blob: 88131382911d221444849abb90e8d69ad6ef7b0d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
#pragma once
#include <iosfwd>
#include <stddef.h>
namespace vespalib::net::tls::snooping {
constexpr inline size_t min_header_bytes_to_observe() { return 8; }
enum class TlsSnoopingResult {
ProbablyTls, // Very safe to assume TLSv1.x client
HandshakeMismatch, // Almost guaranteed to trigger for plaintext RPC
ProtocolVersionMismatch,
RecordSizeRfcViolation,
RecordNotClientHello,
ClientHelloRecordTooBig,
ExpectedRecordSizeMismatch
};
const char* to_string(TlsSnoopingResult) noexcept;
std::ostream& operator<<(std::ostream& os, TlsSnoopingResult);
// Precondition: buf is at least `min_header_bytes_to_observe()` bytes long. This is the minimum amount
// of bytes always sent for a packet in our existing plaintext production protocols and
// therefore the maximum we can expect to always be present.
// Yes, this is a pragmatic and delightfully leaky abstraction.
TlsSnoopingResult snoop_client_hello_header(const char* buf) noexcept;
const char* describe_result(TlsSnoopingResult result) noexcept;
}
|
