Skip to content

Commit ccfe8f1

Browse files
dedokphuslu
dedok
authored and
phuslu
committed
Fix add_variable, since it called at postconfiguration, and also overwrite v; make possibe working with map ''{} and other nginx.conf releated features by adding no_found; small refactoring of the code to make it more close to official nginx's style and logic
1 parent b0cbf96 commit ccfe8f1

File tree

4 files changed

+111
-126
lines changed

4 files changed

+111
-126
lines changed

config

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
2+
#
3+
# JA3 module conf
4+
#
5+
16
ngx_addon_name=ngx_ssl_fingerprint_module
27

38
CORE_LIBS="$CORE_LIBS"
@@ -8,9 +13,13 @@ STREAM_MODULES="ngx_stream_ssl_fingerprint_preread_module $STREAM_MODULES"
813

914
HTTP_MODULES="$HTTP_MODULES ngx_http_ssl_fingerprint_module"
1015

11-
NGX_ADDON_SRCS="$NGX_ADDON_SRCS \
16+
NGX_ADDON_SRCS="$NGX_ADDON_SRCS \
1217
$ngx_addon_dir/src/nginx_ssl_fingerprint.c \
1318
$ngx_addon_dir/src/ngx_stream_ssl_fingerprint_preread_module.c \
1419
$ngx_addon_dir/src/ngx_http_ssl_fingerprint_module.c
1520
"
1621

22+
CFLAGS="$CFLAGS -I$ngx_addon_dir"
23+
24+
have=NGX_JA3_FINGERPRING_MODULE . auto/have
25+

src/nginx_ssl_fingerprint.c

Lines changed: 13 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@
55
#include <ngx_http_v2.h>
66
#include <ngx_md5.h>
77

8+
#include <nginx_ssl_fingerprint.h>
9+
810
#define IS_GREASE_CODE(code) (((code)&0x0f0f) == 0x0a0a && ((code)&0xff) == ((code)>>8))
911

1012
static inline
@@ -192,20 +194,16 @@ int ngx_ssl_ja3(ngx_connection_t *c)
192194
size_t num = 0, i;
193195
uint16_t n, greased = 0;
194196

195-
if (c == NULL) {
196-
return NGX_DECLINED;
197-
}
198-
199-
if (c->ssl == NULL) {
197+
if (c == NULL || c->ssl == NULL) {
200198
return NGX_DECLINED;
201199
}
202200

203201
data = c->ssl->fp_ja3_data.data;
204-
if (!data) {
202+
if (data == NULL) {
205203
return NGX_DECLINED;
206204
}
207205

208-
if (c->ssl->fp_ja3_str.len > 0) {
206+
if (c->ssl->fp_ja3_str.data != NULL) {
209207
return NGX_OK;
210208
}
211209

@@ -214,7 +212,7 @@ int ngx_ssl_ja3(ngx_connection_t *c)
214212
if (c->ssl->fp_ja3_str.data == NULL) {
215213
/** Else we break a data stream */
216214
c->ssl->fp_ja3_str.len = 0;
217-
return NGX_DECLINED;
215+
return NGX_DECLINED /** NGX_ERROR? */;
218216
}
219217

220218
ngx_log_debug(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_ssl_ja3: alloc bytes: [%d]\n", c->ssl->fp_ja3_str.len);
@@ -300,18 +298,16 @@ int ngx_ssl_ja3(ngx_connection_t *c)
300298

301299
int ngx_ssl_ja3_hash(ngx_connection_t *c)
302300
{
303-
if (c == NULL) {
304-
return NGX_DECLINED;
305-
}
301+
ngx_md5_t ctx;
302+
u_char hash_buf[16];
306303

307-
if (c->ssl == NULL) {
304+
if (c == NULL
305+
|| c->ssl == NULL
306+
|| c->ssl->fp_ja3_hash.len > 0)
307+
{
308308
return NGX_DECLINED;
309309
}
310310

311-
if (c->ssl->fp_ja3_hash.len > 0) {
312-
return NGX_OK;
313-
}
314-
315311
if (ngx_ssl_ja3(c) == NGX_DECLINED) {
316312
return NGX_DECLINED;
317313
}
@@ -326,9 +322,6 @@ int ngx_ssl_ja3_hash(ngx_connection_t *c)
326322

327323
ngx_log_debug(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_ssl_ja3_hash: alloc bytes: [%d]\n", c->ssl->fp_ja3_hash.len);
328324

329-
ngx_md5_t ctx;
330-
u_char hash_buf[16];
331-
332325
ngx_md5_init(&ctx);
333326
ngx_md5_update(&ctx, c->ssl->fp_ja3_str.data, c->ssl->fp_ja3_str.len);
334327
ngx_md5_final(hash_buf, &ctx);
@@ -343,7 +336,7 @@ int ngx_http2_fingerprint(ngx_connection_t *c, ngx_http_v2_connection_t *h2c)
343336
unsigned short n = 0;
344337
size_t i;
345338

346-
if (!h2c) {
339+
if (c == NULL || h2c == NULL) {
347340
return NGX_DECLINED;
348341
}
349342

src/nginx_ssl_fingerprint.h

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
2+
/*
3+
* Obj: nginx_ssl_fingerprint.c
4+
*/
5+
6+
#ifndef NGINX_SSL_FINGERPRINT_H_
7+
#define NGINX_SSL_FINGERPRINT_H_ 1
8+
9+
10+
#include <ngx_config.h>
11+
#include <ngx_core.h>
12+
#include <ngx_http.h>
13+
14+
int ngx_ssl_ja3(ngx_connection_t *c);
15+
int ngx_ssl_ja3_hash(ngx_connection_t *c);
16+
int ngx_http2_fingerprint(ngx_connection_t *c, ngx_http_v2_connection_t *h2c);
17+
18+
#endif /** NGINX_SSL_FINGERPRINT_H_ */
19+

src/ngx_http_ssl_fingerprint_module.c

Lines changed: 69 additions & 105 deletions
Original file line numberDiff line numberDiff line change
@@ -1,61 +1,71 @@
1+
12
#include <ngx_config.h>
23
#include <ngx_core.h>
34
#include <ngx_http.h>
45

5-
extern int ngx_ssl_ja3(ngx_connection_t *c);
6-
extern int ngx_ssl_ja3_hash(ngx_connection_t *c);
7-
extern int ngx_http2_fingerprint(ngx_connection_t *c, ngx_http_v2_connection_t *h2c);
6+
#include <nginx_ssl_fingerprint.h>
87

98
static ngx_int_t ngx_http_ssl_fingerprint_init(ngx_conf_t *cf);
9+
static ngx_int_t ngx_http_ssl_greased(ngx_http_request_t *r,
10+
ngx_http_variable_value_t *v, uintptr_t data);
11+
static ngx_int_t ngx_http_ssl_fingerprint(ngx_http_request_t *r,
12+
ngx_http_variable_value_t *v, uintptr_t data);
13+
static ngx_int_t ngx_http_ssl_fingerprint_hash(ngx_http_request_t *r,
14+
ngx_http_variable_value_t *v, uintptr_t data);
15+
static ngx_int_t ngx_http_http2_fingerprint(ngx_http_request_t *r,
16+
ngx_http_variable_value_t *v, uintptr_t data);
1017

1118
static ngx_http_module_t ngx_http_ssl_fingerprint_module_ctx = {
12-
NULL, /* preconfiguration */
13-
ngx_http_ssl_fingerprint_init, /* postconfiguration */
14-
NULL, /* create main configuration */
15-
NULL, /* init main configuration */
16-
NULL, /* create server configuration */
17-
NULL, /* merge server configuration */
18-
NULL, /* create location configuration */
19-
NULL /* merge location configuration */
19+
ngx_http_ssl_fingerprint_init, /* preconfiguration */
20+
NULL, /* postconfiguration */
21+
NULL, /* create main configuration */
22+
NULL, /* init main configuration */
23+
NULL, /* create server configuration */
24+
NULL, /* merge server configuration */
25+
NULL, /* create location configuration */
26+
NULL /* merge location configuration */
2027
};
2128

2229
ngx_module_t ngx_http_ssl_fingerprint_module = {
2330
NGX_MODULE_V1,
2431
&ngx_http_ssl_fingerprint_module_ctx, /* module context */
25-
NULL, /* module directives */
26-
NGX_HTTP_MODULE, /* module type */
27-
NULL, /* init master */
28-
NULL, /* init module */
29-
NULL, /* init process */
30-
NULL, /* init thread */
31-
NULL, /* exit thread */
32-
NULL, /* exit process */
33-
NULL, /* exit master */
32+
NULL, /* module directives */
33+
NGX_HTTP_MODULE, /* module type */
34+
NULL, /* init master */
35+
NULL, /* init module */
36+
NULL, /* init process */
37+
NULL, /* init thread */
38+
NULL, /* exit thread */
39+
NULL, /* exit process */
40+
NULL, /* exit master */
3441
NGX_MODULE_V1_PADDING};
3542

43+
static ngx_http_variable_t ngx_http_ssl_fingerprint_variables_list[] = {
44+
{ngx_string("http_ssl_greased"), NULL, ngx_http_ssl_greased,
45+
0, NGX_HTTP_VAR_NOCACHEABLE, 0},
46+
{ngx_string("http_ssl_ja3"), NULL, ngx_http_ssl_fingerprint,
47+
0, NGX_HTTP_VAR_NOCACHEABLE, 0},
48+
{ngx_string("http_ssl_ja3_hash"), NULL, ngx_http_ssl_fingerprint_hash,
49+
0, NGX_HTTP_VAR_NOCACHEABLE, 0},
50+
{ngx_string("http2_fingerprint"), NULL, ngx_http_http2_fingerprint,
51+
0, NGX_HTTP_VAR_NOCACHEABLE, 0},
52+
ngx_http_null_variable
53+
};
3654

3755
static ngx_int_t
3856
ngx_http_ssl_greased(ngx_http_request_t *r,
3957
ngx_http_variable_value_t *v, uintptr_t data)
4058
{
41-
if (r->connection == NULL)
42-
{
43-
return NGX_OK;
44-
}
59+
/* For access.log's map $http2_fingerpring {}:
60+
* if it's not found, then user could add a defined string */
61+
v->not_found = 1;
4562

46-
if (r->connection->ssl == NULL)
47-
{
63+
if (ngx_ssl_ja3(r->connection) != NGX_OK) {
4864
return NGX_OK;
4965
}
5066

51-
if (ngx_ssl_ja3(r->connection) == NGX_DECLINED)
52-
{
53-
return NGX_ERROR;
54-
}
55-
5667
v->len = 1;
57-
v->data = (u_char*)(r->connection->ssl->fp_tls_greased ? "1" : "0");
58-
68+
v->data = (u_char*) (r->connection->ssl->fp_tls_greased ? "1" : "0");
5969
v->valid = 1;
6070
v->no_cacheable = 1;
6171
v->not_found = 0;
@@ -67,26 +77,19 @@ static ngx_int_t
6777
ngx_http_ssl_fingerprint(ngx_http_request_t *r,
6878
ngx_http_variable_value_t *v, uintptr_t data)
6979
{
70-
if (r->connection == NULL)
71-
{
72-
return NGX_OK;
73-
}
80+
/* For access.log's map $http2_fingerpring {}:
81+
* if it's not found, then user could add a defined string */
82+
v->not_found = 1;
7483

75-
if (r->connection->ssl == NULL)
76-
{
84+
if (ngx_ssl_ja3(r->connection) != NGX_OK) {
7785
return NGX_OK;
7886
}
7987

80-
if (ngx_ssl_ja3(r->connection) == NGX_DECLINED)
81-
{
82-
return NGX_ERROR;
83-
}
84-
8588
v->data = r->connection->ssl->fp_ja3_str.data;
8689
v->len = r->connection->ssl->fp_ja3_str.len;
87-
v->valid = 1;
8890
v->no_cacheable = 1;
8991
v->not_found = 0;
92+
v->valid = 1;
9093

9194
return NGX_OK;
9295
}
@@ -95,26 +98,19 @@ static ngx_int_t
9598
ngx_http_ssl_fingerprint_hash(ngx_http_request_t *r,
9699
ngx_http_variable_value_t *v, uintptr_t data)
97100
{
98-
if (r->connection == NULL)
99-
{
100-
return NGX_OK;
101-
}
101+
/* For access.log's map $http2_fingerpring {}:
102+
* if it's not found, then user could add a defined string */
103+
v->not_found = 1;
102104

103-
if (r->connection->ssl == NULL)
104-
{
105+
if (ngx_ssl_ja3_hash(r->connection) != NGX_OK) {
105106
return NGX_OK;
106107
}
107108

108-
if (ngx_ssl_ja3_hash(r->connection) == NGX_DECLINED)
109-
{
110-
return NGX_ERROR;
111-
}
112-
113109
v->data = r->connection->ssl->fp_ja3_hash.data;
114110
v->len = r->connection->ssl->fp_ja3_hash.len;
115-
v->valid = 1;
116111
v->no_cacheable = 1;
117112
v->not_found = 0;
113+
v->valid = 1;
118114

119115
return NGX_OK;
120116
}
@@ -123,77 +119,45 @@ static ngx_int_t
123119
ngx_http_http2_fingerprint(ngx_http_request_t *r,
124120
ngx_http_variable_value_t *v, uintptr_t data)
125121
{
126-
if (r->connection == NULL)
127-
{
128-
return NGX_OK;
129-
}
122+
/* For access.log's map $http2_fingerpring {}:
123+
* if it's not found, then user could add a defined string */
124+
v->not_found = 1;
130125

131-
if (r->stream == NULL)
132-
{
126+
if (r->stream == NULL) {
133127
return NGX_OK;
134128
}
135129

136-
if (r->stream->connection == NULL)
130+
if (ngx_http2_fingerprint(r->connection, r->stream->connection)
131+
!= NGX_OK)
137132
{
138133
return NGX_OK;
139134
}
140135

141-
if (ngx_http2_fingerprint(r->connection, r->stream->connection) == NGX_DECLINED)
142-
{
143-
return NGX_ERROR;
144-
}
145-
146136
v->data = r->stream->connection->fp_str.data;
147137
v->len = r->stream->connection->fp_str.len;
148138
v->valid = 1;
149-
v->no_cacheable = 1;
150139
v->not_found = 0;
140+
v->no_cacheable = 1;
151141

152142
return NGX_OK;
153143
}
154144

155-
static ngx_http_variable_t ngx_http_ssl_fingerprint_variables_list[] = {
156-
{ngx_string("http_ssl_greased"),
157-
NULL,
158-
ngx_http_ssl_greased,
159-
0, 0, 0},
160-
{ngx_string("http_ssl_ja3"),
161-
NULL,
162-
ngx_http_ssl_fingerprint,
163-
0, 0, 0},
164-
{ngx_string("http_ssl_ja3_hash"),
165-
NULL,
166-
ngx_http_ssl_fingerprint_hash,
167-
0, 0, 0},
168-
{ngx_string("http2_fingerprint"),
169-
NULL,
170-
ngx_http_http2_fingerprint,
171-
0, 0, 0},
172-
};
173-
174145
static ngx_int_t
175146
ngx_http_ssl_fingerprint_init(ngx_conf_t *cf)
176147
{
148+
ngx_http_variable_t *var, *v;
177149

178-
ngx_http_variable_t *v;
179-
size_t l = 0;
180-
size_t vars_len;
181-
182-
vars_len = (sizeof(ngx_http_ssl_fingerprint_variables_list) /
183-
sizeof(ngx_http_ssl_fingerprint_variables_list[0]));
150+
for (v = ngx_http_ssl_fingerprint_variables_list; v->name.len; v++) {
184151

185-
/* Register variables */
186-
for (l = 0; l < vars_len; ++l)
187-
{
188-
v = ngx_http_add_variable(cf,
189-
&ngx_http_ssl_fingerprint_variables_list[l].name,
190-
ngx_http_ssl_fingerprint_variables_list[l].flags);
191-
if (v == NULL)
192-
{
193-
continue;
152+
var = ngx_http_add_variable(cf, &v->name, v->flags);
153+
if (var == NULL) {
154+
return NGX_ERROR;
194155
}
195-
*v = ngx_http_ssl_fingerprint_variables_list[l];
156+
/** NOTE: update it, if set_handler will be needed */
157+
var->get_handler = v->get_handler;
158+
var->data = v->data;
196159
}
197160

198161
return NGX_OK;
199162
}
163+

0 commit comments

Comments
 (0)