TSG-2611:1、增加 tcp option override maat 扫描配置开关
This commit is contained in:
fumingwei
@@ -347,38 +347,83 @@ void pxy_tcp_option_default_param_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_
|
||||
int pxy_tcp_option_rule_init(const char* conffile, void *logger)
|
||||
{
|
||||
int i = 0;
|
||||
int pxy_tcp_option_enable = 0;
|
||||
int pxy_tcp_option_enable = 1;
|
||||
int pxy_tcp_option_enable_override = 0;
|
||||
char section[KNI_SYMBOL_MAX] = "proxy_tcp_option";
|
||||
MESA_load_profile_int_def(conffile, section, "enabled", &pxy_tcp_option_enable, 1);
|
||||
MESA_load_profile_int_def(conffile, section, "enable_override", &pxy_tcp_option_enable_override, 1);
|
||||
MESA_load_profile_string_def(conffile, section, "maat_table_compile", g_kni_handle->maat_table_name[TABLE_COMPILE], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE");
|
||||
MESA_load_profile_string_def(conffile, section, "maat_table_addr", g_kni_handle->maat_table_name[TABLE_IP_ADDR], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_ADDR");
|
||||
MESA_load_profile_string_def(conffile, section, "maat_table_fqdn", g_kni_handle->maat_table_name[TABLE_SSL_FQDN], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN");
|
||||
KNI_LOG_ERROR(logger, "MESA_prof_load, [%s]:\n enabled: %d", section, pxy_tcp_option_enable);
|
||||
KNI_LOG_ERROR(logger, "Proxy-tcp-option: MESA_prof_load, [%s]:\n enabled: %d,enable_override:%d", section, pxy_tcp_option_enable,pxy_tcp_option_enable_override);
|
||||
g_kni_handle->pxy_tcp_option_enable = pxy_tcp_option_enable;
|
||||
g_kni_handle->pxy_tcp_option_enable_override = pxy_tcp_option_enable_override;
|
||||
if(pxy_tcp_option_enable == 0)
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "Proxy-tcp-option: Turn off tcp option");
|
||||
return 0;
|
||||
|
||||
for(i=0; i<TABLE_COMPILE; i++)
|
||||
{
|
||||
g_kni_handle->maat_table_id[i]=Maat_table_register(g_tsg_maat_feather, g_kni_handle->maat_table_name[i]);
|
||||
if(g_kni_handle->maat_table_id[i]<0)
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "Maat_table_register %s failed, Please check etc/kni/kni.conf", g_kni_handle->maat_table_name[i]);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
g_kni_handle->maat_table_id[TABLE_COMPILE] = Maat_rule_get_ex_new_index(g_tsg_maat_feather,
|
||||
g_kni_handle->maat_table_name[TABLE_COMPILE],
|
||||
pxy_tcp_option_default_param_new,
|
||||
pxy_tcp_option_default_param_free_cb,
|
||||
pxy_tcp_option_default_param_dup,
|
||||
0, logger);
|
||||
if(g_kni_handle->maat_table_id[TABLE_COMPILE] < 0)
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "Maat_rule_get_ex_new_index %s failed, Please check etc/kni/kni.conf", g_kni_handle->maat_table_id[TABLE_COMPILE]);
|
||||
return -1;
|
||||
}
|
||||
if(pxy_tcp_option_enable_override == 1)
|
||||
{
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable), 0);
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg), 1460);
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.client_tcp_nodelay), 1);
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_ttl", &(g_kni_handle->pxy_tcp_option.client_tcp_ttl),70);
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable), 1);
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt), 8);
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle), 30);
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl), 15);
|
||||
MESA_load_profile_int_def(conffile, section, "client_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.client_tcp_user_timeout), 600);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable), 0);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg), 1460);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.server_tcp_nodelay), 1);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_ttl", &(g_kni_handle->pxy_tcp_option.server_tcp_ttl), 75);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable), 1);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt), 8);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle), 30);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl), 15);
|
||||
MESA_load_profile_int_def(conffile, section, "server_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.server_tcp_user_timeout), 600);
|
||||
MESA_load_profile_int_def(conffile, section, "bypass_duplicated_packet", &(g_kni_handle->pxy_tcp_option.bypass_duplicated_packet), 0);
|
||||
MESA_load_profile_int_def(conffile, section, "tcp_passthrough", &(g_kni_handle->pxy_tcp_option.tcp_passthrough), 0);
|
||||
KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration override by profile: %s ,value:[client_tcp_maxseg_enable:%d,client_tcp_maxseg:%d,client_tcp_nodelay:%d,"
|
||||
"client_tcp_ttl:%d,client_tcp_keepalive_enable:%d,client_tcp_keepalive_keepcnt:%d,client_tcp_keepalive_keepidle:%d,client_tcp_keepalive_keepintvl:%d,"
|
||||
"client_tcp_user_timeout:%d,server_tcp_maxseg_enable:%d,server_tcp_maxseg:%d,server_tcp_nodelay:%d,server_tcp_ttl:%d,server_tcp_keepalive_enable:%d,"
|
||||
"server_tcp_keepalive_keepcnt:%d,server_tcp_keepalive_keepidle:%d,server_tcp_keepalive_keepintvl:%d,server_tcp_user_timeout:%d,bypass_duplicated_packet:%d,"
|
||||
"tcp_passthrough:%d",
|
||||
conffile, g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.client_tcp_maxseg,g_kni_handle->pxy_tcp_option.client_tcp_nodelay,
|
||||
g_kni_handle->pxy_tcp_option.client_tcp_ttl,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt,
|
||||
g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.client_tcp_user_timeout,
|
||||
g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.server_tcp_maxseg,g_kni_handle->pxy_tcp_option.server_tcp_nodelay,
|
||||
g_kni_handle->pxy_tcp_option.server_tcp_ttl,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt,
|
||||
g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.server_tcp_user_timeout,
|
||||
g_kni_handle->pxy_tcp_option.bypass_duplicated_packet,g_kni_handle->pxy_tcp_option.tcp_passthrough);
|
||||
}
|
||||
else
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration read from maat");
|
||||
for(i=0; i<TABLE_COMPILE; i++)
|
||||
{
|
||||
g_kni_handle->maat_table_id[i]=Maat_table_register(g_tsg_maat_feather, g_kni_handle->maat_table_name[i]);
|
||||
if(g_kni_handle->maat_table_id[i]<0)
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "Proxy-tcp-option: Maat_table_register %s failed, Please check %s", g_kni_handle->maat_table_name[i], conffile);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
g_kni_handle->maat_table_id[TABLE_COMPILE] = Maat_rule_get_ex_new_index(g_tsg_maat_feather,
|
||||
g_kni_handle->maat_table_name[TABLE_COMPILE],
|
||||
pxy_tcp_option_default_param_new,
|
||||
pxy_tcp_option_default_param_free_cb,
|
||||
pxy_tcp_option_default_param_dup,
|
||||
0, logger);
|
||||
if(g_kni_handle->maat_table_id[TABLE_COMPILE] < 0)
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "Proxy-tcp-option: Maat_rule_get_ex_new_index %s failed, Please check %s", g_kni_handle->maat_table_id[TABLE_COMPILE],conffile);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -525,6 +570,12 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo
|
||||
Maat_rule_t all_result[MAX_RESULT_NUM];
|
||||
struct proxy_tcp_option *pxy_tcpop = &pmeinfo->pxy_tcp_option;
|
||||
char *tmp_buff=NULL;
|
||||
if(g_kni_handle->pxy_tcp_option_enable_override == 1)
|
||||
{
|
||||
memcpy((void *)pxy_tcpop, (const void *)&g_kni_handle->pxy_tcp_option, sizeof(g_kni_handle->pxy_tcp_option));
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Using override configuration, streamid = %s", pmeinfo->stream_traceid);
|
||||
return 0;
|
||||
}
|
||||
scan_ret = pxy_tcp_option_scan_addr(maat_feather,a_stream, all_result + hit_num, MAX_RESULT_NUM - hit_num, &mid, pmeinfo, logger);
|
||||
if(scan_ret > 0)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user