_RC4_128_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_RSA_WITH_RC4_128_SHA)
|
||||
case strings.ToLower(TLS_RSA_WITH_3DES_EDE_CBC_SHA):
|
||||
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA)
|
||||
case strings.ToLower(TLS_RSA_WITH_AES_128_CBC_SHA):
|
||||
case TLS_RSA_WITH_AES_128_CBC_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_RSA_WITH_AES_128_CBC_SHA)
|
||||
case strings.ToLower(TLS_RSA_WITH_AES_256_CBC_SHA):
|
||||
case TLS_RSA_WITH_AES_256_CBC_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_RSA_WITH_AES_256_CBC_SHA)
|
||||
case strings.ToLower(TLS_RSA_WITH_AES_128_CBC_SHA256):
|
||||
case TLS_RSA_WITH_AES_128_CBC_SHA256:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_RSA_WITH_AES_128_CBC_SHA256)
|
||||
case strings.ToLower(TLS_RSA_WITH_AES_128_GCM_SHA256):
|
||||
case TLS_RSA_WITH_AES_128_GCM_SHA256:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_RSA_WITH_AES_128_GCM_SHA256)
|
||||
case strings.ToLower(TLS_RSA_WITH_AES_256_GCM_SHA384):
|
||||
case TLS_RSA_WITH_AES_256_GCM_SHA384:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_RSA_WITH_AES_256_GCM_SHA384)
|
||||
case strings.ToLower(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA):
|
||||
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
|
||||
case strings.ToLower(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA):
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
|
||||
case strings.ToLower(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA):
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
|
||||
case strings.ToLower(TLS_ECDHE_RSA_WITH_RC4_128_SHA):
|
||||
case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA)
|
||||
case strings.ToLower(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA):
|
||||
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
|
||||
case strings.ToLower(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA):
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
|
||||
case strings.ToLower(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA):
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
|
||||
case strings.ToLower(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256):
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
|
||||
case strings.ToLower(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256):
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
|
||||
case strings.ToLower(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256):
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
|
||||
case strings.ToLower(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256):
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
|
||||
case strings.ToLower(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384):
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
|
||||
case strings.ToLower(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384):
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
|
||||
case strings.ToLower(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256):
|
||||
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256)
|
||||
case strings.ToLower(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256):
|
||||
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
|
||||
cfg.CipherSuites = append(cfg.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user