Closed alisaosipova closed 2 months ago
sonertari
commented
2 months ago TCP and SSL handshake are handled by libevent underneath. You cannot or are not expected to modify SYN packets. You can or are expected to modify the data packets only. So I can't think of a way to do what you want.
alisaosipova
commented
2 months ago TCP and SSL handshake are handled by libevent underneath. You cannot or are not expected to modify SYN packets. You can or are expected to modify the data packets only. So I can't think of a way to do what you want.
you probably didn't understand... I want to send the sslproxy header along with the SYN packet (I use the sendto() function), and I can tell that it is sent. the problem is that it goes online and is not killed by the child process
sonertari
commented
2 months ago protohttp_filter_request_header_line() removes certain HTTP headers. If what you refer to as "sslproxy_header" (which now I guess is a custom header you somehow add to HTTP headers) indeed shows up among HTTP headers, then yes you can modify protohttp_filter_request_header_line() to remove that header. That's where the original SSLproxy line is removed, as you can see, so that we don't send it to the Internet. I don't know much about TFO, but I doubt that this is the answer you're looking for. And I still think that my first comment is valid.
alisaosipova
commented
2 months ago protohttp_filter_request_header_line() removes certain HTTP headers. If what you refer to as "sslproxy_header" (which now I guess is a custom header you somehow add to HTTP headers) indeed shows up among HTTP headers, then yes you can modify protohttp_filter_request_header_line() to remove that header. That's where the original SSLproxy line is removed, as you can see, so that we don't send it to the Internet. I don't know much about TFO, but I doubt that this is the answer you're looking for. And I still think that my first comment is valid.
how can I make sure that the sslproxy header is not sent in the 3(SYN-ACK) packet? Now, judging by the wireshark, the header is sent in both packets 1 and 3. This means that when I send a request from a client, I receive two identical responses. how to remove it?
sonertari
commented
2 months ago As I tried to explain, it's libevent who handles such details. In fact, I have no idea how you managed to add an sslproxy header to SYN packets (I assume that is the same SSLproxy line I explain in README). If you really have control over libevent or the handshake somehow, you would remove that sslproxy header on the server side of sslproxy (that's where protohttp_filter_request_header_line() removes the sslproxy line). Remind you that you still have not explained how you add the sslproxy header.
alisaosipova
commented
2 months ago Remind you that you still have not explained how you add the sslproxy header.
I'm using tfo and sendto(). The problem is not in sending the header twice, as it turns out. the problem is double reading of this header
I need to tcp fast open(tfo), need to send sslproxy_header in the first(SYN) packet, but when I do this, it goes to the internet and throws 400(Bad request) error from the client. Judging by Wireshark, the header is indeed sent in the SYN packet, but TCP transmission occurs in the SYN ACK packet. How can I fix it? I guess I need this func protohttp_filter_request_header_line