tango-kni/kni.h

#ifndef KNI_PROCESS_H
#define KNI_PROCESS_H

#ifndef TH_FIN
#define TH_FIN	0x01
#endif

#ifndef TH_SYN
#define TH_SYN	0x02
#endif

#ifndef TH_RST
#define TH_RST	0x04
#endif

#ifndef TH_PUSH
#define TH_PUSH	0x08
#endif

#ifndef TH_ACK
#define TH_ACK	0x10
#endif

#ifndef TH_URG
#define TH_URG	0x20
#endif

//#define KNI_DEBUG_TCPREPAIR				1
//#define KNI_DEBUG_KEEPALIVE					1


#define KNI_MAX_THREADNUM			64

#define KNI_ETHER_LEN				14
#define TCPHDR_DEFAULT_LEN			20

#define KNI_DEFAULT_MTU				1500

#define LOCAL_IP_ADDR   			"192.168.100.1"

#define KNI_MAX_BUFLEN				1500

//fds index
#define KNI_FDS_NUM						3
#define KNI_FDS_INDEX_CLIENT			0
#define KNI_FDS_INDEX_SERVER			1
#define KNI_FDS_INDEX_PROTOCOL			2

//work module
#define KNI_MODE_WORK					0
#define KNI_MODE_BYPASS					1


//runtime log
#define KNI_MODULE_INIT			"kni_init"
#define KNI_MODULE_READTUN		"kni_read_tun"
#define KNI_MODULE_SENDPKT		"kni_sendpkt"
#define KNI_MODULE_WRITETUN		"kni_write_tun"
#define KNI_MODULE_IPENTRY		"kni_process"
#define KNI_MODULE_INFO			"kni_info"
#define KNI_MODULE_DEBUG		"kni_debug"
#define KNI_MODULE_SENDFD		"send_fds"
#define KNI_ACTION_EXIT			"exit..."

//init profile info
#define KNI_CONF_MAXLEN			1024
#define KNI_CONF_FILENAME		"./kniconf/kni.conf"
#define KNI_CONF_MODE			"Module"
#define KNI_CONF_FILENAME_MAIN	"./conf/main.conf"

#define KNI_OFFSET_ROUTDIR		1
#define KNI_OFFSET_CARDNAME		3
#define KNI_CARD_NUM			2

#define PROTO_TYPE_TCP				6
#define PROTO_TYPE_UDP				17

#define KNI_DEFAULT_WINSCLE			0
#define KNI_DEFAULT_MSS				1460

//maat
#define KNI_ACTION_NONE					0x00
#define KNI_ACTION_REJECT				0x10
#define KNI_ACTION_DROP					0x20
#define KNI_ACTION_REDIRECT				0x30
#define KNI_ACTION_RATELIMIT			0x40
#define KNI_ACTION_REPLACE				0x50
#define KNI_ACTION_LOOP					0x60
#define KNI_ACTION_WHITELIST			0x80

#define KNI_MAX_SAMENUM					50
#define KNI_TABLENAME_AREA				"USER_AREA"
#define KNI_TABLENAME_IP				"WHITE_LIST_IP"
#define KNI_TABLENAME_DOMAIN			"WHITE_LIST_DOMAIN"


#define KNI_READCONF_IRIS			0
#define KNI_READCONF_JSON			1
#define KNI_READCONF_REDIS			2
#define KNI_SCANDIR_INTERVAL		1000
#define KNI_EFFECT_INTERVAL			60000
#define KNI_MAATJSON_FILEPATH		"./kniconf/maat_test.json"
#define KNI_TABLEINFO_PATH			"./kniconf/maat_table_info.conf"
#define KNI_FULLCFG_FILEPATH		"/home/config/full/index"
#define KNI_INCCFG_FILEPATH			"/home/config/inc/index"
#define KNI_STAT_FILEPATH			"./log/kni_maat_stat"


//lqueue info
#define KNI_THREAD_SAFE			1
#define KNI_USLEEP_TIME			10
#define KNI_LQUEUE_MAXNUM		100000	


//htable_info
#define KNI_HTABLE_SIZE			1024*1024
#define KNI_HTABLE_MAXNUM		100000
#define KNI_HTABLE_EXPIRE_TIME	60*60*24


//ssl info
#define KNI_SSL_PORT					443
#define KNI_SNI_MAXLEN					65535	

#define SSL_HEADER_LEN					5
#define SSL_CONTENTTYPE_HANDSHAKE		0x16
#define SSL_VERSION_TLS1_0				0x0301
#define SSL_VERSION_TLS1_1				0x0302
#define SSL_VERSION_TLS1_2				0x0303

#define SSL_BODY_LEN					4
#define SSL_HANDSHAR_TYPE_CLIENTHELLO	0x01

#define SSL_EXTENSION_TYPE_SNI			0x0

#define KNI_MACADDR_LEN					6

#define KNI_TLV_TYPE_PRO				0x01
#define KNI_TLV_VALUE_HTTP				0x01
#define KNI_TLV_VALUE_SSL				0x02


//tcp opt type
#define KNI_TCPOPT_MSS				2
#define KNI_TCPOPT_WINSCALE			3
#define KNI_TCPOPT_SACKOK			4
#define KNI_TCPOPT_TIMESTAMP		8

#define KNI_DIR_DOUBLE		2
#define KNI_DIR_C2S			0
#define KNI_DIR_S2C			1

#define KNI_TCPREPAIR_OPT_NUM			4

#define KNI_PROJECT_NAME		"protocol_tag"

#define KNI_DEFAULT_MODE_INTERCEPT		0
#define KNI_DEFAULT_MODE_BYPASS			1

//filestate2
#define FS2_COLUMN_NUM					9
#define FS2_APPNAME						"KNI"


enum kni_FS_COLUME
{
	FS2_COLUME_RECV=0,
	FS2_COLUME_WRITE,
	FS2_COLUME_READ,	
	FS2_COLUME_SEND,
	FS2_COLUME_WITELIST_IP,
	FS2_COLUME_WITELIST_DOMAIN,
	FS2_COLUME_HTTP,
	FS2_COLUME_SSL,
	FS2_COLUME_DROPPKT,
};


enum kni_flag
{
	KNI_FLAG_UNKNOW=0,
	KNI_FLAG_HTTP,
	KNI_FLAG_SSL,	
	KNI_FLAG_OUTUSER,
	KNI_FLAG_IPBMD,
	KNI_FLAG_SNIBMD,
	KNI_FLAG_DROP,
	KNI_FLAG_NOTPROC,
};


struct kni_switch_info
{
	int maat_default_mode;		//0:INTERCEPT 1:BYPASS
	int replay_win_update;		//0:not replay;1:replay
};

struct kni_http_project
{
	int host_len;
	char host[KNI_DEFAULT_MTU];

};


//htable_data_info ipv6
struct datainfo_to_tun
{
	int state_flag;											
	int route_dir;
	unsigned int mss;
	unsigned char smac[KNI_MACADDR_LEN];
	unsigned char dmac[KNI_MACADDR_LEN];
};

struct args_to_tun
{
	void* a_packet;							//[IN] set fs's tcp_state 
	char* tcpdata;							//[IN] judge ssl and get sni
	int tcpdata_len;						//[IN] judge ssl and get sni
	int thread_seq;							//[IN] arg
	int routdir;							//[IN] add datainfo
	int iprevers;
};


//global variable
//comm
struct kni_var_comm
{
	int project_id;
	int kni_mode_cur;			//0:work	1:bypass
	int thread_num;
	int fd_domain;
	unsigned int local_ip;
	char tun_name[KNI_CONF_MAXLEN];
	char domain_path[KNI_CONF_MAXLEN];
	char card_in[KNI_CONF_MAXLEN];
	char card_out[KNI_CONF_MAXLEN];
	int* fd_tun;
	void* logger;
	int* ipv4_fd;
};

//htable and lqueue
struct kni_var_struct
{
	MESA_htable_handle htable_to_tun_v4;
	MESA_htable_handle htable_to_tun_v6;
	MESA_htable_handle htable_to_io_v6;
	MESA_lqueue_head lqueue_for_domain;
};

//maat
struct kni_var_maat
{
	Maat_feather_t maat_feather;
	short tableid_ip;
	short tableid_area;
	short tableid_domain;
};

//field stat2
struct kni_fs2_info
{
	screen_stat_handle_t handler;
	int column_id[FS2_COLUMN_NUM];
	unsigned long long column_value_pkt[KNI_MAX_THREADNUM][FS2_COLUMN_NUM];
	unsigned long long column_value_bytes[KNI_MAX_THREADNUM][FS2_COLUMN_NUM];
};

struct kni_tlv_info
{
	char type;
	short len;
	char value;
};


struct kni_ipv6_hdr
{
	unsigned char ip6_flags[4];
	unsigned int ip6_payload_len;
	unsigned char ip6_nex_hdr;
	unsigned char ip6_hop;
	struct in6_addr ip6_src;
	struct in6_addr ip6_dst;
};

struct kni_tcp_hdr
{
	unsigned short th_sport;
	unsigned short th_dport;
	unsigned int th_seq;
	unsigned int th_ack;
#  if __BYTE_ORDER == __LITTLE_ENDIAN
	unsigned char th_x2:4,
			th_off:4;
#  elif __BYTE_ORDER == __BIG_ENDIAN
	unsigned char th_off:4,
			th_x2:4;
#  else
#   error "Adjust your <bits/endian.h> defines"
#  endif
	unsigned char th_flags;
	unsigned short th_win;
	unsigned short thsum;
	unsigned short th_urp;
};

struct kni_tcp_opt_format
{
	char type;
	char len;
	char content[32];
};

struct common_tcp_opt
{
	unsigned char sack_ok;
	unsigned char wnscale;
	unsigned short mss;				//host order
	unsigned int timestamp;
	
};

struct kni_wndpro_reply_info
{
	unsigned int seq;							//host order
	unsigned int ack;							//host order
	unsigned int syn_flag;						
	unsigned int len;							//tcp payload len:host order
	unsigned short wndsize;	 					//host order
	unsigned short ipid;						//host order		
	unsigned char ttl;							//host order
};


struct kni_pme_info
{
	unsigned int ip_not_hit;
	unsigned short status_flag;
	unsigned short mss[KNI_DIR_DOUBLE];							//host order
	unsigned char wnscal[KNI_DIR_DOUBLE];						//host order
	unsigned char sack[KNI_DIR_DOUBLE];
	unsigned char timestamps[KNI_DIR_DOUBLE];
	struct kni_wndpro_reply_info lastpkt_info[KNI_DIR_DOUBLE]; 			//for add htable
	scan_status_t mid;											//for maat
};

//htable_data_info ipv4
struct kni_htable_datainfo
{
//for sendpkt
	int route_dir;
	unsigned char smac[KNI_MACADDR_LEN];
	unsigned char dmac[KNI_MACADDR_LEN];
//send wnd pro reply
	int wndpro_flag[KNI_DIR_DOUBLE];
	unsigned short wnscal[KNI_DIR_DOUBLE];						//host order
	unsigned short mss[KNI_DIR_DOUBLE];							//host order
	struct kni_wndpro_reply_info lastpkt_info[KNI_DIR_DOUBLE]; 
};



//set tcp repair info
struct kni_tcp_state
{
	unsigned int src_ip;
	unsigned int dst_ip;
	unsigned short sport;
	unsigned short dport;
	unsigned int seq;
	unsigned int ack;
	unsigned short win;
	unsigned short mss_src;
	unsigned short mss_dst;
	unsigned char wscale_src;
	unsigned char wscale_dst;
	unsigned char sack_src;
	unsigned char sack_dst;
	unsigned char timestamps_src;
	unsigned char timestamps_dst;
};

struct args_read_tun
{
	int thread_seq;								//in
	int iprevers;								//in
	int iplen;									//in
	int routdir;								//out
	char* a_packet;								//in
	unsigned char smac[KNI_MACADDR_LEN];		//out
	unsigned char dmac[KNI_MACADDR_LEN];		//ouit
};


/*
#ifndef TCP_REPAIR_WINDOW
#define TCP_REPAIR_WINDOW       29
#endif

struct tcp_repair_window {
        __u32   snd_wl1;
        __u32   snd_wnd;
        __u32   max_window;

        __u32   rcv_wnd;
        __u32   rcv_wup;
};
*/


#endif