diff --git a/Makefile b/Makefile index 422db9f..67132d4 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,6 @@ -#CC = gcc CC = g++ CFLAGS = -g -Wall -fPIC -shared -OBJECTS = kni.o libforge_socket.o +OBJECTS = kni_entry.o kni_comm.o kni_connect.o kni_repair.o TARGET = kni.so INCS = -I./inc @@ -21,8 +20,10 @@ $(TARGET):$(OBJECTS) $(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) $(LD_DICTATOR) # $(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) -Wl,--whole-archive $(WHOLE_MODULES) -wL,--NO-WHOLE-ARCHIVE $(LD_DICTATOR) -kni.o:kni.c -libforge_socket.o:libforge_socket.c +kni_entry.o:kni_entry.c +kni_comm.o:kni_comm.c +kni_connect.o:kni_connect.c +kni_repair.o:kni_repair.c clean: rm -f $(TARGET) $(OBJECTS) diff --git a/kni.c b/kni.c deleted file mode 100644 index ee2d0fa..0000000 --- a/kni.c +++ /dev/null @@ -1,2259 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "forge_socket.h" -#include "stream.h" -#include "MESA_prof_load.h" -#include "MESA_handle_logger.h" -#include "MESA_htable.h" -#include "MESA_list_queue.h" -#include "Maat_rule.h" -#include "field_stat2.h" -#include "kni.h" - - -int g_kni_version_VERSION_20180809_info_log_select; - -struct kni_var_comm g_kni_comminfo; -struct kni_var_struct g_kni_structinfo; -struct kni_var_maat g_kni_maatinfo; -struct kni_fs2_info g_kni_fs2_info; -struct kni_switch_info g_kni_switch_info; - -char g_kni_cardname[KNI_CARD_NUM][KNI_CONF_MAXLEN]; -int g_kni_threadseq[KNI_MAX_THREADNUM]; -const char *g_kni_fs2_name[FS2_COLUMN_NUM] ={"RECV_PKTS","WRITE_PKTS","READ_PKTS","SEND_PKTS","BMD_IP","BMD_DOMAIN","HTTP_PKTS","SSL_PKTS","DROP_PKTS"}; - -extern int g_iThreadNum; - -extern "C" int sendpacket_do_checksum(unsigned char* buf,int protocol,int len); -extern "C" int sendpacket_build_ethernet(unsigned char* dst,unsigned char* src,unsigned short type,const unsigned char* payload,int payload_s,unsigned char* buf); -extern "C" unsigned char MESA_dir_reverse(unsigned char route_dir); - - - - -/******************************************************************************************************************** -name: -function: -return: -*********************************************************************************************************************/ - -int kni_info_log_v4(char* module,struct stream_tuple4_v4* addr,unsigned short protocol,char* domain,char* scan_result,char* action) -{ - unsigned short sport=0; - unsigned short dport=0; - char saddr_v4[INET_ADDRSTRLEN]={0}; - char daddr_v4[INET_ADDRSTRLEN]={0}; - - sport=ntohs(addr->source); - dport=ntohs(addr->dest); - inet_ntop(AF_INET, (void *)&(addr->saddr), saddr_v4, INET_ADDRSTRLEN); - inet_ntop(AF_INET, (void *)&(addr->daddr), daddr_v4, INET_ADDRSTRLEN); - - if(protocol==KNI_FLAG_HTTP) - { - MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,%s,domain:%s,%s,%s",saddr_v4,sport,daddr_v4,dport,"HTTP",domain,scan_result,action); - } - else if(protocol==KNI_FLAG_SSL) - { - MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,%s,domain:%s,%s,%s",saddr_v4,sport,daddr_v4,dport,"SSL",domain+5,scan_result,action); - } - else - { - MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,domain:%s,%s,%s",saddr_v4,sport,daddr_v4,dport,domain,scan_result,action); - } - - - return 0; - -} - - -/******************************************************************************************************************** -name: -function: -return: -*********************************************************************************************************************/ - -int kni_debug_info_v4(int level,char* module,struct ip* a_packet,char* content) -{ - - struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(a_packet->ip_hl)); - - unsigned short sport=0; - unsigned short dport=0; - char saddr_v4[INET_ADDRSTRLEN]={0}; - char daddr_v4[INET_ADDRSTRLEN]={0}; - - sport=ntohs(tcphdr->source); - dport=ntohs(tcphdr->dest); - inet_ntop(AF_INET, (void *)&((a_packet->ip_src).s_addr), saddr_v4, INET_ADDRSTRLEN); - inet_ntop(AF_INET, (void *)&((a_packet->ip_dst).s_addr), daddr_v4, INET_ADDRSTRLEN); - - MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"addr:%s,%d,%s,%d %s",saddr_v4,sport,daddr_v4,dport,content); - - return 0; - -} - - -int kni_set_filestate2(int thread_seq,int colum_index,int bytes,int pktnum) -{ - g_kni_fs2_info.column_value_pkt[thread_seq][colum_index]+=pktnum; - g_kni_fs2_info.column_value_bytes[thread_seq][colum_index]+=bytes; - - return 0; - -} - -int kni_filestate2_init() -{ - int i=0; -// int j=0; - int value=1; - unsigned int fs2_sport=0; - char fs2_filename[KNI_MAX_BUFLEN]={0}; - char fs2_sip[KNI_MAX_BUFLEN]={0}; - - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_filename",fs2_filename,KNI_MAX_BUFLEN,(char*)"./log/kni_fs2.log"); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_sip",fs2_sip,KNI_MAX_BUFLEN,(char*)"0.0.0.0"); - MESA_load_profile_uint_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_sport",(unsigned int*)&fs2_sport,0); - - g_kni_fs2_info.handler=FS_create_handle(); - - FS_set_para(g_kni_fs2_info.handler, OUTPUT_DEVICE,fs2_filename, strlen(fs2_filename)+1); - FS_set_para(g_kni_fs2_info.handler, PRINT_MODE, &value, sizeof(value)); - FS_set_para(g_kni_fs2_info.handler, STAT_CYCLE, &value, sizeof(value)); - FS_set_para(g_kni_fs2_info.handler, CREATE_THREAD, &value, sizeof(value)); - FS_set_para(g_kni_fs2_info.handler, APP_NAME, FS2_APPNAME, strlen(FS2_APPNAME)+1); - - if(fs2_sport!=0) - { - FS_set_para(g_kni_fs2_info.handler, STATS_SERVER_IP, fs2_sip, strlen(fs2_sip)+1); - FS_set_para(g_kni_fs2_info.handler, STATS_SERVER_PORT,&fs2_sport,sizeof(int)); - } - - for(i=0;iip_hl)); - - sport=ntohs(tcphdr->source); - dport=ntohs(tcphdr->dest); - - if((sportip_src).s_addr)ip_dst).s_addr)))) - { - reverse_flag=1; - } - - if(reverse_flag==1) - { - ipaddr->saddr=(iphdr->ip_dst).s_addr; - ipaddr->daddr=(iphdr->ip_src).s_addr; - ipaddr->source=tcphdr->dest; - ipaddr->dest=tcphdr->source; - } - else - { - ipaddr->saddr=(iphdr->ip_src).s_addr; - ipaddr->daddr=(iphdr->ip_dst).s_addr; - ipaddr->source=tcphdr->source; - ipaddr->dest=tcphdr->dest; - } - - - return reverse_flag; -} - - - -/**************************************************************************** -if(sportsource); - dport=ntohs(tcphdr->dest); - - if(sportsaddr,ipv6_hdr->ip6_dst.s6_addr32,IPV6_ADDR_LEN); - memcpy(ipaddr->daddr,ipv6_hdr->ip6_src.s6_addr32,IPV6_ADDR_LEN); - ipaddr->source=tcphdr->dest; - ipaddr->dest=tcphdr->source; - } - else - { - memcpy(ipaddr->saddr,ipv6_hdr->ip6_src.s6_addr32,IPV6_ADDR_LEN); - memcpy(ipaddr->daddr,ipv6_hdr->ip6_dst.s6_addr32,IPV6_ADDR_LEN); - ipaddr->source=tcphdr->source; - ipaddr->dest=tcphdr->dest; - } - - - return reverse_flag; -} - - - -static int kni_send_fds(int socket, int *fds, int n,int protocol) -{ - int flags=MSG_NOSIGNAL; - struct msghdr msg = {0}; - struct cmsghdr *cmsg; - char buf[CMSG_SPACE(n * sizeof(int))], dup[256]={0}; - memset(buf, 0, sizeof(buf)); -// struct iovec io = { .iov_base = &dup, .iov_len = sizeof(struct kni_tlv_info) }; - struct iovec io = { .iov_base = &dup, .iov_len = sizeof(dup) }; - - -//tlv info - struct kni_tlv_info tlv_info; - tlv_info.type=KNI_TLV_TYPE_PRO; - tlv_info.len=0x0001; - tlv_info.value=protocol; - memcpy(dup,&tlv_info,sizeof(struct kni_tlv_info)); -//end - - msg.msg_iov = &io; - msg.msg_iovlen = 1; - msg.msg_control = buf; - msg.msg_controllen = sizeof(buf); - - cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_SOCKET; - cmsg->cmsg_type = SCM_RIGHTS; - cmsg->cmsg_len = CMSG_LEN(n * sizeof(int)); - - memcpy ((int *) CMSG_DATA(cmsg), fds, n * sizeof (int)); - - // if (sendmsg (socket, &msg, 0) < 0) - if (sendmsg (socket, &msg, flags) < 0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_send_fds","sendmsg()error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - return 0; -} - -int tun_set_queue(int fd, int enable) - { - struct ifreq ifr; - - memset(&ifr, 0, sizeof(ifr)); - - if (enable) - ifr.ifr_flags = IFF_ATTACH_QUEUE; - else - ifr.ifr_flags = IFF_DETACH_QUEUE; - - return ioctl(fd, TUNSETQUEUE, (void *)&ifr); - } - -int tun_error(int i,int* fds) -{ - - for (--i; i >= 0; i--) - { - close(fds[i]); - } - - return 0; -} - - -/* Flags: IFF_TUN - TUN device (no Ethernet headers) - * IFF_TAP - TAP device - * - * IFF_NO_PI - Do not provide packet information - * IFF_MULTI_QUEUE - Create a queue of multiqueue device - */ -int tun_alloc_mq(char *dev, int queues, int *fds) -{ - int i=0; - int err=0; - int fd; - int flag=0; - struct ifreq ifr; - - - char *clonedev = (char*)"/dev/net/tun"; - - memset(&ifr, 0, sizeof(ifr)); - ifr.ifr_flags = IFF_TUN | IFF_NO_PI | IFF_MULTI_QUEUE; - if (*dev) - { - strncpy(ifr.ifr_name, dev, IFNAMSIZ); - } - - for (i = 0; i < queues; i++) - { - if ((fd = open(clonedev, O_RDWR)) < 0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"tun_alloc_mq():open error,errno is:%d,%s,action:%s",errno,strerror(errno),KNI_ACTION_EXIT); - tun_error(i,fds); - return -1; - } - err = ioctl(fd, TUNSETIFF, (void *)&ifr); - if (err) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"tun_alloc_mq():ioctl error,errno is:%d,%s,action:%s",errno,strerror(errno),KNI_ACTION_EXIT); - close(fd); - tun_error(i,fds); - return -1; - } - -//20180618 add set noblock - flag= fcntl(fd, F_GETFL, 0); - if(flag<0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"fcntl():getfl error,errno is:%d,%s",errno,strerror(errno)); - } - - if( fcntl( fd, F_SETFL, flag|O_NONBLOCK ) < 0 ) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"fcntl():setfl error,errno is:%d,%s",errno,strerror(errno)); - } - -//end - - fds[i] = fd; - } - return 0; -} - - - - -/******************************************************************************************************************** - * name: - * function: - * args: - * return: - * *********************************************************************************************************************/ -int tun_read_data(int fd,char* recv_buf,int max_buflen) -{ - int recv_len=0; - - int ret=0; - int max_fd = 0; - fd_set alive_readfd; - - FD_ZERO(&alive_readfd); - FD_SET(fd, &alive_readfd); - max_fd = fd; - - ret = select(max_fd + 1, &alive_readfd, NULL, NULL, NULL); - if (ret <= 0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL, "keep_alive_action function", "select function errno %d is %s!", errno, strerror(errno)); - return 0; - } - - recv_len = read(fd, recv_buf, KNI_MAX_BUFLEN); - if(recv_len <0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_WRITETUN,"tun_read_data error %d, %s\n",errno,strerror(errno)); - return -1; - } - else - { - return recv_len; - } - - return 0; -} - -/******************************************************************************************************************** -name: -function: -return: -*********************************************************************************************************************/ -char tun_write_data(int fd,char* send_buf,int send_buflen,struct streaminfo* pstream,int thread_seq) -{ - - - char ret=APP_STATE_DROPPKT|APP_STATE_GIVEME; - int succ_sendlen=0; - - succ_sendlen = write(fd, send_buf,send_buflen); - if((succ_sendlen<0)&&(pstream!=NULL)) - { - kni_set_filestate2(thread_seq,FS2_COLUME_DROPPKT,0,1); - MESA_kill_tcp(pstream,(const void*)send_buf); - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_WRITETUN,"write() error %d, %s",errno,strerror(errno)); - ret=APP_STATE_DROPPKT|APP_STATE_DROPME; - } - else if(succ_sendlenip_hl)); - struct kni_wndpro_reply_info* tcpinfo=&(datainfo->lastpkt_info[index]); - - struct ip* snd_iphdr=NULL; - struct tcphdr* snd_tcphdr=NULL; - char* sendbuf=(char*)malloc(iplen); - memcpy(sendbuf,a_packet,iplen); - - snd_iphdr=(struct ip*)sendbuf; - snd_tcphdr=(struct tcphdr*)((char*)snd_iphdr+4*(snd_iphdr->ip_hl)); - - (snd_iphdr->ip_src).s_addr=(iphdr->ip_dst).s_addr; - (snd_iphdr->ip_dst).s_addr=(iphdr->ip_src).s_addr; -// snd_iphdr->ip_id=ipid; -// snd_iphdr->ip_id=htons(datainfo->lastpkt_info[index].ipid+1); -// snd_iphdr->ip_ttl=datainfo->lastpkt_info[index].ttl; - - snd_tcphdr->source=tcphdr->dest; - snd_tcphdr->dest=tcphdr->source; - snd_tcphdr->seq=htonl(tcpinfo->seq+tcpinfo->len); - snd_tcphdr->ack_seq=htonl(tcpinfo->ack); - - - if(tcpinfo->syn_flag==1) - { - snd_tcphdr->seq=htonl(ntohl(snd_tcphdr->seq)+1); - } -/* - if(iprever_flag==0) - { - snd_iphdr->ip_id=ipid; - snd_tcphdr->window=htons((win>>win_scale)+1); - } -*/ - sendpacket_do_checksum((unsigned char*)sendbuf,IPPROTO_TCP,(iplen-4*(iphdr->ip_hl))); - sendpacket_do_checksum((unsigned char*)sendbuf,IPPROTO_IP,sizeof(struct ip)); - - tun_write_data(g_kni_comminfo.fd_tun[thread_seq],sendbuf,iplen,NULL,thread_seq); - - kni_debug_info_v4(RLOG_LV_DEBUG,(char*)"win_update",(struct ip*)a_packet,(char*)"recv tcp_repair windows update,and replay"); - - free(sendbuf); - sendbuf=NULL; - - datainfo->wndpro_flag[index]=1; - - - return 1; - - -} - - -long kni_readtun_htable_cb_v4(void* data,const unsigned char* key,unsigned int size,void* user_arg) -{ - long result=0; - struct stream_tuple4_v4* ipv4_addr=(struct stream_tuple4_v4*)key; - struct args_read_tun* args=(struct args_read_tun*)user_arg; - struct kni_htable_datainfo* datainfo=(struct kni_htable_datainfo*)data; - - if(datainfo!=NULL) - { - memcpy(args->smac,datainfo->smac,KNI_MACADDR_LEN); - memcpy(args->dmac,datainfo->dmac,KNI_MACADDR_LEN); - if(args->iprevers==0) - { - args->routdir=datainfo->route_dir; - } - else - { -// args->routdir=MESA_dir_reverse(datainfo->route_dir); - args->routdir=1-datainfo->route_dir; - - } - - if(datainfo->wndpro_flag[1-args->iprevers]>0) - { - result=1; - } - else - { - kni_keepalive_replay(ipv4_addr,args->iprevers,datainfo,args->a_packet,args->iplen,args->thread_seq); - result=1; - } - - - - } -#ifdef KNI_DEBUG_TCPREPAIR - else if(ipv4_addr->saddr==1698867392) - { - printf("sip is 192.168.66.101\n"); - args->smac[0]=0x18; - args->smac[1]=0x66; - args->smac[2]=0xda; - args->smac[3]=0xe5; - args->smac[4]=0xfa; - args->smac[5]=0xa1; - - args->dmac[0]=0xe8; - args->dmac[1]=0x61; - args->dmac[2]=0x1f; - args->dmac[3]=0x13; - args->dmac[4]=0x70; - args->dmac[5]=0x7a; - result=1; - } - else - { - kni_debug_info_v4(RLOG_LV_INFO,"htable_cb",(struct ip*)args->a_packet,(char*)"read_tun,data=NULL,sip not 192.168.66.101"); - - } -#endif - return result; -} - - - - -int init_domain_fd() -{ - - int i_fd = 0; - struct sockaddr_un addr; - int i_addr_len = sizeof( struct sockaddr_un ); - - if ( ( i_fd = socket( AF_UNIX, SOCK_STREAM, 0 ) ) < 0 ) -// if ( ( i_fd = socket( AF_UNIX, SOCK_DGRAM, 0 ) ) < 0 ) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():socket error,errno is %d,%s,,action:%s",errno,strerror(errno),KNI_ACTION_EXIT); - return -1; - } - -//fill socket adress structure with server's address - memset( &addr, 0, sizeof( addr ) ); - addr.sun_family = AF_UNIX; -// strncpy( addr.sun_path, serverpath, sizeof( addr.sun_path ) - 1 ); - strncpy( addr.sun_path, g_kni_comminfo.domain_path, sizeof( addr.sun_path ) - 1 ); - - - if ( connect( i_fd, ( struct sockaddr * )&addr, i_addr_len ) < 0 ) - { - close(i_fd); - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():connect error,errno is %d,%s,action:%s",errno,strerror(errno),KNI_ACTION_EXIT); - return -1; - } - - - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"init_domain_fd","domain socket connect succ! "); - return i_fd; -} - - -int kni_process_readdata(int thread_seq,int buflen,char* buf) -{ - int iprever_flag=0; - long result=0; - - struct ip* iphdr=(struct ip*)buf; - struct stream_tuple4_v4 ipv4_addr; - - struct args_read_tun args; - - if(iphdr->ip_v==4) - { - iprever_flag=kni_get_ipaddr_v4((void*)buf,&ipv4_addr); - - args.a_packet=buf; - args.iplen=buflen; - args.iprevers=iprever_flag; - args.thread_seq=thread_seq; - - MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),kni_readtun_htable_cb_v4,(void*)&args,&result); - if(result==1) - { - -// kni_sendpkt_eth(thread_seq,buflen,buf,&ipv4_addr,iprever_flag,args.routdir,args.smac,args.dmac); - kni_sendpkt_routdir(thread_seq,buflen,buf,&ipv4_addr,iprever_flag,args.routdir,args.smac,args.dmac); - } - - } - - return 0; - -} - - -/******************************************************************************************************************** -name: -function: -return: -*********************************************************************************************************************/ -void* kni_read_tun(void* arg) -{ - int thread_seq=*(int*)arg; - - int recv_len=0; - char recv_buf[KNI_MAX_BUFLEN] = {0}; - - - while(1) - { - if(g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS) - { - sleep(KNI_USLEEP_TIME); - continue; - } - - - recv_len=0; - memset(recv_buf,0,KNI_MAX_BUFLEN); - - recv_len=tun_read_data(g_kni_comminfo.fd_tun[thread_seq],recv_buf, KNI_MAX_BUFLEN); - if(recv_len <0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_READTUN,"tun_read_data()error,recv_len:%d",recv_len); - } - else if(recv_len>0) - { - kni_set_filestate2(thread_seq,FS2_COLUME_READ,0,1); - kni_process_readdata(thread_seq,recv_len,recv_buf); - } - } - - return 0; - -} - -int kni_sendfds_domain() -{ - int ret=0; - long fds_len=KNI_FDS_NUM*sizeof(int); - int fds[KNI_FDS_NUM]={0}; - - while(1) - { - memset(fds,0,KNI_FDS_NUM*sizeof(int)); - fds_len=KNI_FDS_NUM*sizeof(int); - - ret=MESA_lqueue_get_tail(g_kni_structinfo.lqueue_for_domain,fds,&fds_len); - if(ret==MESA_QUEUE_RET_QEMPTY) - { - continue; - } - else if(ret<0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_READTUN,"MESA_lqueue_try_get_tail() error!ret:%d\n",ret); - continue; - - } - - ret=kni_send_fds(g_kni_comminfo.fd_domain,fds,2,fds[KNI_FDS_INDEX_PROTOCOL]); - if(ret<0) //check errno - { - g_kni_comminfo.kni_mode_cur=KNI_MODE_BYPASS; - return -1; - } - - close(fds[KNI_FDS_INDEX_CLIENT]); - close(fds[KNI_FDS_INDEX_SERVER]); - - } - - return 0; -} - -int kni_connect_domain() -{ - while(1) - { - g_kni_comminfo.fd_domain=init_domain_fd(); - if(g_kni_comminfo.fd_domain<0) - { - sleep(1); - } - else - { - g_kni_comminfo.kni_mode_cur=KNI_MODE_WORK; - return 0; - } - } - - return 0; -} - -/******************************************************************************************************************** -name: -function: -return: -*********************************************************************************************************************/ -void* kni_process_domain(void* arg) -{ - while(1) - { - if(g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS) - { - kni_connect_domain(); - } - else - { - kni_sendfds_domain(); - } - } - - return 0; - -} - - - - -int tcprepair_get_state(struct kni_tcp_state* fake_client,struct kni_tcp_state* fake_server,void* a_packet,struct kni_pme_info* pmeinfo) -{ - - struct ip* iphdr=(struct ip*)a_packet; - struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl)); - - fake_client->src_ip=(iphdr->ip_src).s_addr; - fake_client->sport=tcphdr->source; - fake_client->dst_ip=(iphdr->ip_dst).s_addr; - fake_client->dport =tcphdr->dest; - fake_client->seq=ntohl(tcphdr->seq); - fake_client->ack=ntohl(tcphdr->ack_seq); - fake_client->mss_src=pmeinfo->mss[KNI_DIR_C2S]; - fake_client->mss_dst=pmeinfo->mss[KNI_DIR_S2C]; - fake_client->wscale_src=pmeinfo->wnscal[KNI_DIR_C2S]; - fake_client->wscale_dst=pmeinfo->wnscal[KNI_DIR_S2C]; - fake_client->sack_src=pmeinfo->sack[KNI_DIR_C2S]; - fake_client->sack_dst=pmeinfo->sack[KNI_DIR_S2C]; - fake_client->timestamps_src=pmeinfo->timestamps[KNI_DIR_C2S]; - fake_client->timestamps_dst=pmeinfo->timestamps[KNI_DIR_S2C]; - - fake_server->src_ip=(iphdr->ip_dst).s_addr; - fake_server->sport=tcphdr->dest; - fake_server->dst_ip=(iphdr->ip_src).s_addr; - fake_server->dport =tcphdr->source; - fake_server->seq=ntohl(tcphdr->ack_seq); - fake_server->ack=ntohl(tcphdr->seq); - fake_server->mss_src=pmeinfo->mss[KNI_DIR_S2C]; - fake_server->mss_dst=pmeinfo->mss[KNI_DIR_C2S]; - fake_server->wscale_src=pmeinfo->wnscal[KNI_DIR_S2C]; - fake_server->wscale_dst=pmeinfo->wnscal[KNI_DIR_C2S]; - fake_server->sack_src=pmeinfo->sack[KNI_DIR_S2C]; - fake_server->sack_dst=pmeinfo->sack[KNI_DIR_C2S]; - fake_server->timestamps_src=pmeinfo->timestamps[KNI_DIR_S2C]; - fake_server->timestamps_dst=pmeinfo->timestamps[KNI_DIR_C2S]; - - return 0; -} - - -int tcprepair_set_state(int sk,struct kni_tcp_state* tcp) -{ - int val,yes=1, onr = 0; -// int mark = 2; -// int mark_tmp=0; -// socklen_t mark_len=sizeof(mark_tmp); - struct tcp_repair_opt opts[KNI_TCPREPAIR_OPT_NUM]; - struct sockaddr_in addr; - - if (setsockopt(sk, SOL_TCP, TCP_REPAIR, &yes, sizeof(yes))==-1) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - - if (setsockopt(sk, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) < 0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() IP_TRANSPARENT error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - - if (setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() SO_REUSEADDR error,errno:%d,%s",errno,strerror(errno)); - return -1; - } -/* - if(setsockopt(sk, SOL_SOCKET, SO_MARK, &mark, sizeof(mark))<0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() SO_MARK error,errno:%d",errno); - return -1; - } - - - getsockopt(sk, SOL_SOCKET, SO_MARK, &mark_tmp, &mark_len); - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","getsockopt() SO_MARK :%d",mark_tmp); -*/ - /* ============= Restore TCP properties ==================*/ - val = TCP_SEND_QUEUE; - if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_SEND_QUEUE error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - val = tcp->seq; - if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - val = TCP_RECV_QUEUE; - if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_RECV_QUEUE error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - val = tcp->ack; - if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - -/* - struct tcp_repair_window win; - - win.snd_wl1=tcp->seq; - win.snd_wnd=tcp->wnscale[KNI_DIR_C2S]<wnscale[KNI_DIR_S2C]; - win.max_window=win.snd_wnd; - win.rcv_wnd=win.snd_wnd; - win.rcv_wup=win.snd_wl1; - - if (setsockopt(sk, SOL_TCP, TCP_REPAIR_WINDOW, &win, sizeof(win))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_WINDOW error,errno:%d",errno); - return -1; - } - */ - - /* ============= Bind and connect ================ */ - memset(&addr,0,sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_port = tcp->sport; - addr.sin_addr.s_addr=tcp->src_ip; - - if (bind(sk, (struct sockaddr *) &addr, sizeof(addr))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","bind() error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - memset(&addr,0,sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_port = tcp->dport; - addr.sin_addr.s_addr=tcp->dst_ip; - - if (connect(sk, (struct sockaddr *) &addr, sizeof(addr))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","connect() error,errno:%d,%s",errno,strerror(errno)); - return -1; - } -/* - opts[onr].opt_code = TCPOPT_WINDOW; - opts[onr].opt_val = tcp->wscale_src+ (tcp->wscale_dst<< 16); - onr++; -*/ - - - if((tcp->wscale_dst)&&(tcp->wscale_src)) - { - opts[onr].opt_code = TCPOPT_WINDOW; - opts[onr].opt_val = tcp->wscale_dst+ (tcp->wscale_src<< 16); - onr++; - } - - - opts[onr].opt_code = TCPOPT_MAXSEG; - opts[onr].opt_val = (tcp->mss_srcmss_dst)?tcp->mss_src:tcp->mss_dst; - onr++; - - if((tcp->sack_src)&&(tcp->sack_dst)) - { - opts[onr].opt_code = TCPOPT_SACK_PERMITTED; - opts[onr].opt_val = 0; - onr++; - } -/* - opts[onr].opt_code = TCPOPT_TIMESTAMP; - opts[onr].opt_val = (tcp->timestamps_src)&&(tcp->timestamps_dst); - onr++; -*/ - - - if (setsockopt(sk, SOL_TCP, TCP_REPAIR_OPTIONS,opts, onr * sizeof(struct tcp_repair_opt)) < 0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_OPTIONS error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - val = 0; - if (setsockopt(sk, SOL_TCP, TCP_REPAIR, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR close error,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - return 0; - - -} - - -int tcp_repair_process(const struct streaminfo* pstream,const struct ip* a_packet,struct kni_pme_info* pmeinfo,int protocol) -{ -#ifdef KNI_DEBUG_TCPREPAIR - return 0; -#endif - - int ret=0; - int fds[KNI_FDS_NUM]; - int fd_client,fd_server; - struct kni_tcp_state fake_client; - struct kni_tcp_state fake_server; - -// struct ip* iphdr=(struct ip*)a_packet; -// struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl)); -// int tcplen=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->doff; - - fd_client = socket(AF_INET, SOCK_STREAM, 0); - fd_server = socket(AF_INET, SOCK_STREAM, 0); - if ((fd_client < 0)||(fd_server<0)) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","socket() error"); - return -1; - } - - tcprepair_get_state(&fake_client,&fake_server,(void*)a_packet,pmeinfo); - - ret=tcprepair_set_state(fd_client,&fake_server); - if(ret<0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","fd_client tcprepair_set_state() error,dropme and fwdpkt"); - return -1; - } - - ret=tcprepair_set_state(fd_server,&fake_client); - if(ret<0) - { - - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","fd_server tcprepair_set_state() error,dropme and fwdpkt"); - return -1; - } - - - fds[0]=fd_client; - fds[1]=fd_server; - fds[2]=protocol; - - ret=MESA_lqueue_join_head(g_kni_structinfo.lqueue_for_domain,(void*)fds,KNI_FDS_NUM*sizeof(int)); - if(ret <0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_SENDFD,"MESA_lqueue_try_join_head() error,ret:%d",ret); - } - -/* - kni_send_fds(g_kni_comminfo.fd_domain,fds,2,protocol); - close(fds[0]); - close(fds[1]); -*/ - - - return 0; - -} - - -/*************************************************************************************** -return :state_flag -kni_bmd:STAT_FLAG_SNIBMD -not kni_bmd:STAT_FLAG_SSL_NOBMD -***************************************************************************************/ -int kni_scan_whitelist_domain(char* domain,int domain_len,int thread_seq,scan_status_t mid) -{ - int i=0; - int action=KNI_ACTION_NONE; - - int string_scan_num=0; - int found_pos; - struct Maat_rule_t maat_result[KNI_MAX_SAMENUM]; - - string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,domain,domain_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq); -/* - if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(string_scan_num==0)) - { - action=KNI_ACTION_WHITELIST; - return action; - } -*/ - for(i=0;i1 -***************************************************************************************/ -int kni_scan_whitelist_ip(struct ipaddr* addr,int thread_seq,int protocol,scan_status_t mid) -{ - int i=0; - int action=KNI_ACTION_NONE; - - int ipscan_num=0; - struct Maat_rule_t maat_result[KNI_MAX_SAMENUM]; - - ipscan_num=Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ip,addr,protocol,maat_result,KNI_MAX_SAMENUM,&mid,thread_seq); - - for(i=0;iseq=ntohl(tcphdr->th_seq); - lastpkt_info->ack=ntohl(tcphdr->th_ack); - lastpkt_info->ipid=ntohs(ip_hdr->ip_id); - lastpkt_info->ttl=ip_hdr->ip_ttl; - lastpkt_info->len=tcplen; - lastpkt_info->wndsize=ntohs(tcphdr->th_win); - - if(tcphdr->th_flags&TH_SYN) - { - lastpkt_info->syn_flag=1; - } - - return 0; -} - -int kni_get_tcpopt(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len,unsigned short* mss,unsigned char* winscale,unsigned char* scak,unsigned char* timestamps) -{ - - *mss=KNI_DEFAULT_MSS; - *winscale=KNI_DEFAULT_WINSCLE; - - - int remain_len=tcp_hdr_len; - struct kni_tcp_opt_format* tcp_opt=NULL; - - if((tcp_hdr_len<=20)||(tcp_hdr_len>64)) - { - return 0; - } - - tcp_opt=(struct kni_tcp_opt_format*)((char*)tcphdr+TCPHDR_DEFAULT_LEN); - remain_len-=TCPHDR_DEFAULT_LEN; - - while(remain_len) - { - if(tcp_opt->type==KNI_TCPOPT_MSS) //MSS - { - remain_len-=tcp_opt->len; - *mss=htons(*(unsigned short*)(tcp_opt->content)); - tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); - - continue; - } - else if(tcp_opt->type==KNI_TCPOPT_WINSCALE) //winscale - { - remain_len-=tcp_opt->len; - *winscale=*(unsigned char*)(tcp_opt->content); - tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); - - continue; - } - else if(tcp_opt->type==KNI_TCPOPT_SACKOK) //scak - { - remain_len-=tcp_opt->len; - *scak=1; - tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); - - continue; - } - else if(tcp_opt->type==KNI_TCPOPT_TIMESTAMP) //timestamp - { - remain_len-=tcp_opt->len; - *timestamps=1; - tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); - - continue; - } - else if((tcp_opt->type==0)||(tcp_opt->type==1)) - { - remain_len-=1; - tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+1); - - continue; - - } - else - { - remain_len-=tcp_opt->len; - tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); - - continue; - - } - } - - return 0; - -} - -char* kni_get_data(const struct streaminfo* pstream,int* datalen) -{ - char* data=NULL; - - if(pstream->type==STREAM_TYPE_TCP) - { - data=(char*)(pstream->ptcpdetail->pdata); - *datalen=pstream->ptcpdetail->datalen; - } - else if(pstream->type==STREAM_TYPE_UDP) - { - data=(char*)(pstream->pudpdetail->pdata); - *datalen=pstream->pudpdetail->datalen; - } - else - { - data=NULL; - *datalen=0; - } - - return data; - - -} - -int kni_htable_add(const struct streaminfo* pstream,const struct ip* ip_hdr,struct kni_pme_info* pmeinfo) -{ - int iprevers=0; - struct stream_tuple4_v4 ipv4_addr; - struct layer_addr_mac* mac_addr=(struct layer_addr_mac*)((char*)ip_hdr-KNI_ETHER_LEN); - struct kni_htable_datainfo* datainfo=(struct kni_htable_datainfo*)malloc(sizeof(struct kni_htable_datainfo)); - memset(datainfo,0,sizeof(struct kni_htable_datainfo)); - - iprevers=kni_get_ipaddr_v4((void*)ip_hdr,&ipv4_addr); - -//send pkt info - if(iprevers==0) - { - datainfo->route_dir=pstream->routedir; - memcpy(datainfo->smac,mac_addr->src_mac,MAC_ADDR_LEN); - memcpy(datainfo->dmac,mac_addr->dst_mac,MAC_ADDR_LEN); - } - else - { -// datainfo->route_dir=MESA_dir_reverse(pstream->routedir); - datainfo->route_dir=1-pstream->routedir; - memcpy(datainfo->smac,mac_addr->dst_mac,MAC_ADDR_LEN); - memcpy(datainfo->dmac,mac_addr->src_mac,MAC_ADDR_LEN); - } - -//send wnd_pro_reply info - memcpy(datainfo->wnscal,pmeinfo->wnscal,KNI_DIR_DOUBLE*sizeof(unsigned char)); - memcpy(datainfo->mss,pmeinfo->mss,KNI_DIR_DOUBLE*sizeof(unsigned short)); - memcpy(&(datainfo->lastpkt_info),&(pmeinfo->lastpkt_info),KNI_DIR_DOUBLE*sizeof(struct kni_wndpro_reply_info)); - - MESA_htable_add(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),(void*)datainfo); - - return 0; -} - - - - - -/*************************************************************************************** -return :state_flag -ssl:STAT_FLAG_SSL_NOBMD -not ssl:STAT_FLAG_NOTSSL -***************************************************************************************/ -int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len) -{ -// int state_flag=KNI_FLAG_UNKNOW; -// return KNI_FLAG_SSL; - - - int ssl_header_len=0; - char* ssl_header=NULL; - unsigned char content_type=0; - unsigned short version_in_header=0; - unsigned short len_in_header=0; - - - int ssl_body_len=0; - char* ssl_body=NULL; - unsigned char handshark_type=0; - unsigned int len_in_body=0; - unsigned short version_in_body=0; - unsigned char session_id_len=0; - unsigned short ciphersuite_len=0; - unsigned char compression_method_len=0; - - - int ssl_extention_len=0; - char* ssl_extention=NULL; - unsigned short extension_len_less=0; - unsigned short type_in_extension=0; - unsigned short len_in_extension=0; - -//ssl header - ssl_header=tcp_data; - - content_type=*(unsigned char*)&ssl_header[ssl_header_len]; - if(content_type!=SSL_CONTENTTYPE_HANDSHAKE) - { - return KNI_FLAG_UNKNOW; - } - ssl_header_len+=1; - - version_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len])); - if((version_in_header!=SSL_VERSION_TLS1_0)&&(version_in_header!=SSL_VERSION_TLS1_1)&&(version_in_header!=SSL_VERSION_TLS1_2)) - { - return KNI_FLAG_UNKNOW; - } - ssl_header_len+=2; - - len_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len])); - if(len_in_header!=tcp_datalen-SSL_HEADER_LEN) - { - return KNI_FLAG_UNKNOW; - } - ssl_header_len+=2; - -//ssl body - ssl_body=ssl_header+ssl_header_len; - - handshark_type=*(unsigned char*)&(ssl_body[ssl_body_len]); - if(handshark_type!=SSL_HANDSHAR_TYPE_CLIENTHELLO) - { - return KNI_FLAG_UNKNOW; - } - ssl_body_len+=1; - -// memcpy(&len_in_body,&ssl_body[ssl_body_len],3); - len_in_body=*(unsigned char*)&ssl_body[ssl_body_len+2]+256*(*(unsigned char*)&ssl_body[ssl_body_len+1])+65536*(*(unsigned char*)&ssl_body[ssl_body_len]); - if(len_in_body!=(len_in_header-SSL_BODY_LEN)) - { - return KNI_FLAG_UNKNOW; - } - - ssl_body_len+=3; - - version_in_body=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len])); - if((version_in_body!=SSL_VERSION_TLS1_0)&&(version_in_body!=SSL_VERSION_TLS1_1)&&(version_in_body!=SSL_VERSION_TLS1_2)) - { - return KNI_FLAG_UNKNOW; - } - ssl_body_len+=2; - - ssl_body_len+=32; //4byte time,28bytes random - - session_id_len=*(unsigned char*)&(ssl_body[ssl_body_len]); - ssl_body_len+=1; - ssl_body_len+=session_id_len; - - ciphersuite_len=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len])); - ssl_body_len+=2; - ssl_body_len+=ciphersuite_len; - - compression_method_len=*(unsigned char*)&(ssl_body[ssl_body_len]); - ssl_body_len+=1; - ssl_body_len+=compression_method_len; - -//ssl extention - ssl_extention=ssl_body+ssl_body_len; - - extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]); - if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2) - { - return KNI_FLAG_UNKNOW; - } - ssl_extention_len+=2; - - while(ssl_extention_lenKNI_SNI_MAXLEN) - { - //error - return KNI_FLAG_UNKNOW; - } - - if(len_in_extension>KNI_DEFAULT_MTU) - { - len_in_extension=KNI_DEFAULT_MTU; - } - memcpy(sni,&ssl_extention[ssl_extention_len],len_in_extension); - *sni_len=len_in_extension; - - return KNI_FLAG_SSL; - } - else - { - ssl_extention_len+=len_in_extension; - - continue; - } - } - - return KNI_FLAG_UNKNOW; -} - -int kni_judge_http(const struct streaminfo *stream,char* domain,int* domain_len) -{ - int val=1; - struct kni_http_project* host=(struct kni_http_project*)project_req_get_struct(stream,g_kni_comminfo.project_id); - if(host==NULL) - { - *domain_len=0; - return -1; - } - - *domain_len=host->host_len>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:host->host_len; - memcpy(domain,host->host,*domain_len); - - return val; -} - -int kni_protocol_identify(const struct streaminfo* pstream,char* tcp_data,int tcp_datalen,char* domain,int* domain_len) -{ - if(kni_judge_http(pstream,domain,domain_len)==1) - { - kni_set_filestate2(pstream->threadnum,FS2_COLUME_HTTP,0,1); - return KNI_FLAG_HTTP; - } - else if(kni_judge_ssl(tcp_data,tcp_datalen,domain,domain_len)==KNI_FLAG_SSL) - { - kni_set_filestate2(pstream->threadnum,FS2_COLUME_SSL,0,1); - return KNI_FLAG_SSL; - } - - return KNI_FLAG_NOTPROC; - -} -int kni_protocol_identify_bak(const struct streaminfo* pstream,char* tcp_data,int tcp_datalen,char* sni,int* sni_len) -{ - int pro_flag=KNI_FLAG_NOTPROC; - - unsigned short sport=ntohs(pstream->addr.tuple4_v4->source); - unsigned short dport=ntohs(pstream->addr.tuple4_v4->dest); - - if((sport==80)||(dport==80)) - { - pro_flag=KNI_FLAG_HTTP; - } - else if(kni_judge_ssl(tcp_data,tcp_datalen,sni,sni_len)==KNI_FLAG_SSL) - { - pro_flag=KNI_FLAG_SSL; - } - - - return pro_flag; -} - - -char kni_first_tcpdata(const struct streaminfo* pstream,const struct ip* ip_hdr,struct kni_pme_info* pmeinfo,char* data,int datalen) -{ - char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; - - int domain_len=0; - char domain[KNI_DEFAULT_MTU]={0}; - - int action=KNI_ACTION_NONE; - - pmeinfo->status_flag=kni_protocol_identify(pstream,data,datalen,domain,&domain_len); - - if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL)) - { - action=kni_scan_whitelist_domain(domain,domain_len,pstream->threadnum,pmeinfo->mid); - if(action==KNI_ACTION_WHITELIST) - { - kni_set_filestate2(pstream->threadnum,FS2_COLUME_WITELIST_DOMAIN,0,1); - kni_info_log_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"WHITE_LIST_DOMAIN",(char*)"BYPASS"); - - pmeinfo->status_flag=KNI_FLAG_NOTPROC; - return ret; - } -//20180803 add - else if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(action==KNI_ACTION_NONE)&&(pmeinfo->ip_not_hit)) - { - kni_info_log_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"NOT_HIT",(char*)"BYPASS"); - - pmeinfo->status_flag=KNI_FLAG_NOTPROC; - return ret; - } -//end - - if(tcp_repair_process(pstream,ip_hdr,pmeinfo,pmeinfo->status_flag)<0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,"tcp_repair_process","tcp_repair_process() error!"); - return ret; - } - - kni_htable_add(pstream,ip_hdr,pmeinfo); - kni_info_log_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"INTERCEPT",(char*)"INTERCEPT"); - - ret=APP_STATE_DROPPKT|APP_STATE_GIVEME; - } - else - { - kni_info_log_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,NULL,(char*)"NOT_HTTP_SSL",(char*)"BYPASS"); - } - - return ret; - - -} - -int kni_init_pmeinfo(void** pme) -{ - struct kni_pme_info* pmeinfo=(struct kni_pme_info*)malloc(sizeof(struct kni_pme_info)); - memset(pmeinfo,0,sizeof(struct kni_pme_info)); - *pme=pmeinfo; - - return 0; - -} - -int kni_free_pmeinfo(void** pme) -{ - struct kni_pme_info* pmeinfo=(struct kni_pme_info*)*pme; - - Maat_clean_status(&(pmeinfo->mid)); - free(pmeinfo); - - pmeinfo=NULL; - - return 0; - -} - -char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr,int protocol) -{ - char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; - - char* data=NULL; - int datalen=0; - - int ipscan_action=0; - int iplen=ntohs(ip_hdr->ip_len); - struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl)); - - - ipscan_action=kni_scan_whitelist_ip((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo->mid); - if(ipscan_action==KNI_ACTION_WHITELIST) - { - kni_info_log_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,0,NULL,(char*)"WHITE_LIST_IP",(char*)"BYPASS"); - kni_set_filestate2(thread_seq,FS2_COLUME_WITELIST_IP,0,1); - return ret; - } -//20180803 add - else if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(ipscan_action==KNI_ACTION_NONE)) - { - pmeinfo->ip_not_hit=1; - } -//end - - pmeinfo->status_flag=KNI_FLAG_UNKNOW; -// pmeinfo->wndsize[pstream->curdir-1]=ntohs(tcphdr->th_win); -// if((tcphdr->th_flags&TH_SYN)&&!(tcphdr->th_flags&TH_ACK)) //get wndscale and mss from tcpopt only in syn and syn/ack - { - data=kni_get_data(pstream,&datalen); - kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1])); -} - - kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr); - -#ifndef KNI_DEBUG_TCPREPAIR - if(datalen>0) -#endif - { - ret=kni_first_tcpdata(pstream,ip_hdr,pmeinfo,data,datalen); - if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL)) - { - ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ip_hdr,iplen,(struct streaminfo*)pstream,thread_seq); - } - } -#ifndef KNI_DEBUG_TCPREPAIR - else - { - ret=APP_STATE_FAWPKT|APP_STATE_GIVEME; - } -#endif - - return ret; - -} - - -char kni_data_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr) -{ - char ret=APP_STATE_DROPPKT|APP_STATE_GIVEME; - - char* data=NULL; - int datalen=0; - - int iplen=ntohs(ip_hdr->ip_len); -// struct kni_pme_info* pmeinfo=(struct kni_pme_info*)*pme; - struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl)); - - data=kni_get_data(pstream,&datalen); - - if(pmeinfo->status_flag==KNI_FLAG_UNKNOW) - { - if((tcphdr->th_flags&TH_SYN)&&(tcphdr->th_flags&TH_ACK)) - { - kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1])); - - } - - kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr); - - if(datalen>0) - { - ret=kni_first_tcpdata(pstream,ip_hdr,pmeinfo,data,datalen); - } - else - { - ret=APP_STATE_FAWPKT|APP_STATE_GIVEME; - } - } - - if((pmeinfo->status_flag==KNI_FLAG_HTTP)||(pmeinfo->status_flag==KNI_FLAG_SSL)) - { - ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ip_hdr,iplen,(struct streaminfo*)pstream,thread_seq); - } - - return ret; - -} - -char kni_close_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr) -{ - - char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; - - if(ip_hdr==NULL) - { - return ret; - } - - ret=kni_data_opstate(pstream,pmeinfo,thread_seq,ip_hdr); - - return ret|APP_STATE_DROPME; -} - - -extern "C" char kni_tcpall_entry(const struct streaminfo* pstream,void** pme,int thread_seq,const void* ip_hdr) -{ - - char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; - if((g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS)||(pstream->addr.addrtype==ADDR_TYPE_IPV6)) - { - return ret; - } - - kni_set_filestate2(thread_seq,FS2_COLUME_RECV,0,1); - - - switch(pstream->pktstate) - { - case OP_STATE_PENDING: - kni_init_pmeinfo(pme); - ret=kni_pending_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr,PROTO_TYPE_TCP); - break; - - case OP_STATE_DATA: - ret=kni_data_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr); - break; - - case OP_STATE_CLOSE: - ret=kni_close_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr); - break; - - default: - break; - } - - if((ret&APP_STATE_DROPME)&&(*pme!=NULL)) - { - kni_free_pmeinfo(pme); - *pme=NULL; - } - /* - - if(ret&APP_STATE_DROPPKT) - { - kni_set_filestate2(thread_seq,FS2_COLUME_DROPPKT,0,1); - } - - else - { - kni_set_filestate2(thread_seq,FS2_COLUME_FWD,0,1); - } -*/ - - return ret; - -} - -extern "C" char kni_http_entry(stSessionInfo* session_info, void **pme, int thread_seq,struct streaminfo *a_stream,const void *a_packet) -{ - char ret=PROT_STATE_DROPME; - - int host_len=session_info->buflen>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:session_info->buflen; - struct kni_http_project* host_info=(struct kni_http_project*)malloc(sizeof(struct kni_http_project)); - host_info->host_len=host_len; - memcpy(host_info->host,session_info->buf,host_len); - - project_req_add_struct(a_stream,g_kni_comminfo.project_id,host_info); - - return ret; -} - -void kni_free_project(int thread_seq, void *project_req_value) -{ - free(project_req_value); - project_req_value=NULL; - - return ; -} - -int init_profile_info(int* scandir_interval,int* effect_interval,int* logger_level,char* logger_filepath,int* maat_readconf_mode,char* table_info_path,char* inc_cfg_dir,char* full_cfg_dir,char* stat_file_path,char* redis_ip,int* redis_port,int* redis_index ) -{ -//main.conf -// MESA_load_profile_int_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"thread_num",&(g_kni_comminfo.thread_num),1); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"pcapdevice",g_kni_comminfo.card_in,KNI_CONF_MAXLEN,"cap0"); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"pcapdevice2",g_kni_comminfo.card_out,KNI_CONF_MAXLEN,"cap1"); - - -//kni.conf - MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"replay_win_update",&(g_kni_switch_info.replay_win_update),1); - MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_work_mode",&(g_kni_switch_info.maat_default_mode),KNI_DEFAULT_MODE_INTERCEPT); - MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_level",logger_level,RLOG_LV_INFO); - MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"maat_readconf_mode",maat_readconf_mode,KNI_READCONF_IRIS); - MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"scandir_interval",scandir_interval,KNI_SCANDIR_INTERVAL); - MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"effect_interval",effect_interval,KNI_EFFECT_INTERVAL); - MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_db_index",redis_index,0); - MESA_load_profile_int_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_port",(int*)redis_port); - - MESA_load_profile_string_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_server",redis_ip,INET_ADDRSTRLEN); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_filepath",logger_filepath,KNI_CONF_MAXLEN,"./log/kni.log"); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"table_info_path",table_info_path,KNI_CONF_MAXLEN,KNI_TABLEINFO_PATH); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"inc_cfg_dir",inc_cfg_dir,KNI_CONF_MAXLEN,KNI_INCCFG_FILEPATH); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"stat_file_path",stat_file_path,KNI_CONF_MAXLEN,KNI_STAT_FILEPATH); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"full_cfg_dir",full_cfg_dir,KNI_CONF_MAXLEN,KNI_FULLCFG_FILEPATH); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"tun_name",g_kni_comminfo.tun_name,KNI_CONF_MAXLEN,"tun0"); - MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"domain_path",g_kni_comminfo.domain_path,KNI_CONF_MAXLEN,"/home/server_unixsocket_file"); - - return 0; -} - -int init_kni_stat_htable() -{ - MESA_htable_create_args_t hash_frags; - - memset(&hash_frags,0,sizeof(MESA_htable_create_args_t)); - - hash_frags.thread_safe=KNI_THREAD_SAFE; - hash_frags.recursive=1; - hash_frags.hash_slot_size=KNI_HTABLE_SIZE; - hash_frags.max_elem_num=KNI_HTABLE_MAXNUM; - hash_frags.eliminate_type=HASH_ELIMINATE_ALGO_FIFO; - hash_frags.expire_time=0; - hash_frags.key_comp=NULL; - hash_frags.key2index=NULL; - hash_frags.data_free=NULL; - hash_frags.data_expire_with_condition=NULL; - - g_kni_structinfo.htable_to_tun_v4=MESA_htable_create(&hash_frags,sizeof(MESA_htable_create_args_t)); - g_kni_structinfo.htable_to_tun_v6=MESA_htable_create(&hash_frags,sizeof(MESA_htable_create_args_t)); - if((g_kni_structinfo.htable_to_tun_v4==NULL)||(g_kni_structinfo.htable_to_tun_v6==NULL)) - { - - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"MESA_htable_create() error!action:%s",KNI_ACTION_EXIT); - return -1; - } - - return 0; - -} - - -int kni_read_cardname() -{ - int offset=0; - char* token=NULL; - char buf[KNI_CONF_MAXLEN]={0}; - - int routdir=0; - - FILE* fp=fopen("./conf/send_raw_pkt.conf","r"); - if(fp==NULL) - { - - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","fopen ./conf/send_raw_pkt.conf err,errno:%d,%s",errno,strerror(errno)); - return -1; - } - - while(feof(fp)==0) - { - routdir=0; - memset(buf,0,KNI_CONF_MAXLEN); - - if((fgets(buf,KNI_CONF_MAXLEN,fp)==NULL)) - { - break; - } - - if(buf[0]=='#') - { - continue; - } - - token=strtok(buf,"\t, "); - offset=1; - - while(token!=NULL) - { - switch(offset) - { - case KNI_OFFSET_ROUTDIR: - routdir=atoi(token); - if((routdir!=0)&&(routdir!=1)) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","routdir :%d error",routdir); - return -1; - } - break; - - case KNI_OFFSET_CARDNAME: - memcpy(g_kni_cardname[routdir],token,strlen(token)); - break; - - default: - break; - - } - - token=strtok(NULL,"\t, "); - offset++; - } - - } - - fclose(fp); - fp=NULL; - - - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","card name:%s,%s",g_kni_cardname[0],g_kni_cardname[1]); - - return 0; - -} - - -extern "C" char kni_init() -{ - - int i=0; - int ret=0; - -// char __tun_symbol[512] = "tun0"; - - - int logger_level; - char logger_filepath[KNI_CONF_MAXLEN]={0}; - - int maat_readconf_mode=0; - int redis_db_index=0; - int redis_port=0; - unsigned short redis_port_real=0; - char redis_ip[INET_ADDRSTRLEN]={0}; - int scandir_interval=KNI_SCANDIR_INTERVAL; - int effect_interval=KNI_EFFECT_INTERVAL; - - char table_info_path[KNI_CONF_MAXLEN]={0}; - char stat_file_dir[KNI_CONF_MAXLEN]={0}; - char full_cfg_dir[KNI_CONF_MAXLEN]={0}; - char inc_cfg_dir[KNI_CONF_MAXLEN]={0}; - - pthread_t pid_read_tun; - pthread_t pid_pro_domain; - pthread_t pid_kni_filestat2; - - - inet_aton((const char *)&LOCAL_IP_ADDR,(struct in_addr*)&g_kni_comminfo.local_ip); - - -//init profile - init_profile_info(&scandir_interval,&effect_interval,&logger_level,logger_filepath,&maat_readconf_mode,table_info_path,inc_cfg_dir,full_cfg_dir,stat_file_dir,redis_ip,&redis_port,&redis_db_index); - -//init runtime log - g_kni_comminfo.logger=MESA_create_runtime_log_handle(logger_filepath,logger_level); - if(g_kni_comminfo.logger==NULL) - { - printf("MESA_create_runtime_log_handle() error!exit...\n"); - return -1; - } -//project - - g_kni_comminfo.project_id=project_producer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT,kni_free_project); - if(g_kni_comminfo.project_id<0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_producer_register() error!project_id:%d",g_kni_comminfo.project_id); - return -1; - } - - g_kni_comminfo.project_id=project_customer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT); - if(g_kni_comminfo.project_id<0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_customer_register() error!project_id:%d",g_kni_comminfo.project_id); - return -1; - } - -//maat - g_kni_maatinfo.maat_feather=Maat_feather(g_iThreadNum,table_info_path,g_kni_comminfo.logger); - if(g_kni_maatinfo.maat_feather==NULL) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_feather() error!table_info_path:%s,action:%s",table_info_path,KNI_ACTION_EXIT); - return -1; - } - - if(maat_readconf_mode==KNI_READCONF_JSON) - { - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_JSON_FILE_PATH, KNI_MAATJSON_FILEPATH,strlen(KNI_MAATJSON_FILEPATH)); - } - else if(maat_readconf_mode==KNI_READCONF_IRIS) - { - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_FULL_CFG_DIR,full_cfg_dir,strlen(full_cfg_dir)); - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_INC_CFG_DIR,inc_cfg_dir,strlen(inc_cfg_dir)); - } - else if(maat_readconf_mode==KNI_READCONF_REDIS) - { - redis_port_real=(unsigned short)redis_port; - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_IP,(void*)redis_ip,strlen(redis_ip)+1); - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_PORT,(void*)&redis_port_real,sizeof(unsigned short)); - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_INDEX,(void*)&redis_db_index,sizeof(int)); - - } - - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_SCANDIR_INTERVAL_MS, (void*)&scandir_interval,sizeof(int)); - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_EFFECT_INVERVAL_MS, (void*)&effect_interval,sizeof(int)); - Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_STAT_FILE_PATH,stat_file_dir,strlen(stat_file_dir)); - - ret=Maat_initiate_feather(g_kni_maatinfo.maat_feather); - if(ret<0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_initiate_feather() error!action:%s",KNI_ACTION_EXIT); - return -1; - } - - g_kni_maatinfo.tableid_ip=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_IP); - g_kni_maatinfo.tableid_domain=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_DOMAIN); - if((g_kni_maatinfo.tableid_ip<0)||(g_kni_maatinfo.tableid_domain<0)) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_table_register() error!ip_tableid:%d,sni_tableid:%d,action:%s",g_kni_maatinfo.tableid_ip,g_kni_maatinfo.tableid_domain,KNI_ACTION_EXIT); - return -1; - } - - -//init htable - ret=init_kni_stat_htable(); - if(ret<0) - { - return -1; - } - -//init lqueue for send fds - g_kni_structinfo.lqueue_for_domain=MESA_lqueue_create(KNI_THREAD_SAFE,KNI_LQUEUE_MAXNUM); - if(g_kni_structinfo.lqueue_for_domain==NULL) - { - printf("MESA_lqueue_create() error!\n"); - return -1; - } - - - -//init tun - g_kni_comminfo.thread_num=g_iThreadNum; - if(g_kni_comminfo.thread_num<=0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"thread_num:%d,action:%s",g_kni_comminfo.thread_num,KNI_ACTION_EXIT); - return -1; - } - - g_kni_comminfo.fd_tun=(int*)malloc(g_kni_comminfo.thread_num*sizeof(int)); - memset(g_kni_comminfo.fd_tun,0,g_kni_comminfo.thread_num*sizeof(int)); - - ret=tun_alloc_mq(g_kni_comminfo.tun_name,g_kni_comminfo.thread_num,g_kni_comminfo.fd_tun); - if(ret<0) - { - return -1; - } - -#ifndef KNI_DEBUG_TCPREPAIR -//init domain - g_kni_comminfo.fd_domain=init_domain_fd(); - if(g_kni_comminfo.fd_domain<0) - { - g_kni_comminfo.kni_mode_cur=KNI_MODE_BYPASS; - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd()error"); - } - - - pthread_create(&pid_pro_domain,NULL,kni_process_domain,NULL); - pthread_create(&pid_kni_filestat2,NULL,kni_filestat2,NULL); -#endif - - -//test init raw_socket - kni_read_cardname(); - g_kni_comminfo.ipv4_fd=(int*)malloc(g_kni_comminfo.thread_num*sizeof(int)); - for(i=0;i +#include +#include +#include +#include +#include "stream.h" +#include "MESA_prof_load.h" +#include "MESA_handle_logger.h" +#include "field_stat2.h" +#include "kni_entry.h" +#include "kni_comm.h" + + + +const char *g_kni_fs2_name[FS2_COLUMN_NUM] ={"RECV_PKTS","WRITE_PKTS","READ_PKTS","SEND_PKTS","BMD_IP","BMD_DOMAIN","HTTP_PKTS","SSL_PKTS","DROP_PKTS"}; + + +int kni_log_info_v4(char* module,struct stream_tuple4_v4* addr,unsigned short protocol,char* domain,char* scan_result,char* action) +{ + unsigned short sport=0; + unsigned short dport=0; + char saddr_v4[INET_ADDRSTRLEN]={0}; + char daddr_v4[INET_ADDRSTRLEN]={0}; + + sport=ntohs(addr->source); + dport=ntohs(addr->dest); + inet_ntop(AF_INET, (void *)&(addr->saddr), saddr_v4, INET_ADDRSTRLEN); + inet_ntop(AF_INET, (void *)&(addr->daddr), daddr_v4, INET_ADDRSTRLEN); + + if(protocol==KNI_FLAG_HTTP) + { + MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,%s,domain:%s,%s,%s",saddr_v4,sport,daddr_v4,dport,"HTTP",domain,scan_result,action); + } + else if(protocol==KNI_FLAG_SSL) + { + MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,%s,domain:%s,%s,%s",saddr_v4,sport,daddr_v4,dport,"SSL",domain+5,scan_result,action); + } + else + { + MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,domain:%s,%s,%s",saddr_v4,sport,daddr_v4,dport,domain,scan_result,action); + } + + + return 0; + +} + + + +int kni_log_debug_v4(int level,char* module,struct ip* a_packet,char* content) +{ + + struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(a_packet->ip_hl)); + + unsigned short sport=0; + unsigned short dport=0; + char saddr_v4[INET_ADDRSTRLEN]={0}; + char daddr_v4[INET_ADDRSTRLEN]={0}; + + sport=ntohs(tcphdr->source); + dport=ntohs(tcphdr->dest); + inet_ntop(AF_INET, (void *)&((a_packet->ip_src).s_addr), saddr_v4, INET_ADDRSTRLEN); + inet_ntop(AF_INET, (void *)&((a_packet->ip_dst).s_addr), daddr_v4, INET_ADDRSTRLEN); + + MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"addr:%s,%d,%s,%d %s",saddr_v4,sport,daddr_v4,dport,content); + + return 0; + +} + +/**************************************************************************** +if(sportip_hl)); + + sport=ntohs(tcphdr->source); + dport=ntohs(tcphdr->dest); + + if((sportip_src).s_addr)ip_dst).s_addr)))) + { + reverse_flag=1; + } + + if(reverse_flag==1) + { + ipaddr->saddr=(iphdr->ip_dst).s_addr; + ipaddr->daddr=(iphdr->ip_src).s_addr; + ipaddr->source=tcphdr->dest; + ipaddr->dest=tcphdr->source; + } + else + { + ipaddr->saddr=(iphdr->ip_src).s_addr; + ipaddr->daddr=(iphdr->ip_dst).s_addr; + ipaddr->source=tcphdr->source; + ipaddr->dest=tcphdr->dest; + } + + + return reverse_flag; +} + + + +/**************************************************************************** +if(sportsource); + dport=ntohs(tcphdr->dest); + + if(sportsaddr,ipv6_hdr->ip6_dst.s6_addr32,IPV6_ADDR_LEN); + memcpy(ipaddr->daddr,ipv6_hdr->ip6_src.s6_addr32,IPV6_ADDR_LEN); + ipaddr->source=tcphdr->dest; + ipaddr->dest=tcphdr->source; + } + else + { + memcpy(ipaddr->saddr,ipv6_hdr->ip6_src.s6_addr32,IPV6_ADDR_LEN); + memcpy(ipaddr->daddr,ipv6_hdr->ip6_dst.s6_addr32,IPV6_ADDR_LEN); + ipaddr->source=tcphdr->source; + ipaddr->dest=tcphdr->dest; + } + + + return reverse_flag; +} + +int kni_get_tcpinfo(struct kni_wndpro_reply_info* lastpkt_info,struct kni_tcp_hdr* tcphdr,int tcplen,struct ip* ip_hdr) +{ + lastpkt_info->seq=ntohl(tcphdr->th_seq); + lastpkt_info->ack=ntohl(tcphdr->th_ack); + lastpkt_info->ipid=ntohs(ip_hdr->ip_id); + lastpkt_info->ttl=ip_hdr->ip_ttl; + lastpkt_info->len=tcplen; + lastpkt_info->wndsize=ntohs(tcphdr->th_win); + + if(tcphdr->th_flags&TH_SYN) + { + lastpkt_info->syn_flag=1; + } + + return 0; +} + +int kni_get_tcpopt(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len,unsigned short* mss,unsigned char* winscale,unsigned char* scak,unsigned char* timestamps) +{ + + *mss=KNI_DEFAULT_MSS; + *winscale=KNI_DEFAULT_WINSCLE; + + + int remain_len=tcp_hdr_len; + struct kni_tcp_opt_format* tcp_opt=NULL; + + if((tcp_hdr_len<=20)||(tcp_hdr_len>64)) + { + return 0; + } + + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcphdr+TCPHDR_DEFAULT_LEN); + remain_len-=TCPHDR_DEFAULT_LEN; + + while(remain_len) + { + if(tcp_opt->type==KNI_TCPOPT_MSS) //MSS + { + remain_len-=tcp_opt->len; + *mss=htons(*(unsigned short*)(tcp_opt->content)); + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); + + continue; + } + else if(tcp_opt->type==KNI_TCPOPT_WINSCALE) //winscale + { + remain_len-=tcp_opt->len; + *winscale=*(unsigned char*)(tcp_opt->content); + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); + + continue; + } + else if(tcp_opt->type==KNI_TCPOPT_SACKOK) //scak + { + remain_len-=tcp_opt->len; + *scak=1; + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); + + continue; + } + else if(tcp_opt->type==KNI_TCPOPT_TIMESTAMP) //timestamp + { + remain_len-=tcp_opt->len; + *timestamps=1; + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); + + continue; + } + else if((tcp_opt->type==0)||(tcp_opt->type==1)) + { + remain_len-=1; + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+1); + + continue; + + } + else + { + remain_len-=tcp_opt->len; + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); + + continue; + + } + } + + return 0; + +} + +char* kni_get_data(const struct streaminfo* pstream,int* datalen) +{ + char* data=NULL; + + if(pstream->type==STREAM_TYPE_TCP) + { + data=(char*)(pstream->ptcpdetail->pdata); + *datalen=pstream->ptcpdetail->datalen; + } + else if(pstream->type==STREAM_TYPE_UDP) + { + data=(char*)(pstream->pudpdetail->pdata); + *datalen=pstream->pudpdetail->datalen; + } + else + { + data=NULL; + *datalen=0; + } + + return data; + + +} + + + + +int kni_filestate2_set(int thread_seq,int colum_index,int bytes,int pktnum) +{ + g_kni_fs2_info.column_value_pkt[thread_seq][colum_index]+=pktnum; + g_kni_fs2_info.column_value_bytes[thread_seq][colum_index]+=bytes; + + return 0; + +} + + +int kni_filestate2_init() +{ + int i=0; +// int j=0; + int value=1; + unsigned int fs2_sport=0; + char fs2_filename[KNI_MAX_BUFLEN]={0}; + char fs2_sip[KNI_MAX_BUFLEN]={0}; + + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_filename",fs2_filename,KNI_MAX_BUFLEN,(char*)"./log/kni_fs2.log"); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_sip",fs2_sip,KNI_MAX_BUFLEN,(char*)"0.0.0.0"); + MESA_load_profile_uint_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_sport",(unsigned int*)&fs2_sport,0); + + g_kni_fs2_info.handler=FS_create_handle(); + + FS_set_para(g_kni_fs2_info.handler, OUTPUT_DEVICE,fs2_filename, strlen(fs2_filename)+1); + FS_set_para(g_kni_fs2_info.handler, PRINT_MODE, &value, sizeof(value)); + FS_set_para(g_kni_fs2_info.handler, STAT_CYCLE, &value, sizeof(value)); + FS_set_para(g_kni_fs2_info.handler, CREATE_THREAD, &value, sizeof(value)); + FS_set_para(g_kni_fs2_info.handler, APP_NAME, FS2_APPNAME, strlen(FS2_APPNAME)+1); + + if(fs2_sport!=0) + { + FS_set_para(g_kni_fs2_info.handler, STATS_SERVER_IP, fs2_sip, strlen(fs2_sip)+1); + FS_set_para(g_kni_fs2_info.handler, STATS_SERVER_PORT,&fs2_sport,sizeof(int)); + } + + for(i=0;i +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "kni_connect.h" +#include "kni_entry.h" + + + + +extern "C" int sendpacket_do_checksum(unsigned char* buf,int protocol,int len); +extern "C" int sendpacket_build_ethernet(unsigned char* dst,unsigned char* src,unsigned short type,const unsigned char* payload,int payload_s,unsigned char* buf); +extern "C" unsigned char MESA_dir_reverse(unsigned char route_dir); + + + + +int kni_send_fds(int socket, int *fds, int n,int protocol) +{ + int flags=MSG_NOSIGNAL; + struct msghdr msg = {0}; + struct cmsghdr *cmsg; + char buf[CMSG_SPACE(n * sizeof(int))], dup[256]={0}; + memset(buf, 0, sizeof(buf)); +// struct iovec io = { .iov_base = &dup, .iov_len = sizeof(struct kni_tlv_info) }; + struct iovec io = { .iov_base = &dup, .iov_len = sizeof(dup) }; + + +//tlv info + struct kni_tlv_info tlv_info; + tlv_info.type=KNI_TLV_TYPE_PRO; + tlv_info.len=0x0001; + tlv_info.value=protocol; + memcpy(dup,&tlv_info,sizeof(struct kni_tlv_info)); +//end + + msg.msg_iov = &io; + msg.msg_iovlen = 1; + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_SOCKET; + cmsg->cmsg_type = SCM_RIGHTS; + cmsg->cmsg_len = CMSG_LEN(n * sizeof(int)); + + memcpy ((int *) CMSG_DATA(cmsg), fds, n * sizeof (int)); + + // if (sendmsg (socket, &msg, 0) < 0) + if (sendmsg (socket, &msg, flags) < 0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_send_fds","sendmsg()error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + return 0; +} + +int kni_sendfds_domain() +{ + int ret=0; + long fds_len=KNI_FDS_NUM*sizeof(int); + int fds[KNI_FDS_NUM]={0}; + + while(1) + { + memset(fds,0,KNI_FDS_NUM*sizeof(int)); + fds_len=KNI_FDS_NUM*sizeof(int); + + ret=MESA_lqueue_get_tail(g_kni_structinfo.lqueue_for_domain,fds,&fds_len); + if(ret==MESA_QUEUE_RET_QEMPTY) + { + continue; + } + else if(ret<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_READTUN,"MESA_lqueue_try_get_tail() error!ret:%d\n",ret); + continue; + + } + + ret=kni_send_fds(g_kni_comminfo.fd_domain,fds,2,fds[KNI_FDS_INDEX_PROTOCOL]); + if(ret<0) //check errno + { + g_kni_comminfo.kni_mode_cur=KNI_MODE_BYPASS; + return -1; + } + + close(fds[KNI_FDS_INDEX_CLIENT]); + close(fds[KNI_FDS_INDEX_SERVER]); + + } + + return 0; +} + +int kni_connect_domain() +{ + while(1) + { + g_kni_comminfo.fd_domain=init_domain_fd(); + if(g_kni_comminfo.fd_domain<0) + { + sleep(1); + } + else + { + g_kni_comminfo.kni_mode_cur=KNI_MODE_WORK; + return 0; + } + } + + return 0; +} + +/******************************************************************************************************************** +name: +function: +return: +*********************************************************************************************************************/ +void* kni_process_domain(void* arg) +{ + while(1) + { + if(g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS) + { + kni_connect_domain(); + } + else + { + kni_sendfds_domain(); + } + } + + return 0; + +} + + + + +int init_domain_fd() +{ + + int i_fd = 0; + struct sockaddr_un addr; + int i_addr_len = sizeof( struct sockaddr_un ); + + if ( ( i_fd = socket( AF_UNIX, SOCK_STREAM, 0 ) ) < 0 ) +// if ( ( i_fd = socket( AF_UNIX, SOCK_DGRAM, 0 ) ) < 0 ) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():socket error,errno is %d,%s,,action:%s",errno,strerror(errno),KNI_ACTION_EXIT); + return -1; + } + +//fill socket adress structure with server's address + memset( &addr, 0, sizeof( addr ) ); + addr.sun_family = AF_UNIX; +// strncpy( addr.sun_path, serverpath, sizeof( addr.sun_path ) - 1 ); + strncpy( addr.sun_path, g_kni_comminfo.domain_path, sizeof( addr.sun_path ) - 1 ); + + + if ( connect( i_fd, ( struct sockaddr * )&addr, i_addr_len ) < 0 ) + { + close(i_fd); + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():connect error,errno is %d,%s,action:%s",errno,strerror(errno),KNI_ACTION_EXIT); + return -1; + } + + + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"init_domain_fd","domain socket connect succ! "); + return i_fd; +} + +int init_kni_domain() +{ +#ifndef KNI_DEBUG_TCPREPAIR + + pthread_t pid_pro_domain; + + g_kni_comminfo.fd_domain=init_domain_fd(); + if(g_kni_comminfo.fd_domain<0) + { + g_kni_comminfo.kni_mode_cur=KNI_MODE_BYPASS; + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd()error"); + } + + pthread_create(&pid_pro_domain,NULL,kni_process_domain,NULL); + + return 0; + +#endif + +} + + +int tun_set_queue(int fd, int enable) + { + struct ifreq ifr; + + memset(&ifr, 0, sizeof(ifr)); + + if (enable) + ifr.ifr_flags = IFF_ATTACH_QUEUE; + else + ifr.ifr_flags = IFF_DETACH_QUEUE; + + return ioctl(fd, TUNSETQUEUE, (void *)&ifr); + } + +int tun_error(int i,int* fds) +{ + + for (--i; i >= 0; i--) + { + close(fds[i]); + } + + return 0; +} + + + +/* Flags: IFF_TUN - TUN device (no Ethernet headers) + * IFF_TAP - TAP device + * + * IFF_NO_PI - Do not provide packet information + * IFF_MULTI_QUEUE - Create a queue of multiqueue device + */ +int tun_alloc_mq(char *dev, int queues, int *fds) +{ + int i=0; + int err=0; + int fd; + int flag=0; + struct ifreq ifr; + + + char *clonedev = (char*)"/dev/net/tun"; + + memset(&ifr, 0, sizeof(ifr)); + ifr.ifr_flags = IFF_TUN | IFF_NO_PI | IFF_MULTI_QUEUE; + if (*dev) + { + strncpy(ifr.ifr_name, dev, IFNAMSIZ); + } + + for (i = 0; i < queues; i++) + { + if ((fd = open(clonedev, O_RDWR)) < 0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"tun_alloc_mq():open error,errno is:%d,%s,action:%s",errno,strerror(errno),KNI_ACTION_EXIT); + tun_error(i,fds); + return -1; + } + err = ioctl(fd, TUNSETIFF, (void *)&ifr); + if (err) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"tun_alloc_mq():ioctl error,errno is:%d,%s,action:%s",errno,strerror(errno),KNI_ACTION_EXIT); + close(fd); + tun_error(i,fds); + return -1; + } + +//20180618 add set noblock + flag= fcntl(fd, F_GETFL, 0); + if(flag<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"fcntl():getfl error,errno is:%d,%s",errno,strerror(errno)); + } + + if( fcntl( fd, F_SETFL, flag|O_NONBLOCK ) < 0 ) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"fcntl():setfl error,errno is:%d,%s",errno,strerror(errno)); + } + +//end + + fds[i] = fd; + } + return 0; +} + + + + + +int tun_read_data(int fd,char* recv_buf,int max_buflen) +{ + int recv_len=0; + + int ret=0; + int max_fd = 0; + fd_set alive_readfd; + + FD_ZERO(&alive_readfd); + FD_SET(fd, &alive_readfd); + max_fd = fd; + + ret = select(max_fd + 1, &alive_readfd, NULL, NULL, NULL); + if (ret <= 0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL, "keep_alive_action function", "select function errno %d is %s!", errno, strerror(errno)); + return 0; + } + + recv_len = read(fd, recv_buf, KNI_MAX_BUFLEN); + if(recv_len <0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_WRITETUN,"tun_read_data error %d, %s\n",errno,strerror(errno)); + return -1; + } + else + { + return recv_len; + } + + return 0; +} + + +char tun_write_data(int fd,char* send_buf,int send_buflen,struct streaminfo* pstream,int thread_seq) +{ + char ret=APP_STATE_DROPPKT|APP_STATE_GIVEME; + int succ_sendlen=0; + + succ_sendlen = write(fd, send_buf,send_buflen); + if((succ_sendlen<0)&&(pstream!=NULL)) + { + kni_filestate2_set(thread_seq,FS2_COLUME_DROPPKT,0,1); + MESA_kill_tcp(pstream,(const void*)send_buf); + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_WRITETUN,"write() error %d, %s",errno,strerror(errno)); + ret=APP_STATE_DROPPKT|APP_STATE_DROPME; + } + else if(succ_sendlenip_hl)); + struct kni_wndpro_reply_info* tcpinfo=&(datainfo->lastpkt_info[index]); + + struct ip* snd_iphdr=NULL; + struct tcphdr* snd_tcphdr=NULL; + char* sendbuf=(char*)malloc(iplen); + memcpy(sendbuf,a_packet,iplen); + + snd_iphdr=(struct ip*)sendbuf; + snd_tcphdr=(struct tcphdr*)((char*)snd_iphdr+4*(snd_iphdr->ip_hl)); + + (snd_iphdr->ip_src).s_addr=(iphdr->ip_dst).s_addr; + (snd_iphdr->ip_dst).s_addr=(iphdr->ip_src).s_addr; +// snd_iphdr->ip_id=ipid; +// snd_iphdr->ip_id=htons(datainfo->lastpkt_info[index].ipid+1); +// snd_iphdr->ip_ttl=datainfo->lastpkt_info[index].ttl; + + snd_tcphdr->source=tcphdr->dest; + snd_tcphdr->dest=tcphdr->source; + snd_tcphdr->seq=htonl(tcpinfo->seq+tcpinfo->len); + snd_tcphdr->ack_seq=htonl(tcpinfo->ack); + + + if(tcpinfo->syn_flag==1) + { + snd_tcphdr->seq=htonl(ntohl(snd_tcphdr->seq)+1); + } +/* + if(iprever_flag==0) + { + snd_iphdr->ip_id=ipid; + snd_tcphdr->window=htons((win>>win_scale)+1); + } +*/ + sendpacket_do_checksum((unsigned char*)sendbuf,IPPROTO_TCP,(iplen-4*(iphdr->ip_hl))); + sendpacket_do_checksum((unsigned char*)sendbuf,IPPROTO_IP,sizeof(struct ip)); + + tun_write_data(g_kni_comminfo.fd_tun[thread_seq],sendbuf,iplen,NULL,thread_seq); + + kni_log_debug_v4(RLOG_LV_DEBUG,(char*)"win_update",(struct ip*)a_packet,(char*)"recv tcp_repair windows update,and replay"); + + free(sendbuf); + sendbuf=NULL; + + datainfo->wndpro_flag[index]=1; + + + return 1; + + +} + + + + + +long kni_readtun_htable_cb_v4(void* data,const unsigned char* key,unsigned int size,void* user_arg) +{ + long result=0; + struct stream_tuple4_v4* ipv4_addr=(struct stream_tuple4_v4*)key; + struct args_read_tun* args=(struct args_read_tun*)user_arg; + struct kni_htable_datainfo* datainfo=(struct kni_htable_datainfo*)data; + + if(datainfo!=NULL) + { + memcpy(args->smac,datainfo->smac,KNI_MACADDR_LEN); + memcpy(args->dmac,datainfo->dmac,KNI_MACADDR_LEN); + if(args->iprevers==0) + { + args->routdir=datainfo->route_dir; + } + else + { +// args->routdir=MESA_dir_reverse(datainfo->route_dir); + args->routdir=1-datainfo->route_dir; + + } + + if(datainfo->wndpro_flag[1-args->iprevers]>0) + { + result=1; + } + else + { + kni_keepalive_replay(ipv4_addr,args->iprevers,datainfo,args->a_packet,args->iplen,args->thread_seq); + result=1; + } + + + + } +#ifdef KNI_DEBUG_TCPREPAIR + else if(ipv4_addr->saddr==1698867392) + { + printf("sip is 192.168.66.101\n"); + args->smac[0]=0x18; + args->smac[1]=0x66; + args->smac[2]=0xda; + args->smac[3]=0xe5; + args->smac[4]=0xfa; + args->smac[5]=0xa1; + + args->dmac[0]=0xe8; + args->dmac[1]=0x61; + args->dmac[2]=0x1f; + args->dmac[3]=0x13; + args->dmac[4]=0x70; + args->dmac[5]=0x7a; + result=1; + } + else + { + kni_log_debug_v4(RLOG_LV_INFO,"htable_cb",(struct ip*)args->a_packet,(char*)"read_tun,data=NULL,sip not 192.168.66.101"); + + } +#endif + return result; +} + + + + + +int kni_process_readdata(int thread_seq,int buflen,char* buf) +{ + int iprever_flag=0; + long result=0; + + struct ip* iphdr=(struct ip*)buf; + struct stream_tuple4_v4 ipv4_addr; + + struct args_read_tun args; + + if(iphdr->ip_v==4) + { + iprever_flag=kni_get_ipaddr_v4((void*)buf,&ipv4_addr); + + args.a_packet=buf; + args.iplen=buflen; + args.iprevers=iprever_flag; + args.thread_seq=thread_seq; + + MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),kni_readtun_htable_cb_v4,(void*)&args,&result); + if(result==1) + { + +// kni_sendpkt_eth(thread_seq,buflen,buf,&ipv4_addr,iprever_flag,args.routdir,args.smac,args.dmac); + kni_sendpkt_routdir(thread_seq,buflen,buf,&ipv4_addr,iprever_flag,args.routdir,args.smac,args.dmac); + } + + } + + return 0; + +} + + + + + +/******************************************************************************************************************** +name: +function: +return: +*********************************************************************************************************************/ +void* kni_read_tun(void* arg) +{ + int thread_seq=*(int*)arg; + + int recv_len=0; + char recv_buf[KNI_MAX_BUFLEN] = {0}; + + + while(1) + { + if(g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS) + { + sleep(KNI_USLEEP_TIME); + continue; + } + + + recv_len=0; + memset(recv_buf,0,KNI_MAX_BUFLEN); + + recv_len=tun_read_data(g_kni_comminfo.fd_tun[thread_seq],recv_buf, KNI_MAX_BUFLEN); + if(recv_len <0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_READTUN,"tun_read_data()error,recv_len:%d",recv_len); + } + else if(recv_len>0) + { + kni_filestate2_set(thread_seq,FS2_COLUME_READ,0,1); + kni_process_readdata(thread_seq,recv_len,recv_buf); + } + } + + return 0; + +} + + diff --git a/kni_connect.h b/kni_connect.h new file mode 100644 index 0000000..abf93bf --- /dev/null +++ b/kni_connect.h @@ -0,0 +1,19 @@ +#ifndef KNI_CONNECT_H +#define KNI_CONNECT_H + + + + +int kni_send_fds(int socket, int *fds, int n,int protocol); +char tun_write_data(int fd,char* send_buf,int send_buflen,struct streaminfo* pstream,int thread_seq); + + +int init_domain_fd(); +int init_kni_domain(); +int init_kni_tun(); + +void* kni_read_tun(void* arg); + + +#endif + diff --git a/kni_entry.c b/kni_entry.c new file mode 100644 index 0000000..aab6eb1 --- /dev/null +++ b/kni_entry.c @@ -0,0 +1,916 @@ +#include +#include +#include +#include +#include +#include +#include +#include "kni_entry.h" + + + +int g_kni_version_VERSION_20180822; + +struct kni_var_comm g_kni_comminfo; +struct kni_var_struct g_kni_structinfo; +struct kni_var_maat g_kni_maatinfo; +struct kni_fs2_info g_kni_fs2_info; +struct kni_switch_info g_kni_switch_info; + +char g_kni_cardname[KNI_CARD_NUM][KNI_CONF_MAXLEN]; +int g_kni_threadseq[KNI_MAX_THREADNUM]; + + + + +int kni_init_pmeinfo(void** pme) +{ + struct kni_pme_info* pmeinfo=(struct kni_pme_info*)malloc(sizeof(struct kni_pme_info)); + memset(pmeinfo,0,sizeof(struct kni_pme_info)); + *pme=pmeinfo; + + return 0; + +} + +int kni_free_pmeinfo(void** pme) +{ + struct kni_pme_info* pmeinfo=(struct kni_pme_info*)*pme; + + Maat_clean_status(&(pmeinfo->mid)); + free(pmeinfo); + + pmeinfo=NULL; + + return 0; + +} + + +/*************************************************************************************** +return :state_flag +kni_bmd:STAT_FLAG_SNIBMD +not kni_bmd:STAT_FLAG_SSL_NOBMD +***************************************************************************************/ +int kni_scan_domain(char* domain,int domain_len,int thread_seq,scan_status_t mid) +{ + int i=0; + int action=KNI_ACTION_NONE; + + int string_scan_num=0; + int found_pos; + struct Maat_rule_t maat_result[KNI_MAX_SAMENUM]; + + string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,domain,domain_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq); + + + for(i=0;i1 +***************************************************************************************/ +int kni_scan_ip(struct ipaddr* addr,int thread_seq,int protocol,scan_status_t mid) +{ + int i=0; + int action=KNI_ACTION_NONE; + + int ipscan_num=0; + struct Maat_rule_t maat_result[KNI_MAX_SAMENUM]; + + ipscan_num=Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ip,addr,protocol,maat_result,KNI_MAX_SAMENUM,&mid,thread_seq); + + for(i=0;iroute_dir=pstream->routedir; + memcpy(datainfo->smac,mac_addr->src_mac,MAC_ADDR_LEN); + memcpy(datainfo->dmac,mac_addr->dst_mac,MAC_ADDR_LEN); + } + else + { +// datainfo->route_dir=MESA_dir_reverse(pstream->routedir); + datainfo->route_dir=1-pstream->routedir; + memcpy(datainfo->smac,mac_addr->dst_mac,MAC_ADDR_LEN); + memcpy(datainfo->dmac,mac_addr->src_mac,MAC_ADDR_LEN); + } + +//send wnd_pro_reply info + memcpy(datainfo->wnscal,pmeinfo->wnscal,KNI_DIR_DOUBLE*sizeof(unsigned char)); + memcpy(datainfo->mss,pmeinfo->mss,KNI_DIR_DOUBLE*sizeof(unsigned short)); + memcpy(&(datainfo->lastpkt_info),&(pmeinfo->lastpkt_info),KNI_DIR_DOUBLE*sizeof(struct kni_wndpro_reply_info)); + + MESA_htable_add(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),(void*)datainfo); + + return 0; +} + + + + + +/*************************************************************************************** +return :state_flag +ssl:STAT_FLAG_SSL_NOBMD +not ssl:STAT_FLAG_NOTSSL +***************************************************************************************/ +int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len) +{ + int ssl_header_len=0; + char* ssl_header=NULL; + unsigned char content_type=0; + unsigned short version_in_header=0; + unsigned short len_in_header=0; + + + int ssl_body_len=0; + char* ssl_body=NULL; + unsigned char handshark_type=0; + unsigned int len_in_body=0; + unsigned short version_in_body=0; + unsigned char session_id_len=0; + unsigned short ciphersuite_len=0; + unsigned char compression_method_len=0; + + + int ssl_extention_len=0; + char* ssl_extention=NULL; + unsigned short extension_len_less=0; + unsigned short type_in_extension=0; + unsigned short len_in_extension=0; + +//ssl header + ssl_header=tcp_data; + + content_type=*(unsigned char*)&ssl_header[ssl_header_len]; + if(content_type!=SSL_CONTENTTYPE_HANDSHAKE) + { + return KNI_FLAG_UNKNOW; + } + ssl_header_len+=1; + + version_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len])); + if((version_in_header!=SSL_VERSION_TLS1_0)&&(version_in_header!=SSL_VERSION_TLS1_1)&&(version_in_header!=SSL_VERSION_TLS1_2)) + { + return KNI_FLAG_UNKNOW; + } + ssl_header_len+=2; + + len_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len])); + if(len_in_header!=tcp_datalen-SSL_HEADER_LEN) + { + return KNI_FLAG_UNKNOW; + } + ssl_header_len+=2; + +//ssl body + ssl_body=ssl_header+ssl_header_len; + + handshark_type=*(unsigned char*)&(ssl_body[ssl_body_len]); + if(handshark_type!=SSL_HANDSHAR_TYPE_CLIENTHELLO) + { + return KNI_FLAG_UNKNOW; + } + ssl_body_len+=1; + +// memcpy(&len_in_body,&ssl_body[ssl_body_len],3); + len_in_body=*(unsigned char*)&ssl_body[ssl_body_len+2]+256*(*(unsigned char*)&ssl_body[ssl_body_len+1])+65536*(*(unsigned char*)&ssl_body[ssl_body_len]); + if(len_in_body!=(len_in_header-SSL_BODY_LEN)) + { + return KNI_FLAG_UNKNOW; + } + + ssl_body_len+=3; + + version_in_body=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len])); + if((version_in_body!=SSL_VERSION_TLS1_0)&&(version_in_body!=SSL_VERSION_TLS1_1)&&(version_in_body!=SSL_VERSION_TLS1_2)) + { + return KNI_FLAG_UNKNOW; + } + ssl_body_len+=2; + + ssl_body_len+=32; //4byte time,28bytes random + + session_id_len=*(unsigned char*)&(ssl_body[ssl_body_len]); + ssl_body_len+=1; + ssl_body_len+=session_id_len; + + ciphersuite_len=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len])); + ssl_body_len+=2; + ssl_body_len+=ciphersuite_len; + + compression_method_len=*(unsigned char*)&(ssl_body[ssl_body_len]); + ssl_body_len+=1; + ssl_body_len+=compression_method_len; + +//ssl extention + ssl_extention=ssl_body+ssl_body_len; + + extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]); + if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2) + { + return KNI_FLAG_UNKNOW; + } + ssl_extention_len+=2; + + while(ssl_extention_lenKNI_SNI_MAXLEN) + { + //error + return KNI_FLAG_UNKNOW; + } + + if(len_in_extension>KNI_DEFAULT_MTU) + { + len_in_extension=KNI_DEFAULT_MTU; + } + memcpy(sni,&ssl_extention[ssl_extention_len],len_in_extension); + *sni_len=len_in_extension; + + return KNI_FLAG_SSL; + } + else + { + ssl_extention_len+=len_in_extension; + + continue; + } + } + + return KNI_FLAG_UNKNOW; +} + + + +int kni_judge_http(const struct streaminfo *stream,char* domain,int* domain_len) +{ + int val=1; + struct kni_http_project* host=(struct kni_http_project*)project_req_get_struct(stream,g_kni_comminfo.project_id); + if(host==NULL) + { + *domain_len=0; + return -1; + } + + *domain_len=host->host_len>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:host->host_len; + memcpy(domain,host->host,*domain_len); + + return val; +} + + + +int kni_protocol_identify(const struct streaminfo* pstream,char* tcp_data,int tcp_datalen,char* domain,int* domain_len) +{ + if(kni_judge_http(pstream,domain,domain_len)==1) + { + kni_filestate2_set(pstream->threadnum,FS2_COLUME_HTTP,0,1); + return KNI_FLAG_HTTP; + } + else if(kni_judge_ssl(tcp_data,tcp_datalen,domain,domain_len)==KNI_FLAG_SSL) + { + kni_filestate2_set(pstream->threadnum,FS2_COLUME_SSL,0,1); + return KNI_FLAG_SSL; + } + + return KNI_FLAG_NOTPROC; + +} + + + + +char kni_first_tcpdata(const struct streaminfo* pstream,const struct ip* ip_hdr,struct kni_pme_info* pmeinfo,char* data,int datalen) +{ + char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; + + int domain_len=0; + char domain[KNI_DEFAULT_MTU]={0}; + + int action=KNI_ACTION_NONE; + + pmeinfo->status_flag=kni_protocol_identify(pstream,data,datalen,domain,&domain_len); + + if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL)) + { + action=kni_scan_domain(domain,domain_len,pstream->threadnum,pmeinfo->mid); + if(action==KNI_ACTION_WHITELIST) + { + kni_filestate2_set(pstream->threadnum,FS2_COLUME_WITELIST_DOMAIN,0,1); + kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"WHITE_LIST_DOMAIN",(char*)"BYPASS"); + + pmeinfo->status_flag=KNI_FLAG_NOTPROC; + return ret; + } +//20180803 add + else if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(action==KNI_ACTION_NONE)&&(pmeinfo->ip_not_hit)) + { + kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"NOT_HIT",(char*)"BYPASS"); + + pmeinfo->status_flag=KNI_FLAG_NOTPROC; + return ret; + } +//end + + if(tcp_repair_process(pstream,ip_hdr,pmeinfo,pmeinfo->status_flag)<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,"tcp_repair_process","tcp_repair_process() error!"); + return ret; + } + + kni_htable_add(pstream,ip_hdr,pmeinfo); + kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,domain,(char*)"INTERCEPT",(char*)"INTERCEPT"); + + ret=APP_STATE_DROPPKT|APP_STATE_GIVEME; + } + else + { + kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,pmeinfo->status_flag,NULL,(char*)"NOT_HTTP_SSL",(char*)"BYPASS"); + } + + return ret; + + +} + + + + +char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr,int protocol) +{ + char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; + + char* data=NULL; + int datalen=0; + + int ipscan_action=0; + int iplen=ntohs(ip_hdr->ip_len); + struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl)); + + + ipscan_action=kni_scan_ip((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo->mid); + if(ipscan_action==KNI_ACTION_WHITELIST) + { + kni_log_info_v4((char*)KNI_MODULE_INFO,pstream->addr.tuple4_v4,0,NULL,(char*)"WHITE_LIST_IP",(char*)"BYPASS"); + kni_filestate2_set(thread_seq,FS2_COLUME_WITELIST_IP,0,1); + return ret; + } + else if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(ipscan_action==KNI_ACTION_NONE)) + { + pmeinfo->ip_not_hit=1; + } + + pmeinfo->status_flag=KNI_FLAG_UNKNOW; + + data=kni_get_data(pstream,&datalen); + kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1])); + + kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr); + +#ifndef KNI_DEBUG_TCPREPAIR + if(datalen>0) +#endif + { + ret=kni_first_tcpdata(pstream,ip_hdr,pmeinfo,data,datalen); + if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL)) + { + ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ip_hdr,iplen,(struct streaminfo*)pstream,thread_seq); + } + } +#ifndef KNI_DEBUG_TCPREPAIR + else + { + ret=APP_STATE_FAWPKT|APP_STATE_GIVEME; + } +#endif + + return ret; + +} + + + + +char kni_data_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr) +{ + char ret=APP_STATE_DROPPKT|APP_STATE_GIVEME; + + char* data=NULL; + int datalen=0; + + int iplen=ntohs(ip_hdr->ip_len); + struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl)); + + data=kni_get_data(pstream,&datalen); + + if(pmeinfo->status_flag==KNI_FLAG_UNKNOW) + { + if((tcphdr->th_flags&TH_SYN)&&(tcphdr->th_flags&TH_ACK)) + { + kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1])); + + } + + kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr); + + if(datalen>0) + { + ret=kni_first_tcpdata(pstream,ip_hdr,pmeinfo,data,datalen); + } + else + { + ret=APP_STATE_FAWPKT|APP_STATE_GIVEME; + } + } + + if((pmeinfo->status_flag==KNI_FLAG_HTTP)||(pmeinfo->status_flag==KNI_FLAG_SSL)) + { + ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ip_hdr,iplen,(struct streaminfo*)pstream,thread_seq); + } + + return ret; + +} + + + +char kni_close_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const struct ip* ip_hdr) +{ + + char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; + + if(ip_hdr==NULL) + { + return ret; + } + + ret=kni_data_opstate(pstream,pmeinfo,thread_seq,ip_hdr); + + return ret|APP_STATE_DROPME; +} + + +extern "C" char kni_tcpall_entry(const struct streaminfo* pstream,void** pme,int thread_seq,const void* ip_hdr) +{ + + char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; + if((g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS)||(pstream->addr.addrtype==ADDR_TYPE_IPV6)) + { + return ret; + } + + kni_filestate2_set(thread_seq,FS2_COLUME_RECV,0,1); + + + switch(pstream->pktstate) + { + case OP_STATE_PENDING: + kni_init_pmeinfo(pme); + ret=kni_pending_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr,PROTO_TYPE_TCP); + break; + + case OP_STATE_DATA: + ret=kni_data_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr); + break; + + case OP_STATE_CLOSE: + ret=kni_close_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,(const struct ip*)ip_hdr); + break; + + default: + break; + } + + if((ret&APP_STATE_DROPME)&&(*pme!=NULL)) + { + kni_free_pmeinfo(pme); + *pme=NULL; + } + + return ret; + +} + + +extern "C" char kni_http_entry(stSessionInfo* session_info, void **pme, int thread_seq,struct streaminfo *a_stream,const void *a_packet) +{ + char ret=PROT_STATE_DROPME; + + int host_len=session_info->buflen>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:session_info->buflen; + struct kni_http_project* host_info=(struct kni_http_project*)malloc(sizeof(struct kni_http_project)); + host_info->host_len=host_len; + memcpy(host_info->host,session_info->buf,host_len); + + project_req_add_struct(a_stream,g_kni_comminfo.project_id,host_info); + + return ret; +} + + + + +void kni_free_project(int thread_seq, void *project_req_value) +{ + free(project_req_value); + project_req_value=NULL; + + return ; +} + + + + + +int kni_read_cardname() +{ + int offset=0; + char* token=NULL; + char buf[KNI_CONF_MAXLEN]={0}; + + int routdir=0; + + FILE* fp=fopen("./conf/send_raw_pkt.conf","r"); + if(fp==NULL) + { + + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","fopen ./conf/send_raw_pkt.conf err,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + while(feof(fp)==0) + { + routdir=0; + memset(buf,0,KNI_CONF_MAXLEN); + + if((fgets(buf,KNI_CONF_MAXLEN,fp)==NULL)) + { + break; + } + + if(buf[0]=='#') + { + continue; + } + + token=strtok(buf,"\t, "); + offset=1; + + while(token!=NULL) + { + switch(offset) + { + case KNI_OFFSET_ROUTDIR: + routdir=atoi(token); + if((routdir!=0)&&(routdir!=1)) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","routdir :%d error",routdir); + return -1; + } + break; + + case KNI_OFFSET_CARDNAME: + memcpy(g_kni_cardname[routdir],token,strlen(token)); + break; + + default: + break; + + } + + token=strtok(NULL,"\t, "); + offset++; + } + + } + + fclose(fp); + fp=NULL; + + + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","card name:%s,%s",g_kni_cardname[0],g_kni_cardname[1]); + + return 0; + +} + + + + +int init_profile_info() +{ +//main.conf +// MESA_load_profile_int_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"thread_num",&(g_kni_comminfo.thread_num),1); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"pcapdevice",g_kni_comminfo.card_in,KNI_CONF_MAXLEN,"cap0"); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"pcapdevice2",g_kni_comminfo.card_out,KNI_CONF_MAXLEN,"cap1"); + + +//kni.conf + MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"replay_win_update",&(g_kni_switch_info.replay_win_update),1); + MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_work_mode",&(g_kni_switch_info.maat_default_mode),KNI_DEFAULT_MODE_INTERCEPT); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"tun_name",g_kni_comminfo.tun_name,KNI_CONF_MAXLEN,"tun0"); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"domain_path",g_kni_comminfo.domain_path,KNI_CONF_MAXLEN,"/home/server_unixsocket_file"); + + return 0; +} + + +int init_kni_stat_htable() +{ + MESA_htable_create_args_t hash_frags; + + memset(&hash_frags,0,sizeof(MESA_htable_create_args_t)); + + hash_frags.thread_safe=KNI_THREAD_SAFE; + hash_frags.recursive=1; + hash_frags.hash_slot_size=KNI_HTABLE_SIZE; + hash_frags.max_elem_num=KNI_HTABLE_MAXNUM; + hash_frags.eliminate_type=HASH_ELIMINATE_ALGO_FIFO; + hash_frags.expire_time=0; + hash_frags.key_comp=NULL; + hash_frags.key2index=NULL; + hash_frags.data_free=NULL; + hash_frags.data_expire_with_condition=NULL; + + g_kni_structinfo.htable_to_tun_v4=MESA_htable_create(&hash_frags,sizeof(MESA_htable_create_args_t)); + g_kni_structinfo.htable_to_tun_v6=MESA_htable_create(&hash_frags,sizeof(MESA_htable_create_args_t)); + if((g_kni_structinfo.htable_to_tun_v4==NULL)||(g_kni_structinfo.htable_to_tun_v6==NULL)) + { + + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"MESA_htable_create() error!action:%s",KNI_ACTION_EXIT); + return -1; + } + + return 0; + +} + +int init_kni_runtimelog() +{ + int logger_level; + char logger_filepath[KNI_CONF_MAXLEN]={0}; + + + MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_level",&logger_level,RLOG_LV_INFO); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_filepath",logger_filepath,KNI_CONF_MAXLEN,"./log/kni.log"); + + + g_kni_comminfo.logger=MESA_create_runtime_log_handle(logger_filepath,logger_level); + if(g_kni_comminfo.logger==NULL) + { + printf("MESA_create_runtime_log_handle() error!exit...\n"); + return -1; + } + + return 0; + +} + + +int init_kni_maat_info() +{ + int ret = 0; + + int maat_readconf_mode=0; + int redis_db_index=0; + int redis_port=0; + unsigned short redis_port_real=0; + char redis_ip[INET_ADDRSTRLEN]={0}; + int scandir_interval=KNI_SCANDIR_INTERVAL; + int effect_interval=KNI_EFFECT_INTERVAL; + + char table_info_path[KNI_CONF_MAXLEN]={0}; + char stat_file_dir[KNI_CONF_MAXLEN]={0}; + char full_cfg_dir[KNI_CONF_MAXLEN]={0}; + char inc_cfg_dir[KNI_CONF_MAXLEN]={0}; + + + MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"maat_readconf_mode",&maat_readconf_mode,KNI_READCONF_IRIS); + MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"scandir_interval",&scandir_interval,KNI_SCANDIR_INTERVAL); + MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"effect_interval",&effect_interval,KNI_EFFECT_INTERVAL); + MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_db_index",&redis_db_index,0); + MESA_load_profile_int_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_port",(int*)&redis_port); + + MESA_load_profile_string_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_server",redis_ip,INET_ADDRSTRLEN); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"table_info_path",table_info_path,KNI_CONF_MAXLEN,KNI_TABLEINFO_PATH); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"inc_cfg_dir",inc_cfg_dir,KNI_CONF_MAXLEN,KNI_INCCFG_FILEPATH); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"stat_file_path",stat_file_dir,KNI_CONF_MAXLEN,KNI_STAT_FILEPATH); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"full_cfg_dir",full_cfg_dir,KNI_CONF_MAXLEN,KNI_FULLCFG_FILEPATH); + + + g_kni_maatinfo.maat_feather=Maat_feather(g_iThreadNum,table_info_path,g_kni_comminfo.logger); + if(g_kni_maatinfo.maat_feather==NULL) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_feather() error!table_info_path:%s,action:%s",table_info_path,KNI_ACTION_EXIT); + return -1; + } + + if(maat_readconf_mode==KNI_READCONF_JSON) + { + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_JSON_FILE_PATH, KNI_MAATJSON_FILEPATH,strlen(KNI_MAATJSON_FILEPATH)); + } + else if(maat_readconf_mode==KNI_READCONF_IRIS) + { + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_FULL_CFG_DIR,full_cfg_dir,strlen(full_cfg_dir)); + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_INC_CFG_DIR,inc_cfg_dir,strlen(inc_cfg_dir)); + } + else if(maat_readconf_mode==KNI_READCONF_REDIS) + { + redis_port_real=(unsigned short)redis_port; + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_IP,(void*)redis_ip,strlen(redis_ip)+1); + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_PORT,(void*)&redis_port_real,sizeof(unsigned short)); + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_INDEX,(void*)&redis_db_index,sizeof(int)); + + } + + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_SCANDIR_INTERVAL_MS, (void*)&scandir_interval,sizeof(int)); + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_EFFECT_INVERVAL_MS, (void*)&effect_interval,sizeof(int)); + Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_STAT_FILE_PATH,stat_file_dir,strlen(stat_file_dir)); + + ret=Maat_initiate_feather(g_kni_maatinfo.maat_feather); + if(ret<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_initiate_feather() error!action:%s",KNI_ACTION_EXIT); + return -1; + } + + g_kni_maatinfo.tableid_ip=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_IP); + g_kni_maatinfo.tableid_domain=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_DOMAIN); + if((g_kni_maatinfo.tableid_ip<0)||(g_kni_maatinfo.tableid_domain<0)) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_table_register() error!ip_tableid:%d,sni_tableid:%d,action:%s",g_kni_maatinfo.tableid_ip,g_kni_maatinfo.tableid_domain,KNI_ACTION_EXIT); + return -1; + } + + return 0; + +} + +int init_kni_project() +{ + g_kni_comminfo.project_id=project_producer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT,kni_free_project); + if(g_kni_comminfo.project_id<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_producer_register() error!project_id:%d",g_kni_comminfo.project_id); + return -1; + } + + g_kni_comminfo.project_id=project_customer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT); + if(g_kni_comminfo.project_id<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_customer_register() error!project_id:%d",g_kni_comminfo.project_id); + return -1; + } + + return 0; +} + + + + +int init_kni_sendpkt() +{ + int i=0; + pthread_t pid_read_tun; + + kni_read_cardname(); + + g_kni_comminfo.ipv4_fd=(int*)malloc(g_kni_comminfo.thread_num*sizeof(int)); + for(i=0;i +#include +#include +#include +#include + +#include "kni_entry.h" + + + +int tcprepair_get_state(struct kni_tcp_state* fake_client,struct kni_tcp_state* fake_server,void* a_packet,struct kni_pme_info* pmeinfo) +{ + + struct ip* iphdr=(struct ip*)a_packet; + struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl)); + + fake_client->src_ip=(iphdr->ip_src).s_addr; + fake_client->sport=tcphdr->source; + fake_client->dst_ip=(iphdr->ip_dst).s_addr; + fake_client->dport =tcphdr->dest; + fake_client->seq=ntohl(tcphdr->seq); + fake_client->ack=ntohl(tcphdr->ack_seq); + fake_client->mss_src=pmeinfo->mss[KNI_DIR_C2S]; + fake_client->mss_dst=pmeinfo->mss[KNI_DIR_S2C]; + fake_client->wscale_src=pmeinfo->wnscal[KNI_DIR_C2S]; + fake_client->wscale_dst=pmeinfo->wnscal[KNI_DIR_S2C]; + fake_client->sack_src=pmeinfo->sack[KNI_DIR_C2S]; + fake_client->sack_dst=pmeinfo->sack[KNI_DIR_S2C]; + fake_client->timestamps_src=pmeinfo->timestamps[KNI_DIR_C2S]; + fake_client->timestamps_dst=pmeinfo->timestamps[KNI_DIR_S2C]; + + fake_server->src_ip=(iphdr->ip_dst).s_addr; + fake_server->sport=tcphdr->dest; + fake_server->dst_ip=(iphdr->ip_src).s_addr; + fake_server->dport =tcphdr->source; + fake_server->seq=ntohl(tcphdr->ack_seq); + fake_server->ack=ntohl(tcphdr->seq); + fake_server->mss_src=pmeinfo->mss[KNI_DIR_S2C]; + fake_server->mss_dst=pmeinfo->mss[KNI_DIR_C2S]; + fake_server->wscale_src=pmeinfo->wnscal[KNI_DIR_S2C]; + fake_server->wscale_dst=pmeinfo->wnscal[KNI_DIR_C2S]; + fake_server->sack_src=pmeinfo->sack[KNI_DIR_S2C]; + fake_server->sack_dst=pmeinfo->sack[KNI_DIR_C2S]; + fake_server->timestamps_src=pmeinfo->timestamps[KNI_DIR_S2C]; + fake_server->timestamps_dst=pmeinfo->timestamps[KNI_DIR_C2S]; + + return 0; +} + + + +int tcprepair_set_state(int sk,struct kni_tcp_state* tcp) +{ + int val,yes=1, onr = 0; +// int mark = 2; +// int mark_tmp=0; +// socklen_t mark_len=sizeof(mark_tmp); + struct tcp_repair_opt opts[KNI_TCPREPAIR_OPT_NUM]; + struct sockaddr_in addr; + + if (setsockopt(sk, SOL_TCP, TCP_REPAIR, &yes, sizeof(yes))==-1) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + + if (setsockopt(sk, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) < 0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() IP_TRANSPARENT error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + + if (setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() SO_REUSEADDR error,errno:%d,%s",errno,strerror(errno)); + return -1; + } +/* + if(setsockopt(sk, SOL_SOCKET, SO_MARK, &mark, sizeof(mark))<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() SO_MARK error,errno:%d",errno); + return -1; + } + + + getsockopt(sk, SOL_SOCKET, SO_MARK, &mark_tmp, &mark_len); + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","getsockopt() SO_MARK :%d",mark_tmp); +*/ + /* ============= Restore TCP properties ==================*/ + val = TCP_SEND_QUEUE; + if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val))) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_SEND_QUEUE error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + val = tcp->seq; + if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val))) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + val = TCP_RECV_QUEUE; + if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val))) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_RECV_QUEUE error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + val = tcp->ack; + if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val))) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + +/* + struct tcp_repair_window win; + + win.snd_wl1=tcp->seq; + win.snd_wnd=tcp->wnscale[KNI_DIR_C2S]<wnscale[KNI_DIR_S2C]; + win.max_window=win.snd_wnd; + win.rcv_wnd=win.snd_wnd; + win.rcv_wup=win.snd_wl1; + + if (setsockopt(sk, SOL_TCP, TCP_REPAIR_WINDOW, &win, sizeof(win))) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_WINDOW error,errno:%d",errno); + return -1; + } + */ + + /* ============= Bind and connect ================ */ + memset(&addr,0,sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = tcp->sport; + addr.sin_addr.s_addr=tcp->src_ip; + + if (bind(sk, (struct sockaddr *) &addr, sizeof(addr))) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","bind() error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + memset(&addr,0,sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = tcp->dport; + addr.sin_addr.s_addr=tcp->dst_ip; + + if (connect(sk, (struct sockaddr *) &addr, sizeof(addr))) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","connect() error,errno:%d,%s",errno,strerror(errno)); + return -1; + } +/* + opts[onr].opt_code = TCPOPT_WINDOW; + opts[onr].opt_val = tcp->wscale_src+ (tcp->wscale_dst<< 16); + onr++; +*/ + + + if((tcp->wscale_dst)&&(tcp->wscale_src)) + { + opts[onr].opt_code = TCPOPT_WINDOW; + opts[onr].opt_val = tcp->wscale_dst+ (tcp->wscale_src<< 16); + onr++; + } + + + opts[onr].opt_code = TCPOPT_MAXSEG; + opts[onr].opt_val = (tcp->mss_srcmss_dst)?tcp->mss_src:tcp->mss_dst; + onr++; + + if((tcp->sack_src)&&(tcp->sack_dst)) + { + opts[onr].opt_code = TCPOPT_SACK_PERMITTED; + opts[onr].opt_val = 0; + onr++; + } +/* + opts[onr].opt_code = TCPOPT_TIMESTAMP; + opts[onr].opt_val = (tcp->timestamps_src)&&(tcp->timestamps_dst); + onr++; +*/ + + + if (setsockopt(sk, SOL_TCP, TCP_REPAIR_OPTIONS,opts, onr * sizeof(struct tcp_repair_opt)) < 0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_OPTIONS error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + val = 0; + if (setsockopt(sk, SOL_TCP, TCP_REPAIR, &val, sizeof(val))) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR close error,errno:%d,%s",errno,strerror(errno)); + return -1; + } + + return 0; + + +} + + + +int tcp_repair_process(const struct streaminfo* pstream,const struct ip* a_packet,struct kni_pme_info* pmeinfo,int protocol) +{ +#ifdef KNI_DEBUG_TCPREPAIR + return 0; +#endif + + int ret=0; + int fds[KNI_FDS_NUM]; + int fd_client,fd_server; + struct kni_tcp_state fake_client; + struct kni_tcp_state fake_server; + +// struct ip* iphdr=(struct ip*)a_packet; +// struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl)); +// int tcplen=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->doff; + + fd_client = socket(AF_INET, SOCK_STREAM, 0); + fd_server = socket(AF_INET, SOCK_STREAM, 0); + if ((fd_client < 0)||(fd_server<0)) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","socket() error"); + return -1; + } + + tcprepair_get_state(&fake_client,&fake_server,(void*)a_packet,pmeinfo); + + ret=tcprepair_set_state(fd_client,&fake_server); + if(ret<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","fd_client tcprepair_set_state() error,dropme and fwdpkt"); + return -1; + } + + ret=tcprepair_set_state(fd_server,&fake_client); + if(ret<0) + { + + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","fd_server tcprepair_set_state() error,dropme and fwdpkt"); + return -1; + } + + + fds[0]=fd_client; + fds[1]=fd_server; + fds[2]=protocol; + + ret=MESA_lqueue_join_head(g_kni_structinfo.lqueue_for_domain,(void*)fds,KNI_FDS_NUM*sizeof(int)); + if(ret <0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_SENDFD,"MESA_lqueue_try_join_head() error,ret:%d",ret); + } + +/* + kni_send_fds(g_kni_comminfo.fd_domain,fds,2,protocol); + close(fds[0]); + close(fds[1]); +*/ + + + return 0; + +} + + + + diff --git a/kni_repair.h b/kni_repair.h new file mode 100644 index 0000000..b7704a3 --- /dev/null +++ b/kni_repair.h @@ -0,0 +1,10 @@ +#ifndef KNI_REPAIR_H +#define KNI_REPAIR_H + + +int tcp_repair_process(const struct streaminfo* pstream,const struct ip* a_packet,struct kni_pme_info* pmeinfo,int protocol); + + + +#endif +