WAF cc2尝试使用指纹统计方法

2026-01-04 06:16:36 +08:00 · 2023-03-08 16:59:44 +08:00
parent 10ca7321aa
commit 09806b75e7
8 changed files with 103 additions and 1 deletions
--- a/internal/nodes/client_conn_base.go
+++ b/internal/nodes/client_conn_base.go
@@ -17,6 +17,7 @@ type BaseClientConn struct {
 	hasLimit   bool

 	isPersistent bool // 是否为持久化连接
+	fingerprint  []byte

 	isClosed bool

@@ -128,3 +129,13 @@ func (this *BaseClientConn) SetLinger(seconds int) error {
 func (this *BaseClientConn) SetIsPersistent(isPersistent bool) {
 	this.isPersistent = isPersistent
 }
+
+// SetFingerprint 设置指纹信息
+func (this *BaseClientConn) SetFingerprint(fingerprint []byte) {
+	this.fingerprint = fingerprint
+}
+
+// Fingerprint 读取指纹信息
+func (this *BaseClientConn) Fingerprint() []byte {
+	return this.fingerprint
+}
--- a/internal/nodes/client_conn_interface.go
+++ b/internal/nodes/client_conn_interface.go
@@ -26,4 +26,10 @@ type ClientConnInterface interface {

 	// SetIsPersistent 设置是否为持久化
 	SetIsPersistent(isPersistent bool)
+
+	// SetFingerprint 设置指纹信息
+	SetFingerprint(fingerprint []byte)
+
+	// Fingerprint 读取指纹信息
+	Fingerprint() []byte
 }
--- a/internal/nodes/client_tls_conn.go
+++ b/internal/nodes/client_tls_conn.go
@@ -68,3 +68,17 @@ func (this *ClientTLSConn) SetIsPersistent(isPersistent bool) {
 		}
 	}
 }
+
+func (this *ClientTLSConn) Fingerprint() []byte {
+	tlsConn, ok := this.rawConn.(*tls.Conn)
+	if ok {
+		var rawConn = tlsConn.NetConn()
+		if rawConn != nil {
+			clientConn, ok := rawConn.(*ClientConn)
+			if ok {
+				return clientConn.fingerprint
+			}
+		}
+	}
+	return nil
+}
--- a/internal/nodes/http_request_waf.go
+++ b/internal/nodes/http_request_waf.go
@@ -402,3 +402,17 @@ func (this *HTTPRequest) WAFOnAction(action interface{}) (goNext bool) {
 	}
 	return true
 }
+
+func (this *HTTPRequest) WAFFingerprint() []byte {
+	var requestConn = this.RawReq.Context().Value(HTTPConnContextKey)
+	if requestConn == nil {
+		return nil
+	}
+
+	clientConn, ok := requestConn.(ClientConnInterface)
+	if ok {
+		return clientConn.Fingerprint()
+	}
+
+	return nil
+}
--- a/internal/nodes/listener_base.go
+++ b/internal/nodes/listener_base.go
@@ -36,6 +36,15 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
 	return &tls.Config{
 		Certificates: nil,
 		GetConfigForClient: func(clientInfo *tls.ClientHelloInfo) (config *tls.Config, e error) {
+			// 指纹信息
+			var fingerprint = this.calculateFingerprint(clientInfo)
+			if len(fingerprint) > 0 {
+				clientConn, ok := clientInfo.Conn.(ClientConnInterface)
+				if ok {
+					clientConn.SetFingerprint(fingerprint)
+				}
+			}
+
 			tlsPolicy, _, err := this.matchSSL(this.helloServerName(clientInfo))
 			if err != nil {
 				return nil, err
@@ -50,6 +59,15 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
 			return tlsPolicy.TLSConfig(), nil
 		},
 		GetCertificate: func(clientInfo *tls.ClientHelloInfo) (certificate *tls.Certificate, e error) {
+			// 指纹信息
+			var fingerprint = this.calculateFingerprint(clientInfo)
+			if len(fingerprint) > 0 {
+				clientConn, ok := clientInfo.Conn.(ClientConnInterface)
+				if ok {
+					clientConn.SetFingerprint(fingerprint)
+				}
+			}
+
 			tlsPolicy, cert, err := this.matchSSL(this.helloServerName(clientInfo))
 			if err != nil {
 				return nil, err
--- a/internal/nodes/listener_base_ext.go
+++ b/internal/nodes/listener_base_ext.go
@@ -0,0 +1,10 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package nodes
+
+import "crypto/tls"
+
+func (this *BaseListener) calculateFingerprint(clientInfo *tls.ClientHelloInfo) []byte {
+	return nil
+}