From 12edcc65335f920eb2376874c334f2ee5fbe37ac Mon Sep 17 00:00:00 2001
From: fumingwei <fumingwei@geedgenetworks.com>
Date: Wed, 19 Aug 2020 18:15:07 +0800
Subject: [PATCH] =?UTF-8?q?TSG-2611:1=E3=80=81=E5=A2=9E=E5=8A=A0=20tcp=20o?=
 =?UTF-8?q?ption=20override=20maat=20=E6=89=AB=E6=8F=8F=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?=E5=BC=80=E5=85=B3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 conf/kni/kni.conf                | 23 +++++++-
 entry/include/kni_entry.h        |  1 +
 entry/src/kni_pxy_tcp_option.cpp | 97 ++++++++++++++++++++++++--------
 3 files changed, 97 insertions(+), 24 deletions(-)

diff --git a/conf/kni/kni.conf b/conf/kni/kni.conf
index 5b3ce9b..34ea6af 100644
--- a/conf/kni/kni.conf
+++ b/conf/kni/kni.conf
@@ -99,4 +99,25 @@ mho_eliminate_type = FIFO
 enabled = 1
 maat_table_compile = PXY_TCP_OPTION_COMPILE
 maat_table_addr = PXY_TCP_OPTION_ADDR
-maat_table_fqdn = PXY_TCP_OPTION_SSL_SNI
\ No newline at end of file
+maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
+enable_override = 0
+client_tcp_maxseg_enable = 0
+client_tcp_maxseg = 1460
+client_tcp_nodelay =  1
+client_tcp_ttl = 70
+client_tcp_keepalive_enable = 1
+client_tcp_keepalive_keepcnt = 8
+client_tcp_keepalive_keepidle = 30
+client_tcp_keepalive_keepintvl = 15
+client_tcp_user_timeout = 600
+server_tcp_maxseg_enable = 0
+server_tcp_maxseg = 1460
+server_tcp_nodelay = 1
+server_tcp_ttl = 75
+server_tcp_keepalive_enable = 1
+server_tcp_keepalive_keepcnt = 8
+server_tcp_keepalive_keepidle = 30
+server_tcp_keepalive_keepintvl = 15
+server_tcp_user_timeout = 600
+bypass_duplicated_packet = 0
+tcp_passthrough = 0
\ No newline at end of file
diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h
index 8598499..ed0a208 100644
--- a/entry/include/kni_entry.h
+++ b/entry/include/kni_entry.h
@@ -206,6 +206,7 @@ struct kni_handle{
 	int secpolicyid_evenflow_self_check; 
 	MESA_htable_handle sslinfo2bypass_htable;
 	int pxy_tcp_option_enable;  //for proxy tcp option  enable
+	int pxy_tcp_option_enable_override;
     char maat_table_name[TABLE_MAX][_MAX_MAAT_TABLE_NAME_LEN]; // for proxy tcp option  maat name
     int maat_table_id[TABLE_MAX];
     struct proxy_tcp_option pxy_tcp_option;
diff --git a/entry/src/kni_pxy_tcp_option.cpp b/entry/src/kni_pxy_tcp_option.cpp
index cff3c18..996d0a4 100644
--- a/entry/src/kni_pxy_tcp_option.cpp
+++ b/entry/src/kni_pxy_tcp_option.cpp
@@ -347,38 +347,83 @@ void pxy_tcp_option_default_param_dup(int idx,	MAAT_RULE_EX_DATA *to, MAAT_RULE_
 int pxy_tcp_option_rule_init(const char* conffile, void *logger)
 {
 	int i = 0;
-	int pxy_tcp_option_enable = 0;
+	int pxy_tcp_option_enable = 1;
+	int pxy_tcp_option_enable_override = 0;
 	char section[KNI_SYMBOL_MAX] = "proxy_tcp_option";
 	MESA_load_profile_int_def(conffile, section, "enabled", &pxy_tcp_option_enable, 1);
+	MESA_load_profile_int_def(conffile, section, "enable_override", &pxy_tcp_option_enable_override, 1);
 	MESA_load_profile_string_def(conffile, section, "maat_table_compile", g_kni_handle->maat_table_name[TABLE_COMPILE], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE");	
 	MESA_load_profile_string_def(conffile, section, "maat_table_addr", g_kni_handle->maat_table_name[TABLE_IP_ADDR], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_ADDR");	
 	MESA_load_profile_string_def(conffile, section, "maat_table_fqdn", g_kni_handle->maat_table_name[TABLE_SSL_FQDN], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN");
-    KNI_LOG_ERROR(logger, "MESA_prof_load, [%s]:\n enabled: %d", section, pxy_tcp_option_enable);
+    KNI_LOG_ERROR(logger, "Proxy-tcp-option: MESA_prof_load, [%s]:\n enabled: %d,enable_override:%d", section, pxy_tcp_option_enable,pxy_tcp_option_enable_override);
 	g_kni_handle->pxy_tcp_option_enable = pxy_tcp_option_enable;
+	g_kni_handle->pxy_tcp_option_enable_override = pxy_tcp_option_enable_override;
 	if(pxy_tcp_option_enable == 0)
+	{
+		KNI_LOG_ERROR(logger, "Proxy-tcp-option: Turn off tcp option");
 		return 0;
-
-	for(i=0; i<TABLE_COMPILE; i++)
-	{
-		g_kni_handle->maat_table_id[i]=Maat_table_register(g_tsg_maat_feather,  g_kni_handle->maat_table_name[i]);
-		if(g_kni_handle->maat_table_id[i]<0)
-		{
-			KNI_LOG_ERROR(logger, "Maat_table_register %s failed, Please check etc/kni/kni.conf", g_kni_handle->maat_table_name[i]);
-			return -1;
-		}
-	}	
-
-	g_kni_handle->maat_table_id[TABLE_COMPILE] =  Maat_rule_get_ex_new_index(g_tsg_maat_feather, 
-																		g_kni_handle->maat_table_name[TABLE_COMPILE],
-																		pxy_tcp_option_default_param_new,
-																		pxy_tcp_option_default_param_free_cb,
-																		pxy_tcp_option_default_param_dup,
-																		0, logger);
-	if(g_kni_handle->maat_table_id[TABLE_COMPILE] < 0)
-	{
-		KNI_LOG_ERROR(logger, "Maat_rule_get_ex_new_index %s failed, Please check etc/kni/kni.conf", g_kni_handle->maat_table_id[TABLE_COMPILE]);
-		return -1;		
 	}
+	if(pxy_tcp_option_enable_override == 1)
+	{
+		MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable), 0);
+		MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg), 1460);
+		MESA_load_profile_int_def(conffile, section, "client_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.client_tcp_nodelay), 1);
+		MESA_load_profile_int_def(conffile, section, "client_tcp_ttl", &(g_kni_handle->pxy_tcp_option.client_tcp_ttl),70);
+		MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable), 1);
+		MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt), 8);
+		MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle), 30);
+		MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl), 15);
+		MESA_load_profile_int_def(conffile, section, "client_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.client_tcp_user_timeout), 600);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable), 0);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg), 1460);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.server_tcp_nodelay), 1);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_ttl", &(g_kni_handle->pxy_tcp_option.server_tcp_ttl), 75);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable), 1);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt), 8);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle), 30);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl), 15);
+		MESA_load_profile_int_def(conffile, section, "server_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.server_tcp_user_timeout), 600);
+		MESA_load_profile_int_def(conffile, section, "bypass_duplicated_packet", &(g_kni_handle->pxy_tcp_option.bypass_duplicated_packet), 0);
+		MESA_load_profile_int_def(conffile, section, "tcp_passthrough", &(g_kni_handle->pxy_tcp_option.tcp_passthrough), 0);
+		KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration override by profile: %s ,value:[client_tcp_maxseg_enable:%d,client_tcp_maxseg:%d,client_tcp_nodelay:%d,"
+							   "client_tcp_ttl:%d,client_tcp_keepalive_enable:%d,client_tcp_keepalive_keepcnt:%d,client_tcp_keepalive_keepidle:%d,client_tcp_keepalive_keepintvl:%d,"
+							   "client_tcp_user_timeout:%d,server_tcp_maxseg_enable:%d,server_tcp_maxseg:%d,server_tcp_nodelay:%d,server_tcp_ttl:%d,server_tcp_keepalive_enable:%d,"
+							   "server_tcp_keepalive_keepcnt:%d,server_tcp_keepalive_keepidle:%d,server_tcp_keepalive_keepintvl:%d,server_tcp_user_timeout:%d,bypass_duplicated_packet:%d,"
+							   "tcp_passthrough:%d", 
+							   conffile, g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.client_tcp_maxseg,g_kni_handle->pxy_tcp_option.client_tcp_nodelay,
+							   g_kni_handle->pxy_tcp_option.client_tcp_ttl,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt,
+							   g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.client_tcp_user_timeout,
+							   g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.server_tcp_maxseg,g_kni_handle->pxy_tcp_option.server_tcp_nodelay,
+							   g_kni_handle->pxy_tcp_option.server_tcp_ttl,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt,
+							   g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.server_tcp_user_timeout,
+							   g_kni_handle->pxy_tcp_option.bypass_duplicated_packet,g_kni_handle->pxy_tcp_option.tcp_passthrough);
+	}
+	else
+	{
+		KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration read from maat");
+		for(i=0; i<TABLE_COMPILE; i++)
+		{
+			g_kni_handle->maat_table_id[i]=Maat_table_register(g_tsg_maat_feather,  g_kni_handle->maat_table_name[i]);
+			if(g_kni_handle->maat_table_id[i]<0)
+			{
+				KNI_LOG_ERROR(logger, "Proxy-tcp-option: Maat_table_register %s failed, Please check %s", g_kni_handle->maat_table_name[i], conffile);
+				return -1;
+			}
+		}	
+
+		g_kni_handle->maat_table_id[TABLE_COMPILE] =  Maat_rule_get_ex_new_index(g_tsg_maat_feather, 
+																			g_kni_handle->maat_table_name[TABLE_COMPILE],
+																			pxy_tcp_option_default_param_new,
+																			pxy_tcp_option_default_param_free_cb,
+																			pxy_tcp_option_default_param_dup,
+																			0, logger);
+		if(g_kni_handle->maat_table_id[TABLE_COMPILE] < 0)
+		{
+			KNI_LOG_ERROR(logger, "Proxy-tcp-option: Maat_rule_get_ex_new_index %s failed, Please check %s", g_kni_handle->maat_table_id[TABLE_COMPILE],conffile);
+			return -1;		
+		}		
+	}
+	
     return 0;
 }
 
@@ -525,6 +570,12 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo
 	Maat_rule_t all_result[MAX_RESULT_NUM];
 	struct proxy_tcp_option *pxy_tcpop = &pmeinfo->pxy_tcp_option;
 	char *tmp_buff=NULL;
+	if(g_kni_handle->pxy_tcp_option_enable_override == 1)
+	{
+		memcpy((void *)pxy_tcpop, (const void *)&g_kni_handle->pxy_tcp_option, sizeof(g_kni_handle->pxy_tcp_option));
+		KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Using override configuration, streamid = %s", pmeinfo->stream_traceid);
+		return 0;
+	}
 	scan_ret = pxy_tcp_option_scan_addr(maat_feather,a_stream, all_result + hit_num, MAX_RESULT_NUM - hit_num, &mid, pmeinfo, logger);
 	if(scan_ret > 0)
 	{