tango-kni/common/include/kni_cmsg.h

#pragma once

//#define KNI_CMSG_TLV_NR_MAX  64
struct kni_cmsg;
struct kni_cmsg_serialize_header;


enum kni_cmsg_errno{
	KNI_CMSG_INVALID_FORMAT = -1,
	KNI_CMSG_BUFF_NOT_ENOUGH = -2,
	KNI_CMSG_INVALID_TYPE = -3,
    KNI_CMSG_TYPE_UNSET = -4,
};

enum tfe_cmsg_tlv_type
{
    /* TCP restore information */
    TFE_CMSG_TCP_RESTORE_SEQ = 0x0,
    TFE_CMSG_TCP_RESTORE_ACK = 0x1,
    TFE_CMSG_TCP_RESTORE_MSS_CLIENT = 0x2,
    TFE_CMSG_TCP_RESTORE_MSS_SERVER = 0x3,
    TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT = 0x4,
    TFE_CMSG_TCP_RESTORE_WSACLE_SERVER = 0x5,
    TFE_CMSG_TCP_RESTORE_SACK_CLIENT = 0x6,
    TFE_CMSG_TCP_RESTORE_SACK_SERVER = 0x7,
    TFE_CMSG_TCP_RESTORE_TS_CLIENT = 0x8,
    TFE_CMSG_TCP_RESTORE_TS_SERVER = 0x9,
    TFE_CMSG_TCP_RESTORE_PROTOCOL = 0xa,
    TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT = 0xb,
    TFE_CMSG_TCP_RESTORE_WINDOW_SERVER = 0xc,
    TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR = 0xd, 
    TFE_CMSG_TCP_RESTORE_TS_CLIENT_VAL = 0xe,
    TFE_CMSG_TCP_RESTORE_TS_SERVER_VAL = 0xf,

    TFE_CMSG_POLICY_ID = 0x10, // size uint64_t
    TFE_CMSG_STREAM_TRACE_ID = 0x11,
    TFE_CMSG_TCP_OPTION_PROFILE_ID,  // size int
    TFE_CMSG_DECRYPTION_PROFILE_ID,  // size int
    TFE_CMSG_KEYRING_FOR_TRUSTED_ID, // size int
    TFE_CMSG_KEYRING_FOR_UNTRUSTED,  // size int

    TFE_CMSG_SSL_INTERCEPT_STATE,		//size uint64_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
	TFE_CMSG_SSL_UPSTREAM_LATENCY,		//size uint64_t, milisecond
	TFE_CMSG_SSL_DOWNSTREAM_LATENCY,	//size uint64_t, milisecond
	TFE_CMSG_SSL_UPSTREAM_VERSION,		//string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
	TFE_CMSG_SSL_DOWNSTREAM_VERSION,   
	TFE_CMSG_SSL_PINNING_STATE,			//size uint64_t, 0-not pinning 1-pinning 2-maybe pinning
	TFE_CMSG_SSL_CERT_VERIFY,   //uint16_t
	TFE_CMSG_SSL_ERROR,	  //string
    TFE_CMSG_SRC_MAC, 
    TFE_CMSG_DST_MAC,
    
    /* TCP option information */
    TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE,
    TFE_CMSG_DOWNSTREAM_TCP_MSS_VALUE,
    TFE_CMSG_DOWNSTREAM_TCP_NODELAY,
    TFE_CMSG_DOWNSTREAM_TCP_TTL,
    TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE,
    TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT, 
    TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE,
    TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, 
    TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT,

    TFE_CMSG_UPSTREAM_TCP_MSS_ENABLE,
    TFE_CMSG_UPSTREAM_TCP_MSS_VALUE,
    TFE_CMSG_UPSTREAM_TCP_NODELAY,
    TFE_CMSG_UPSTREAM_TCP_TTL,
    TFE_CMSG_UPSTREAM_TCP_KEEPALIVE,
    TFE_CMSG_UPSTREAM_TCP_KEEPCNT,
    TFE_CMSG_UPSTREAM_TCP_KEEPIDLE,
    TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, 
    TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT,

    TFE_CMSG_HIT_NO_INTERCEPT, // size uint8_t
    TFE_CMSG_TCP_PASSTHROUGH,
    TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING,

    // share session attribute
    TFE_CMSG_SRC_SUB_ID,              // string max size 256
    TFE_CMSG_DST_SUB_ID,              // string max size 256
    TFE_CMSG_SRC_ASN,                 // string max size 64
    TFE_CMSG_DST_ASN,                 // string max size 64
    TFE_CMSG_SRC_ORGANIZATION,        // string max size 256
    TFE_CMSG_DST_ORGANIZATION,        // string max size 256
    TFE_CMSG_SRC_IP_LOCATION_COUNTRY, // string max size 256
    TFE_CMSG_DST_IP_LOCATION_COUNTRY, // string max size 256
    TFE_CMSG_SRC_IP_LOCATION_PROVINE, // string max size 256
    TFE_CMSG_DST_IP_LOCATION_PROVINE, // string max size 256
    TFE_CMSG_SRC_IP_LOCATION_CITY,    // string max size 256
    TFE_CMSG_DST_IP_LOCATION_CITY,    // string max size 256
    TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION,
    TFE_CMSG_DST_IP_LOCATION_SUBDIVISION,
    //ja3 fingerprint
    TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT,
    //fqdn cat id 
    TFE_CMSG_FQDN_CAT_ID_NUM,                // uint32_t
    TFE_CMSG_FQDN_CAT_ID_VAL,                // string max size 8 * sizeof(uint32_t)
    //cmsg common_direction
    TFE_CMSG_COMMON_DIRECTION,
    TFE_CMSG_SSL_PASSTHROUGH_REASON,
    //cmsg tlv max
    KNI_CMSG_TLV_NR_MAX,
};

extern const char * tfe_cmsg_tlv_type_to_string[KNI_CMSG_TLV_NR_MAX];


struct kni_cmsg* kni_cmsg_init();
void kni_cmsg_destroy(struct kni_cmsg *cmsg);
int kni_cmsg_get(struct kni_cmsg *cmsg, uint16_t type, uint16_t *size, unsigned char **pvalue);
int kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size);
uint16_t kni_cmsg_serialize_size_get(struct kni_cmsg *cmsg);
int kni_cmsg_serialize(struct kni_cmsg *cmsg, unsigned char *buff, uint16_t bufflen, uint16_t *serialize_len);
int kni_cmsg_deserialize(const unsigned char *data, uint16_t len, struct kni_cmsg** pcmsg);

void tfe_cmsg_enum_to_string();
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00			`#pragma once`

1、修改knini_cmsg枚举 2、修改maat命不中sni的问题 2020-08-03 14:58:26 +08:00			`//#define KNI_CMSG_TLV_NR_MAX 64`
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00			`struct kni_cmsg;`
			`struct kni_cmsg_serialize_header;`


			`enum kni_cmsg_errno{`
			`KNI_CMSG_INVALID_FORMAT = -1,`
			`KNI_CMSG_BUFF_NOT_ENOUGH = -2,`
修复cmsg解析问题 2019-06-04 21:18:55 +08:00			`KNI_CMSG_INVALID_TYPE = -3,`
			`KNI_CMSG_TYPE_UNSET = -4,`
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00			`};`

			`enum tfe_cmsg_tlv_type`
			`{`
			`/* TCP restore information */`
			`TFE_CMSG_TCP_RESTORE_SEQ = 0x0,`
			`TFE_CMSG_TCP_RESTORE_ACK = 0x1,`
			`TFE_CMSG_TCP_RESTORE_MSS_CLIENT = 0x2,`
			`TFE_CMSG_TCP_RESTORE_MSS_SERVER = 0x3,`
			`TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT = 0x4,`
			`TFE_CMSG_TCP_RESTORE_WSACLE_SERVER = 0x5,`
			`TFE_CMSG_TCP_RESTORE_SACK_CLIENT = 0x6,`
			`TFE_CMSG_TCP_RESTORE_SACK_SERVER = 0x7,`
			`TFE_CMSG_TCP_RESTORE_TS_CLIENT = 0x8,`
			`TFE_CMSG_TCP_RESTORE_TS_SERVER = 0x9,`
			`TFE_CMSG_TCP_RESTORE_PROTOCOL = 0xa,`
cmsg中增加窗口大小 2019-06-05 15:42:46 +08:00			`TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT = 0xb,`
			`TFE_CMSG_TCP_RESTORE_WINDOW_SERVER = 0xc,`
1、增加kni对ssh协议的支持2、增加kni对流方向的识别信息 2020-04-07 11:19:52 +08:00			`TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR = 0xd,`
增加 cmsg 字段, KNI 发送 timestamp val 给 TFE 2021-04-20 14:17:38 +08:00			`TFE_CMSG_TCP_RESTORE_TS_CLIENT_VAL = 0xe,`
			`TFE_CMSG_TCP_RESTORE_TS_SERVER_VAL = 0xf,`
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00
feature:TSG-14915:kni适配新版本tfe cmsg修改 2023-04-28 18:03:22 +08:00			`TFE_CMSG_POLICY_ID = 0x10, // size uint64_t`
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00			`TFE_CMSG_STREAM_TRACE_ID = 0x11,`
feature:TSG-14915:kni适配新版本tfe cmsg修改 2023-04-28 18:03:22 +08:00			`TFE_CMSG_TCP_OPTION_PROFILE_ID, // size int`
			`TFE_CMSG_DECRYPTION_PROFILE_ID, // size int`
			`TFE_CMSG_KEYRING_FOR_TRUSTED_ID, // size int`
			`TFE_CMSG_KEYRING_FOR_UNTRUSTED, // size int`
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00
			`TFE_CMSG_SSL_INTERCEPT_STATE, //size uint64_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action`
			`TFE_CMSG_SSL_UPSTREAM_LATENCY, //size uint64_t, milisecond`
			`TFE_CMSG_SSL_DOWNSTREAM_LATENCY, //size uint64_t, milisecond`
			`TFE_CMSG_SSL_UPSTREAM_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown`
cmsg中增加窗口大小 2019-06-05 15:42:46 +08:00			`TFE_CMSG_SSL_DOWNSTREAM_VERSION,`
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00			`TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning`
cmsg中增加窗口大小 2019-06-05 15:42:46 +08:00			`TFE_CMSG_SSL_CERT_VERIFY, //uint16_t`
支持获取原始mac 2019-09-18 15:56:59 +08:00			`TFE_CMSG_SSL_ERROR, //string`
			`TFE_CMSG_SRC_MAC,`
			`TFE_CMSG_DST_MAC,`
1、增加proxy tcp option 功能 2、将kni_entry.cpp 拆分出来 kni_entry.h 2020-07-29 13:56:58 +08:00
			`/* TCP option information */`
feature:TSG-14915:kni适配新版本tfe cmsg修改 2023-04-28 18:03:22 +08:00			`TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE,`
			`TFE_CMSG_DOWNSTREAM_TCP_MSS_VALUE,`
			`TFE_CMSG_DOWNSTREAM_TCP_NODELAY,`
1、修改knini_cmsg枚举 2、修改maat命不中sni的问题 2020-08-03 14:58:26 +08:00			`TFE_CMSG_DOWNSTREAM_TCP_TTL,`
			`TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE,`
			`TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT,`
			`TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE,`
			`TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL,`
			`TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT,`
feature:TSG-14915:kni适配新版本tfe cmsg修改 2023-04-28 18:03:22 +08:00
			`TFE_CMSG_UPSTREAM_TCP_MSS_ENABLE,`
			`TFE_CMSG_UPSTREAM_TCP_MSS_VALUE,`
			`TFE_CMSG_UPSTREAM_TCP_NODELAY,`
			`TFE_CMSG_UPSTREAM_TCP_TTL,`
			`TFE_CMSG_UPSTREAM_TCP_KEEPALIVE,`
			`TFE_CMSG_UPSTREAM_TCP_KEEPCNT,`
1、修改knini_cmsg枚举 2、修改maat命不中sni的问题 2020-08-03 14:58:26 +08:00			`TFE_CMSG_UPSTREAM_TCP_KEEPIDLE,`
			`TFE_CMSG_UPSTREAM_TCP_KEEPINTVL,`
			`TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT,`
feature:TSG-14915:kni适配新版本tfe cmsg修改 2023-04-28 18:03:22 +08:00
			`TFE_CMSG_HIT_NO_INTERCEPT, // size uint8_t`
1、修改knini_cmsg枚举 2、修改maat命不中sni的问题 2020-08-03 14:58:26 +08:00			`TFE_CMSG_TCP_PASSTHROUGH,`
feature:TSG-14915:kni适配新版本tfe cmsg修改 2023-04-28 18:03:22 +08:00			`TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING,`
TSG-2846: 增加 kni 对共享tsg_master 扫描maat 结果给tfe的支持 2020-08-24 11:33:41 +08:00
			`// share session attribute`
			`TFE_CMSG_SRC_SUB_ID, // string max size 256`
			`TFE_CMSG_DST_SUB_ID, // string max size 256`
			`TFE_CMSG_SRC_ASN, // string max size 64`
			`TFE_CMSG_DST_ASN, // string max size 64`
			`TFE_CMSG_SRC_ORGANIZATION, // string max size 256`
			`TFE_CMSG_DST_ORGANIZATION, // string max size 256`
			`TFE_CMSG_SRC_IP_LOCATION_COUNTRY, // string max size 256`
			`TFE_CMSG_DST_IP_LOCATION_COUNTRY, // string max size 256`
			`TFE_CMSG_SRC_IP_LOCATION_PROVINE, // string max size 256`
			`TFE_CMSG_DST_IP_LOCATION_PROVINE, // string max size 256`
			`TFE_CMSG_SRC_IP_LOCATION_CITY, // string max size 256`
			`TFE_CMSG_DST_IP_LOCATION_CITY, // string max size 256`
feature:TSG-9539:kni新增cmsg字段支持4级或以上定位库 2022-02-08 16:14:10 +08:00			`TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION,`
			`TFE_CMSG_DST_IP_LOCATION_SUBDIVISION,`
1、将dynamic bypass 从tsg_entry.cpp 拆分出来 2、使用ja3信息代替chello信息做bypass ssl信息 3、增加获取ja3流标签，通过cmsg发送给tfe 4、增加dynamic bypass 配置文件开关 2020-09-22 18:16:19 +08:00			`//ja3 fingerprint`
			`TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT,`
1、修改fqdn cmsg 枚举名称 2、增加fs stat 输出格式配置项 2020-10-12 17:00:13 +08:00			`//fqdn cat id`
			`TFE_CMSG_FQDN_CAT_ID_NUM, // uint32_t`
			`TFE_CMSG_FQDN_CAT_ID_VAL, // string max size 8 * sizeof(uint32_t)`
增加传输common_direction 的cmsg 给tfe 2020-12-04 17:21:50 +08:00			`//cmsg common_direction`
			`TFE_CMSG_COMMON_DIRECTION,`
feature:TSG-9431:KNI发送安全日志时增加ssl_passthrough_reason字段 2022-01-18 16:31:32 +08:00			`TFE_CMSG_SSL_PASSTHROUGH_REASON,`
TSG-2846: 增加 kni 对共享tsg_master 扫描maat 结果给tfe的支持 2020-08-24 11:33:41 +08:00			`//cmsg tlv max`
1、修改knini_cmsg枚举 2、修改maat命不中sni的问题 2020-08-03 14:58:26 +08:00			`KNI_CMSG_TLV_NR_MAX,`
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00			`};`

1、删除tsg 相关头文件 2、增加cmsg 相关日志 2020-08-25 14:27:34 +08:00			`extern const char * tfe_cmsg_tlv_type_to_string[KNI_CMSG_TLV_NR_MAX];`

1、修改fqdn cmsg 枚举名称 2、增加fs stat 输出格式配置项 2020-10-12 17:00:13 +08:00
增加和tfe通信接口, 添加负载均衡功能等 2019-06-03 20:19:04 +08:00			`struct kni_cmsg* kni_cmsg_init();`
			`void kni_cmsg_destroy(struct kni_cmsg *cmsg);`
			`int kni_cmsg_get(struct kni_cmsg cmsg, uint16_t type, uint16_t size, unsigned char **pvalue);`
			`int kni_cmsg_set(struct kni_cmsg cmsg, uint16_t type, const unsigned char value, uint16_t size);`
			`uint16_t kni_cmsg_serialize_size_get(struct kni_cmsg *cmsg);`
			`int kni_cmsg_serialize(struct kni_cmsg cmsg, unsigned char buff, uint16_t bufflen, uint16_t *serialize_len);`
			`int kni_cmsg_deserialize(const unsigned char data, uint16_t len, struct kni_cmsg* pcmsg);`
1、删除tsg 相关头文件 2、增加cmsg 相关日志 2020-08-25 14:27:34 +08:00
			`void tfe_cmsg_enum_to_string();`