gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
09488ce1eb0b2930f4523e44620d4b34d4711897
tango-kni/kni_entry.c

917 lines
25 KiB
C
Raw Normal View History

kni.c代码2000+行,分解为kni_entry.c,kni_comm.c,kni_connect.c,kni_repair.c;
2018-08-22 14:50:00 +08:00
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <net/ethernet.h>
#include "kni_entry.h"
int g_kni_version_VERSION_20180822;
struct kni_var_comm g_kni_comminfo;
struct kni_var_struct g_kni_structinfo;
struct kni_var_maat g_kni_maatinfo;
struct kni_fs2_info g_kni_fs2_info;
struct kni_switch_info g_kni_switch_info;
char g_kni_cardname[KNI_CARD_NUM][KNI_CONF_MAXLEN];
int g_kni_threadseq[KNI_MAX_THREADNUM];
int kni_init_pmeinfo(void** pme)
{
struct kni_pme_info* pmeinfo=(struct kni_pme_info*)malloc(sizeof(struct kni_pme_info));
memset(pmeinfo,0,sizeof(struct kni_pme_info));
*pme=pmeinfo;
return 0;
}
int kni_free_pmeinfo(void** pme)
{
struct kni_pme_info* pmeinfo=(struct kni_pme_info*)*pme;
Maat_clean_status(&(pmeinfo->mid));
free(pmeinfo);
pmeinfo=NULL;
return 0;
}
/***************************************************************************************
return :state_flag
kni_bmd:STAT_FLAG_SNIBMD
not kni_bmd:STAT_FLAG_SSL_NOBMD
***************************************************************************************/
int kni_scan_domain(char* domain,int domain_len,int thread_seq,scan_status_t mid)
{
int i=0;
int action=KNI_ACTION_NONE;
int string_scan_num=0;
int found_pos;
struct Maat_rule_t maat_result[KNI_MAX_SAMENUM];
string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,domain,domain_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq);
for(i=0;i<string_scan_num;i++)
{
action=abs(maat_result[i].action);
if(action==KNI_ACTION_WHITELIST)
{
return action;
}
}
return action;
}
/***************************************************************************************
return :action
default:ipscan_num =0 or =1,not >1
***************************************************************************************/
int kni_scan_ip(struct ipaddr* addr,int thread_seq,int protocol,scan_status_t mid)
{
int i=0;
int action=KNI_ACTION_NONE;
int ipscan_num=0;
struct Maat_rule_t maat_result[KNI_MAX_SAMENUM];
ipscan_num=Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ip,addr,protocol,maat_result,KNI_MAX_SAMENUM,&mid,thread_seq);
for(i=0;i<ipscan_num;i++)
{
action=abs(maat_result[i].action);
if(action==KNI_ACTION_WHITELIST)
{
return action;
}
}
return action;
}
int kni_htable_add(const struct streaminfo* pstream,const struct ip* ip_hdr,struct kni_pme_info* pmeinfo)
{
int iprevers=0;
struct stream_tuple4_v4 ipv4_addr;
struct layer_addr_mac* mac_addr=(struct layer_addr_mac*)((char*)ip_hdr-KNI_ETHER_LEN);
struct kni_htable_datainfo* datainfo=(struct kni_htable_datainfo*)malloc(sizeof(struct kni_htable_datainfo));
memset(datainfo,0,sizeof(struct kni_htable_datainfo));
iprevers=kni_get_ipaddr_v4((void*)ip_hdr,&ipv4_addr);
//send pkt info
if(iprevers==0)
{
datainfo->route_dir=pstream->routedir;
memcpy(datainfo->smac,mac_addr->src_mac,MAC_ADDR_LEN);
memcpy(datainfo->dmac,mac_addr->dst_mac,MAC_ADDR_LEN);
}
else
{
// datainfo->route_dir=MESA_dir_reverse(pstream->routedir);
datainfo->route_dir=1-pstream->routedir;
memcpy(datainfo->smac,mac_addr->dst_mac,MAC_ADDR_LEN);
memcpy(datainfo->dmac,mac_addr->src_mac,MAC_ADDR_LEN);
}
//send wnd_pro_reply info
memcpy(datainfo->wnscal,pmeinfo->wnscal,KNI_DIR_DOUBLE*sizeof(unsigned char));
memcpy(datainfo->mss,pmeinfo->mss,KNI_DIR_DOUBLE*sizeof(unsigned short));
memcpy(&(datainfo->lastpkt_info),&(pmeinfo->lastpkt_info),KNI_DIR_DOUBLE*sizeof(struct kni_wndpro_reply_info));
MESA_htable_add(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),(void*)datainfo);
return 0;
}
/***************************************************************************************
return :state_flag
ssl:STAT_FLAG_SSL_NOBMD
not ssl:STAT_FLAG_NOTSSL
***************************************************************************************/
int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
{
int ssl_header_len=0;
char* ssl_header=NULL;
unsigned char content_type=0;
unsigned short version_in_header=0;
unsigned short len_in_header=0;
int ssl_body_len=0;
char* ssl_body=NULL;
unsigned char handshark_type=0;
unsigned int len_in_body=0;
unsigned short version_in_body=0;
unsigned char session_id_len=0;
unsigned short ciphersuite_len=0;
unsigned char compression_method_len=0;
int ssl_extention_len=0;
char* ssl_extention=NULL;
unsigned short extension_len_less=0;
unsigned short type_in_extension=0;
unsigned short len_in_extension=0;
//ssl header
ssl_header=tcp_data;
content_type=*(unsigned char*)&ssl_header[ssl_header_len];
if(content_type!=SSL_CONTENTTYPE_HANDSHAKE)
{
return KNI_FLAG_UNKNOW;
}
ssl_header_len+=1;
version_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len]));
if((version_in_header!=SSL_VERSION_TLS1_0)&&(version_in_header!=SSL_VERSION_TLS1_1)&&(version_in_header!=SSL_VERSION_TLS1_2))
{
return KNI_FLAG_UNKNOW;
}
ssl_header_len+=2;
len_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len]));
if(len_in_header!=tcp_datalen-SSL_HEADER_LEN)
{
return KNI_FLAG_UNKNOW;
}
ssl_header_len+=2;
//ssl body
ssl_body=ssl_header+ssl_header_len;
handshark_type=*(unsigned char*)&(ssl_body[ssl_body_len]);
if(handshark_type!=SSL_HANDSHAR_TYPE_CLIENTHELLO)
{
return KNI_FLAG_UNKNOW;
}
ssl_body_len+=1;
// memcpy(&len_in_body,&ssl_body[ssl_body_len],3);
len_in_body=*(unsigned char*)&ssl_body[ssl_body_len+2]+256*(*(unsigned char*)&ssl_body[ssl_body_len+1])+65536*(*(unsigned char*)&ssl_body[ssl_body_len]);
if(len_in_body!=(len_in_header-SSL_BODY_LEN))
{
return KNI_FLAG_UNKNOW;
}
ssl_body_len+=3;
version_in_body=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len]));
if((version_in_body!=SSL_VERSION_TLS1_0)&&(version_in_body!=SSL_VERSION_TLS1_1)&&(version_in_body!=SSL_VERSION_TLS1_2))
{
return KNI_FLAG_UNKNOW;
}
ssl_body_len+=2;
ssl_body_len+=32; //4byte time,28bytes random
session_id_len=*(unsigned char*)&(ssl_body[ssl_body_len]);
ssl_body_len+=1;
ssl_body_len+=session_id_len;
ciphersuite_len=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len]));
ssl_body_len+=2;
ssl_body_len+=ciphersuite_len;
compression_method_len=*(unsigned char*)&(ssl_body[ssl_body_len]);
ssl_body_len+=1;
ssl_body_len+=compression_method_len;
//ssl extention
ssl_extention=ssl_body+ssl_body_len;
extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2)
{
return KNI_FLAG_UNKNOW;
}
ssl_extention_len+=2;
while(ssl_extention_len<extension_len_less)
{
type_in_extension=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
ssl_extention_len+=2;
len_in_extension=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
ssl_extention_len+=2;
if(type_in_extension==SSL_EXTENSION_TYPE_SNI)
{
if(len_in_extension>KNI_SNI_MAXLEN)
{
//error
return KNI_FLAG_UNKNOW;
}
if(len_in_extension>KNI_DEFAULT_MTU)
{
len_in_extension=KNI_DEFAULT_MTU;
}
memcpy(sni,&ssl_extention[ssl_extention_len],len_in_extension);
*sni_len=len_in_extension;
return KNI_FLAG_SSL;
}
else
{
ssl_extention_len+=len_in_extension;
continue;
}
}
return KNI_FLAG_UNKNOW;
}
int kni_judge_http(const struct streaminfo *stream,char* domain,int* domain_len)
{
int val=1;
struct kni_http_project* host=(struct kni_http_project*)project_req_get_struct(stream,g_kni_comminfo.project_id);
if(host==NULL)
{
*domain_len=0;
return -1;
}
*domain_len=host->host_len>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:host->host_len;
memcpy(domain,host->host,*domain_len);
return val;
}
int kni_protocol_identify(const struct streaminfo* pstream,char* tcp_data,int tcp_datalen,char* domain,int* domain_len)
{
if(kni_judge_http(pstream,domain,domain_len)==1)
{
kni_filestate2_set(pstream->threadnum,FS2_COLUME_HTTP,0,1);
return KNI_FLAG_HTTP;
}
else if(kni_judge_ssl(tcp_data,tcp_datalen,domain,domain_len)==KNI_FLAG_SSL)
{
kni_filestate2_set(pstream->threadnum,FS2_COLUME_SSL,0,1);
return KNI_FLAG_SSL;
}
return KNI_FLAG_NOTPROC;
}
char kni_first_tcpdata(const struct streaminfo* pstream,const struct ip* ip_hdr,struct kni_pme_info* pmeinfo,char* data,int datalen)
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
int domain_len=0;
char domain[KNI_DEFAULT_MTU]={0};
int action=KNI_ACTION_NONE;
pmeinfo->status_flag=kni_protocol_identify(pstream,data,datalen,domain,&domain_len);
if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL))
{
action=kni_scan_domain(domain,domain_len,pstream->threadnum,pmeinfo->mid);
if(action==KNI_ACTION_WHITELIST)
{
kni_filestate2_set(pstream->threadnum,FS2_COLUME_WITELIST_DOMAIN,0,1);
kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"WHITE_LIST_DOMAIN",(char*)"BYPASS");
pmeinfo->status_flag=KNI_FLAG_NOTPROC;
return ret;
}
//20180803 add
else if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(action==KNI_ACTION_NONE)&&(pmeinfo->ip_not_hit))
{
kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"NOT_HIT",(char*)"BYPASS");
pmeinfo->status_flag=KNI_FLAG_NOTPROC;
return ret;
}
//end
if(tcp_repair_process(pstream,ip_hdr,pmeinfo,pmeinfo->status_flag)<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,"tcp_repair_process","tcp_repair_process() error!");
return ret;
}
kni_htable_add(pstream,ip_hdr,pmeinfo);
kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"INTERCEPT",(char*)"INTERCEPT");
ret=APP_STATE_DROPPKT|APP_STATE_GIVEME;
}
else
{
kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,NULL,(char*)"NOT_HTTP_SSL",(char*)"BYPASS");
}
return ret;
}
char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr,int protocol)
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
char* data=NULL;
int datalen=0;
int ipscan_action=0;
int iplen=ntohs(ip_hdr->ip_len);
struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl));
ipscan_action=kni_scan_ip((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo->mid);
if(ipscan_action==KNI_ACTION_WHITELIST)
{
kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,0,NULL,(char*)"WHITE_LIST_IP",(char*)"BYPASS");
kni_filestate2_set(thread_seq,FS2_COLUME_WITELIST_IP,0,1);
return ret;
}
else if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(ipscan_action==KNI_ACTION_NONE))
{
pmeinfo->ip_not_hit=1;
}
pmeinfo->status_flag=KNI_FLAG_UNKNOW;
data=kni_get_data(pstream,&datalen);
kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1]));
kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr);
#ifndef KNI_DEBUG_TCPREPAIR
if(datalen>0)
#endif
{
ret=kni_first_tcpdata(pstream,ip_hdr,pmeinfo,data,datalen);
if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL))
{
ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ip_hdr,iplen,(struct streaminfo*)pstream,thread_seq);
}
}
#ifndef KNI_DEBUG_TCPREPAIR
else
{
ret=APP_STATE_FAWPKT|APP_STATE_GIVEME;
}
#endif
return ret;
}
char kni_data_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr)
{
char ret=APP_STATE_DROPPKT|APP_STATE_GIVEME;
char* data=NULL;
int datalen=0;
int iplen=ntohs(ip_hdr->ip_len);
struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl));
data=kni_get_data(pstream,&datalen);
if(pmeinfo->status_flag==KNI_FLAG_UNKNOW)
{
if((tcphdr->th_flags&TH_SYN)&&(tcphdr->th_flags&TH_ACK))
{
kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1]));
}
kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr);
if(datalen>0)
{
ret=kni_first_tcpdata(pstream,ip_hdr,pmeinfo,data,datalen);
}
else
{
ret=APP_STATE_FAWPKT|APP_STATE_GIVEME;
}
}
if((pmeinfo->status_flag==KNI_FLAG_HTTP)||(pmeinfo->status_flag==KNI_FLAG_SSL))
{
ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ip_hdr,iplen,(struct streaminfo*)pstream,thread_seq);
}
return ret;
}
char kni_close_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr)
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
if(ip_hdr==NULL)
{
return ret;
}
ret=kni_data_opstate(pstream,pmeinfo,thread_seq,ip_hdr);
return ret|APP_STATE_DROPME;
}
extern "C" char kni_tcpall_entry(const struct streaminfo* pstream,void** pme,int thread_seq,const void* ip_hdr)
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
if((g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS)||(pstream->addr.addrtype==ADDR_TYPE_IPV6))
{
return ret;
}
kni_filestate2_set(thread_seq,FS2_COLUME_RECV,0,1);
switch(pstream->pktstate)
{
case OP_STATE_PENDING:
kni_init_pmeinfo(pme);
ret=kni_pending_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr,PROTO_TYPE_TCP);
break;
case OP_STATE_DATA:
ret=kni_data_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr);
break;
case OP_STATE_CLOSE:
ret=kni_close_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr);
break;
default:
break;
}
if((ret&APP_STATE_DROPME)&&(*pme!=NULL))
{
kni_free_pmeinfo(pme);
*pme=NULL;
}
return ret;
}
extern "C" char kni_http_entry(stSessionInfo* session_info, void **pme, int thread_seq,struct streaminfo *a_stream,const void *a_packet)
{
char ret=PROT_STATE_DROPME;
int host_len=session_info->buflen>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:session_info->buflen;
struct kni_http_project* host_info=(struct kni_http_project*)malloc(sizeof(struct kni_http_project));
host_info->host_len=host_len;
memcpy(host_info->host,session_info->buf,host_len);
project_req_add_struct(a_stream,g_kni_comminfo.project_id,host_info);
return ret;
}
void kni_free_project(int thread_seq, void *project_req_value)
{
free(project_req_value);
project_req_value=NULL;
return ;
}
int kni_read_cardname()
{
int offset=0;
char* token=NULL;
char buf[KNI_CONF_MAXLEN]={0};
int routdir=0;
FILE* fp=fopen("./conf/send_raw_pkt.conf","r");
if(fp==NULL)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","fopen ./conf/send_raw_pkt.conf err,errno:%d,%s",errno,strerror(errno));
return -1;
}
while(feof(fp)==0)
{
routdir=0;
memset(buf,0,KNI_CONF_MAXLEN);
if((fgets(buf,KNI_CONF_MAXLEN,fp)==NULL))
{
break;
}
if(buf[0]=='#')
{
continue;
}
token=strtok(buf,"\t, ");
offset=1;
while(token!=NULL)
{
switch(offset)
{
case KNI_OFFSET_ROUTDIR:
routdir=atoi(token);
if((routdir!=0)&&(routdir!=1))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","routdir :%d error",routdir);
return -1;
}
break;
case KNI_OFFSET_CARDNAME:
memcpy(g_kni_cardname[routdir],token,strlen(token));
break;
default:
break;
}
token=strtok(NULL,"\t, ");
offset++;
}
}
fclose(fp);
fp=NULL;
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","card name:%s,%s",g_kni_cardname[0],g_kni_cardname[1]);
return 0;
}
int init_profile_info()
{
//main.conf
// MESA_load_profile_int_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"thread_num",&(g_kni_comminfo.thread_num),1);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"pcapdevice",g_kni_comminfo.card_in,KNI_CONF_MAXLEN,"cap0");
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"pcapdevice2",g_kni_comminfo.card_out,KNI_CONF_MAXLEN,"cap1");
//kni.conf
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"replay_win_update",&(g_kni_switch_info.replay_win_update),1);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_work_mode",&(g_kni_switch_info.maat_default_mode),KNI_DEFAULT_MODE_INTERCEPT);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"tun_name",g_kni_comminfo.tun_name,KNI_CONF_MAXLEN,"tun0");
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"domain_path",g_kni_comminfo.domain_path,KNI_CONF_MAXLEN,"/home/server_unixsocket_file");
return 0;
}
int init_kni_stat_htable()
{
MESA_htable_create_args_t hash_frags;
memset(&hash_frags,0,sizeof(MESA_htable_create_args_t));
hash_frags.thread_safe=KNI_THREAD_SAFE;
hash_frags.recursive=1;
hash_frags.hash_slot_size=KNI_HTABLE_SIZE;
hash_frags.max_elem_num=KNI_HTABLE_MAXNUM;
hash_frags.eliminate_type=HASH_ELIMINATE_ALGO_FIFO;
hash_frags.expire_time=0;
hash_frags.key_comp=NULL;
hash_frags.key2index=NULL;
hash_frags.data_free=NULL;
hash_frags.data_expire_with_condition=NULL;
g_kni_structinfo.htable_to_tun_v4=MESA_htable_create(&hash_frags,sizeof(MESA_htable_create_args_t));
g_kni_structinfo.htable_to_tun_v6=MESA_htable_create(&hash_frags,sizeof(MESA_htable_create_args_t));
if((g_kni_structinfo.htable_to_tun_v4==NULL)||(g_kni_structinfo.htable_to_tun_v6==NULL))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"MESA_htable_create() error!action:%s",KNI_ACTION_EXIT);
return -1;
}
return 0;
}
int init_kni_runtimelog()
{
int logger_level;
char logger_filepath[KNI_CONF_MAXLEN]={0};
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_level",&logger_level,RLOG_LV_INFO);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_filepath",logger_filepath,KNI_CONF_MAXLEN,"./log/kni.log");
g_kni_comminfo.logger=MESA_create_runtime_log_handle(logger_filepath,logger_level);
if(g_kni_comminfo.logger==NULL)
{
printf("MESA_create_runtime_log_handle() error!exit...\n");
return -1;
}
return 0;
}
int init_kni_maat_info()
{
int ret = 0;
int maat_readconf_mode=0;
int redis_db_index=0;
int redis_port=0;
unsigned short redis_port_real=0;
char redis_ip[INET_ADDRSTRLEN]={0};
int scandir_interval=KNI_SCANDIR_INTERVAL;
int effect_interval=KNI_EFFECT_INTERVAL;
char table_info_path[KNI_CONF_MAXLEN]={0};
char stat_file_dir[KNI_CONF_MAXLEN]={0};
char full_cfg_dir[KNI_CONF_MAXLEN]={0};
char inc_cfg_dir[KNI_CONF_MAXLEN]={0};
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"maat_readconf_mode",&maat_readconf_mode,KNI_READCONF_IRIS);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"scandir_interval",&scandir_interval,KNI_SCANDIR_INTERVAL);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"effect_interval",&effect_interval,KNI_EFFECT_INTERVAL);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_db_index",&redis_db_index,0);
MESA_load_profile_int_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_port",(int*)&redis_port);
MESA_load_profile_string_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_server",redis_ip,INET_ADDRSTRLEN);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"table_info_path",table_info_path,KNI_CONF_MAXLEN,KNI_TABLEINFO_PATH);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"inc_cfg_dir",inc_cfg_dir,KNI_CONF_MAXLEN,KNI_INCCFG_FILEPATH);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"stat_file_path",stat_file_dir,KNI_CONF_MAXLEN,KNI_STAT_FILEPATH);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"full_cfg_dir",full_cfg_dir,KNI_CONF_MAXLEN,KNI_FULLCFG_FILEPATH);
g_kni_maatinfo.maat_feather=Maat_feather(g_iThreadNum,table_info_path,g_kni_comminfo.logger);
if(g_kni_maatinfo.maat_feather==NULL)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_feather() error!table_info_path:%s,action:%s",table_info_path,KNI_ACTION_EXIT);
return -1;
}
if(maat_readconf_mode==KNI_READCONF_JSON)
{
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_JSON_FILE_PATH, KNI_MAATJSON_FILEPATH,strlen(KNI_MAATJSON_FILEPATH));
}
else if(maat_readconf_mode==KNI_READCONF_IRIS)
{
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_FULL_CFG_DIR,full_cfg_dir,strlen(full_cfg_dir));
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_INC_CFG_DIR,inc_cfg_dir,strlen(inc_cfg_dir));
}
else if(maat_readconf_mode==KNI_READCONF_REDIS)
{
redis_port_real=(unsigned short)redis_port;
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_IP,(void*)redis_ip,strlen(redis_ip)+1);
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_PORT,(void*)&redis_port_real,sizeof(unsigned short));
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_INDEX,(void*)&redis_db_index,sizeof(int));
}
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_SCANDIR_INTERVAL_MS, (void*)&scandir_interval,sizeof(int));
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_EFFECT_INVERVAL_MS, (void*)&effect_interval,sizeof(int));
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_STAT_FILE_PATH,stat_file_dir,strlen(stat_file_dir));
ret=Maat_initiate_feather(g_kni_maatinfo.maat_feather);
if(ret<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_initiate_feather() error!action:%s",KNI_ACTION_EXIT);
return -1;
}
g_kni_maatinfo.tableid_ip=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_IP);
g_kni_maatinfo.tableid_domain=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_DOMAIN);
if((g_kni_maatinfo.tableid_ip<0)||(g_kni_maatinfo.tableid_domain<0))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_table_register() error!ip_tableid:%d,sni_tableid:%d,action:%s",g_kni_maatinfo.tableid_ip,g_kni_maatinfo.tableid_domain,KNI_ACTION_EXIT);
return -1;
}
return 0;
}
int init_kni_project()
{
g_kni_comminfo.project_id=project_producer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT,kni_free_project);
if(g_kni_comminfo.project_id<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_producer_register() error!project_id:%d",g_kni_comminfo.project_id);
return -1;
}
g_kni_comminfo.project_id=project_customer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT);
if(g_kni_comminfo.project_id<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_customer_register() error!project_id:%d",g_kni_comminfo.project_id);
return -1;
}
return 0;
}
int init_kni_sendpkt()
{
int i=0;
pthread_t pid_read_tun;
kni_read_cardname();
g_kni_comminfo.ipv4_fd=(int*)malloc(g_kni_comminfo.thread_num*sizeof(int));
for(i=0;i<g_kni_comminfo.thread_num;i++)
{
g_kni_comminfo.ipv4_fd[i]=socket(AF_PACKET,SOCK_RAW,htons(ETH_P_IP));
if(g_kni_comminfo.ipv4_fd[i]<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"ipv4_raw_socket error,i:%d,action:%s",i,KNI_ACTION_EXIT);
return -1;
}
g_kni_threadseq[i]=i;
pthread_create(&pid_read_tun,NULL,kni_read_tun,&(g_kni_threadseq[i]));
}
return 0;
}
extern "C" char kni_init()
{
int ret=0;
pthread_t pid_kni_filestat2;
inet_aton((const char *)&LOCAL_IP_ADDR,(struct in_addr*)&g_kni_comminfo.local_ip);
init_profile_info();
ret=init_kni_runtimelog();
if(ret < 0)
{
return -1;
}
ret = init_kni_project();
if(ret < 0)
{
return -1;
}
ret = init_kni_maat_info();
if(ret < 0)
{
return -1;
}
ret=init_kni_stat_htable();
if(ret<0)
{
return -1;
}
g_kni_structinfo.lqueue_for_domain=MESA_lqueue_create(KNI_THREAD_SAFE,KNI_LQUEUE_MAXNUM);
if(g_kni_structinfo.lqueue_for_domain==NULL)
{
printf("MESA_lqueue_create() error!\n");
return -1;
}
ret = init_kni_tun();
if(ret < 0)
{
return -1;
}
init_kni_domain();
ret = init_kni_sendpkt();
if(ret < 0)
{
return -1;
}
pthread_create(&pid_kni_filestat2,NULL,kni_filestat2,NULL);
if(g_kni_switch_info.maat_default_mode==0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"default work module is intercept");
}
else if(g_kni_switch_info.maat_default_mode==1)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"default work module is bypass");
}
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"kni init succ!");
return 0;
}
Reference in New Issue Copy Permalink