minor fix for stream module

phuslu · phuslu · commit ce6ebf95a282 · 2024-02-25T22:16:58.000+08:00
diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
@@ -40,7 +40,7 @@ jobs:
         run: |
           nohup nginx/objs/nginx -p . -c nginx-ssl-fingerprint/nginx.conf </dev/null &>nginx.log &
           sleep 2
-          curl -kv https://127.0.0.1:8833
+          curl -kv https://127.0.0.1:4443
           cat nginx.log
       - name: Fuzzing
         run: |
@@ -53,4 +53,4 @@ jobs:
             pgrep nginx
           done
           curl -kv -sSf https://127.0.0.1:4433
-          curl -kv -sSf https://127.0.0.1:8833
+          curl -kv -sSf https://127.0.0.1:4443
diff --git a/README.md b/README.md
@@ -51,9 +51,9 @@ http {
 #### Example
 
 ```nginx
-http {
+stream {
     server {
-        listen                 127.0.0.1:4433 ssl http2;
+        listen                 127.0.0.1:4443 ssl;
         ssl_certificate        cert.pem;
         ssl_certificate_key    priv.key;
         error_log              /dev/stderr debug;
diff --git a/nginx.conf b/nginx.conf
@@ -8,23 +8,23 @@ events {
 }
 
 http {
+    log_format basic '$remote_addr ja3: $http_ssl_ja3 greased: $http_ssl_greased h2fp: $http2_fingerprint';
     server {
         listen                 0.0.0.0:4433 ssl http2;
-        access_log             /dev/stdout;
+        access_log             /dev/stdout basic;
         ssl_certificate_key    "data:-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIL02pwZutbzkmdIM0QpvD7W3pcL2dGaeWrbQ8pNCHPFeoAoGCCqGSM49\nAwEHoUQDQgAE0Jektzpg3tJx3iPU05WwG4GweCwGWv87kkZQGB+6vG/kQQeOhnZ7\n7TCroQgY4ZVnBRZTD0lvxSyR6rwt3lWQ4A==\n-----END EC PRIVATE KEY-----\n";
         ssl_certificate        "data:-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUN/O0uv7B+18ohuf05ygsoC82liswCgYIKoZIzj0EAwIw\nMTELMAkGA1UEBhMCVVMxDDAKBgNVBAsMA1dlYjEUMBIGA1UEAwwLZXhhbXBsZS5v\ncmcwHhcNMjIwNzI4MTgzMzA2WhcNMjMwNzI5MTgzMzA2WjAxMQswCQYDVQQGEwJV\nUzEMMAoGA1UECwwDV2ViMRQwEgYDVQQDDAtleGFtcGxlLm9yZzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNCXpLc6YN7Scd4j1NOVsBuBsHgsBlr/O5JGUBgfurxv\n5EEHjoZ2e+0wq6EIGOGVZwUWUw9Jb8Uskeq8Ld5VkOCjUzBRMB0GA1UdDgQWBBSH\n9cc3JRcpyPh3nEa41Ux6RDGjLTAfBgNVHSMEGDAWgBSH9cc3JRcpyPh3nEa41Ux6\nRDGjLTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIChRR5U7MMYQ\ntMK0zhNnt2SqRy30VcPIm9qoEms5cNxdAiBb273P7vSkj/PmDd1WsFVkg9NymBaT\n0nsIem2LKav60g==\n-----END CERTIFICATE-----\n";
-        default_type           "application/json";
-        return                 200 '{\n  "ua": "$http_user_agent",\n  "ja3": "$http_ssl_ja3",\n  "h2fp": "$http2_fingerprint",\n  "greased": $http_ssl_greased\n}';
+        return                 200 "ja3: $http_ssl_ja3\ngreased: $http_ssl_greased\nh2fp: $http2_fingerprint\n";
     }
 }
 
 stream {
     log_format basic '$remote_addr ja3: $stream_ssl_ja3 greased: $stream_ssl_greased';
     server {
-        listen                 0.0.0.0:8833 ssl;
+        listen                 0.0.0.0:4443 ssl;
         access_log             /dev/stdout basic;
         ssl_certificate_key    "data:-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIL02pwZutbzkmdIM0QpvD7W3pcL2dGaeWrbQ8pNCHPFeoAoGCCqGSM49\nAwEHoUQDQgAE0Jektzpg3tJx3iPU05WwG4GweCwGWv87kkZQGB+6vG/kQQeOhnZ7\n7TCroQgY4ZVnBRZTD0lvxSyR6rwt3lWQ4A==\n-----END EC PRIVATE KEY-----\n";
         ssl_certificate        "data:-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUN/O0uv7B+18ohuf05ygsoC82liswCgYIKoZIzj0EAwIw\nMTELMAkGA1UEBhMCVVMxDDAKBgNVBAsMA1dlYjEUMBIGA1UEAwwLZXhhbXBsZS5v\ncmcwHhcNMjIwNzI4MTgzMzA2WhcNMjMwNzI5MTgzMzA2WjAxMQswCQYDVQQGEwJV\nUzEMMAoGA1UECwwDV2ViMRQwEgYDVQQDDAtleGFtcGxlLm9yZzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNCXpLc6YN7Scd4j1NOVsBuBsHgsBlr/O5JGUBgfurxv\n5EEHjoZ2e+0wq6EIGOGVZwUWUw9Jb8Uskeq8Ld5VkOCjUzBRMB0GA1UdDgQWBBSH\n9cc3JRcpyPh3nEa41Ux6RDGjLTAfBgNVHSMEGDAWgBSH9cc3JRcpyPh3nEa41Ux6\nRDGjLTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIChRR5U7MMYQ\ntMK0zhNnt2SqRy30VcPIm9qoEms5cNxdAiBb273P7vSkj/PmDd1WsFVkg9NymBaT\n0nsIem2LKav60g==\n-----END CERTIFICATE-----\n";
-        return                 'HTTP/1.1 200 OK\r\n\r\n';
+        return                 "HTTP/1.1 200 OK\r\n\r\nja3: $stream_ssl_ja3\ngreased: $stream_ssl_greased";
     }
 }
diff --git a/src/ngx_http_ssl_fingerprint_module.c b/src/ngx_http_ssl_fingerprint_module.c
@@ -1,7 +1,6 @@
 #include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_http.h>
-#include <ngx_log.h>
 
 extern int ngx_ssl_ja3(ngx_connection_t *c);
 extern int ngx_http2_fingerprint(ngx_connection_t *c, ngx_http_v2_connection_t *h2c);
diff --git a/src/ngx_stream_ssl_fingerprint_preread_module.c b/src/ngx_stream_ssl_fingerprint_preread_module.c
@@ -1,7 +1,8 @@
 #include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_stream.h>
-#include <ngx_md5.h>
+
+extern int ngx_ssl_ja3(ngx_connection_t *c);
 
 static ngx_int_t ngx_stream_ssl_fingerprint_preread_init(ngx_conf_t *cf);
 

Original file line number	Diff line number	Diff line change
`@@ -8,23 +8,23 @@ events {`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`http {`
	`11`	`+ log_format basic '$remote_addr ja3: $http_ssl_ja3 greased: $http_ssl_greased h2fp: $http2_fingerprint';`
`11`	`12`	`server {`
`12`	`13`	`listen 0.0.0.0:4433 ssl http2;`
`13`		`- access_log /dev/stdout;`
	`14`	`+ access_log /dev/stdout basic;`
`14`	`15`	`ssl_certificate_key "data:-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIL02pwZutbzkmdIM0QpvD7W3pcL2dGaeWrbQ8pNCHPFeoAoGCCqGSM49\nAwEHoUQDQgAE0Jektzpg3tJx3iPU05WwG4GweCwGWv87kkZQGB+6vG/kQQeOhnZ7\n7TCroQgY4ZVnBRZTD0lvxSyR6rwt3lWQ4A==\n-----END EC PRIVATE KEY-----\n";`
`15`	`16`	ssl_certificate "data:-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUN/O0uv7B+18ohuf05ygsoC82liswCgYIKoZIzj0EAwIw\nMTELMAkGA1UEBhMCVVMxDDAKBgNVBAsMA1dlYjEUMBIGA1UEAwwLZXhhbXBsZS5v\ncmcwHhcNMjIwNzI4MTgzMzA2WhcNMjMwNzI5MTgzMzA2WjAxMQswCQYDVQQGEwJV\nUzEMMAoGA1UECwwDV2ViMRQwEgYDVQQDDAtleGFtcGxlLm9yZzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNCXpLc6YN7Scd4j1NOVsBuBsHgsBlr/O5JGUBgfurxv\n5EEHjoZ2e+0wq6EIGOGVZwUWUw9Jb8Uskeq8Ld5VkOCjUzBRMB0GA1UdDgQWBBSH\n9cc3JRcpyPh3nEa41Ux6RDGjLTAfBgNVHSMEGDAWgBSH9cc3JRcpyPh3nEa41Ux6\nRDGjLTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIChRR5U7MMYQ\ntMK0zhNnt2SqRy30VcPIm9qoEms5cNxdAiBb273P7vSkj/PmDd1WsFVkg9NymBaT\n0nsIem2LKav60g==\n-----END CERTIFICATE-----\n";
`16`		`- default_type "application/json";`
`17`		`- return 200 '{\n "ua": "$http_user_agent",\n "ja3": "$http_ssl_ja3",\n "h2fp": "$http2_fingerprint",\n "greased": $http_ssl_greased\n}';`
	`17`	`+ return 200 "ja3: $http_ssl_ja3\ngreased: $http_ssl_greased\nh2fp: $http2_fingerprint\n";`
`18`	`18`	`}`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`stream {`
`22`	`22`	`log_format basic '$remote_addr ja3: $stream_ssl_ja3 greased: $stream_ssl_greased';`
`23`	`23`	`server {`
`24`		`- listen 0.0.0.0:8833 ssl;`
	`24`	`+ listen 0.0.0.0:4443 ssl;`
`25`	`25`	`access_log /dev/stdout basic;`
`26`	`26`	`ssl_certificate_key "data:-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIL02pwZutbzkmdIM0QpvD7W3pcL2dGaeWrbQ8pNCHPFeoAoGCCqGSM49\nAwEHoUQDQgAE0Jektzpg3tJx3iPU05WwG4GweCwGWv87kkZQGB+6vG/kQQeOhnZ7\n7TCroQgY4ZVnBRZTD0lvxSyR6rwt3lWQ4A==\n-----END EC PRIVATE KEY-----\n";`
`27`	`27`	ssl_certificate "data:-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUN/O0uv7B+18ohuf05ygsoC82liswCgYIKoZIzj0EAwIw\nMTELMAkGA1UEBhMCVVMxDDAKBgNVBAsMA1dlYjEUMBIGA1UEAwwLZXhhbXBsZS5v\ncmcwHhcNMjIwNzI4MTgzMzA2WhcNMjMwNzI5MTgzMzA2WjAxMQswCQYDVQQGEwJV\nUzEMMAoGA1UECwwDV2ViMRQwEgYDVQQDDAtleGFtcGxlLm9yZzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNCXpLc6YN7Scd4j1NOVsBuBsHgsBlr/O5JGUBgfurxv\n5EEHjoZ2e+0wq6EIGOGVZwUWUw9Jb8Uskeq8Ld5VkOCjUzBRMB0GA1UdDgQWBBSH\n9cc3JRcpyPh3nEa41Ux6RDGjLTAfBgNVHSMEGDAWgBSH9cc3JRcpyPh3nEa41Ux6\nRDGjLTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIChRR5U7MMYQ\ntMK0zhNnt2SqRy30VcPIm9qoEms5cNxdAiBb273P7vSkj/PmDd1WsFVkg9NymBaT\n0nsIem2LKav60g==\n-----END CERTIFICATE-----\n";
`28`		`- return 'HTTP/1.1 200 OK\r\n\r\n';`
	`28`	`+ return "HTTP/1.1 200 OK\r\n\r\nja3: $stream_ssl_ja3\ngreased: $stream_ssl_greased";`
`29`	`29`	`}`
`30`	`30`	`}`