Add tcp syn packet fingerprinting to redbean

This change also fixes bugs in enoprotoopt reporting with setsockopt and getsockopt error returns.
2025-06-28 15:28:30 +00:00 · 2022-07-17 02:40:39 -07:00 · 2022-07-17 02:40:39 -07:00 · 4d25f8c3c9
commit 4d25f8c3c9
parent 866b21a151
75 changed files with 1551 additions and 115 deletions
--- a/tool/net/demo/.init.lua
+++ b/tool/net/demo/.init.lua
@ -20,8 +20,20 @@ db:exec[[
  INSERT INTO test (content) VALUES ('Hello Sqlite3');
 ]]

+function OnServerListen(fd, ip, port)
+   unix.setsockopt(fd, unix.SOL_TCP, unix.TCP_SAVE_SYN, true)
+   return false
+end
+
+function OnClientConnection(ip, port, serverip, serverport)
+   syn, synerr = unix.getsockopt(GetClientFd(), unix.SOL_TCP, unix.TCP_SAVED_SYN)
+end
+
 -- this intercepts all requests if it's defined
 function OnHttpRequest()
+   Log(kLogInfo, "client is running %s and reports %s" % {
+          finger.GetSynFingerOs(finger.FingerSyn(syn)),
+          GetHeader('User-Agent')})
   if HasParam('magic') then
      Write('<p>\r\n')
      Write('OnHttpRequest() has intercepted your request<br>\r\n')
--- a/tool/net/demo/finger.lua
+++ b/tool/net/demo/finger.lua
@ -0,0 +1,65 @@
+-- fingerprinting example
+
+Write[[<!doctype html>
+
+<title>redbean binary trees</title>
+
+<style>
+  body { padding: 1em; }
+  h1 a { color: inherit; text-decoration: none; }
+  h1 img { border: none; vertical-align: middle; }
+  input { margin: 1em; padding: .5em; }
+  p { word-break: break-word; max-width: 650px; }
+  dt { font-family: monospace; }
+  dd { margin-top: 1em; margin-bottom: 1em; }
+  .hdr { text-indent: -1em; padding-left: 1em; }
+</style>
+
+<h1>
+  <a href="/"><img src="/redbean.png"></a>
+  <a href="finger.lua">redbean finger demo</a>
+</h1>
+
+]]
+
+Write[[
+  <h2>Your TCP SYN Packet</h2>
+]]
+-- See .init.lua hooks which set SYN and SYNERR globals.
+if syn then
+   if syn ~= '' then
+      Write('<dl>\r\n')
+      Write('<dt>syn = unix.getsockopt(GetClientFd(), unix.SOL_TCP, unix.TCP_SAVED_SYN)\r\n')
+      Write('<dd>')
+      Write(EscapeHtml(EncodeLua(syn)))
+      Write('\r\n')
+      Write('<dt>finger.FingerSyn(syn)\r\n')
+      Write('<dd>')
+      Write(EscapeHtml(EncodeLua(finger.FingerSyn(syn))))
+      Write('\r\n')
+      Write('<dt>finger.DescribeSyn(syn)\r\n')
+      Write('<dd>')
+      Write(EscapeHtml(EncodeLua(finger.DescribeSyn(syn))))
+      Write('\r\n')
+      Write('<dt>finger.GetSynFingerOs(finger.FingerSyn(syn))\r\n')
+      Write('<dd>')
+      Write(EscapeHtml(EncodeLua(finger.GetSynFingerOs(finger.FingerSyn(syn)))))
+      Write('\r\n')
+      Write('</dl>\r\n')
+   else
+      Write([[
+        <p>
+          your operating system returned an empty string as the syn
+          packet! did you remember to use setsockopt(TCP_SAVE_SYN)?
+          did you call getsockopt(TCP_SAVED_SYN) more than once?
+        </p>
+      ]])
+   end
+else
+   Write([[
+     <p>
+       your operating system most likely doesn't support TCP_SAVED_SYN
+       because getsockopt() returned %s.
+     </p>
+   ]] % {EscapeHtml(tostring(synerr))})
+end