Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

postgresql: Simplify SSL buffering and forwarding

Browse source 
The ssl_sink can only be connected form the backend side, so don't
overcomplicate it.
This commit is contained in:
Arne Welzel 2024-09-06 15:49:42 +02:00
parent 85ca59484b
commit d0da13413b
1 changed files with 15 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

34
src/analyzer/protocol/postgresql/postgresql.spicy
View file

@ -64,7 +64,8 @@ public type FrontendMessages = unit {
on %init { on %init {
# Until the first FrontendMessages are initialized, ssl_sink in the # Until the first FrontendMessages are initialized, ssl_sink in the
# context is a Null reference. Also, we want to use a single sink # context is a Null reference. Also, we want to use a single sink
# for both, frontend and backend by calling beg # for both, frontend and backend by calling begin_protocol() within
# the SSLSink's %init hook (see postgresql_zeek.spicy).
self.context().ssl_sink = self.s1; self.context().ssl_sink = self.s1;
} }
@ -112,9 +113,9 @@ public type FrontendMessages = unit {
# the context() is populated. # the context() is populated.
# #
# In normal operations, Zeek should see the server's response before # In normal operations, Zeek should see the server's response before
# attempting to parse more data, but Robin was concerned it that in # attempting to parse more data, but Robin was concerned that in some
# some circumstances (out-of-order packets, reassembly artifacts) we # circumstances (out-of-order packets, reassembly artifacts) we may
# may see the client's data before the server's. # see the client's data before the server's.
# #
# In the future, barrier: https://github.com/zeek/spicy/pull/1373 # In the future, barrier: https://github.com/zeek/spicy/pull/1373
: bytes &chunked &eod { : bytes &chunked &eod {
@ -126,14 +127,11 @@ public type FrontendMessages = unit {
} else { } else {
# print "frontend ssl_state backend set!", self.context(); # print "frontend ssl_state backend set!", self.context();
if (!self.s1_connected) { if (!self.s1_connected) {
if (self.context().ssl_backend_state == SSLBackendState::S) { if (self.context().ssl_backend_state == SSLBackendState::N) {
if (!self.context().ssl_sink_connected) {
self.context().ssl_sink.connect(new SSLSink());
self.context().ssl_sink_connected = True;
}
} else {
# print "connecting plain frontend messages";
self.s1.connect(new PlainFrontendMessages()); self.s1.connect(new PlainFrontendMessages());
} else {
assert (self.context().ssl_sink_connected);
assert (self.context().ssl_backend_state == SSLBackendState::S);
} }
self.s1_connected = True; self.s1_connected = True;
@ -181,22 +179,20 @@ type SimpleQuery = unit {
}; };
# The client has requested SSL, the server either confirms (S) or # The client has requested SSL, the server either confirms (S) or
# stays in plaintext (N) mode. Depending on the result, we connect # denies (N). Depending on the result, the ssl_sink in the context
# our sink to the SSL sink, or to a PlainBackendMessages unit. # is connected with a SSLUnit and used, or a sink connected with the
# PlainBackendMessages unit.
# #
type MaybeBackendSSL = unit(ctx: Context&) { type MaybeBackendSSL = unit(ctx: Context&) {
# Connected to SSLSink or plaintext messages.
# Connected SSL, or plaintext.
sink s1; sink s1;
ssl_byte: uint8 &requires=($$ == 'S' || $$ == 'N') { ssl_byte: uint8 &requires=($$ == 'S' || $$ == 'N') {
# print "backend ssl_byte", $$; # print "backend ssl_byte", $$;
if ($$ == 'S') { if ($$ == 'S') {
ctx.ssl_backend_state = SSLBackendState::S; ctx.ssl_backend_state = SSLBackendState::S;
if (!ctx.ssl_sink_connected) { ctx.ssl_sink.connect(new SSLSink());
ctx.ssl_sink.connect(new SSLSink()); ctx.ssl_sink_connected = True;
ctx.ssl_sink_connected = True;
}
# Share the SSL sink with the frontend. # Share the SSL sink with the frontend.
self.s1 = ctx.ssl_sink; self.s1 = ctx.ssl_sink;