gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改kill_other返回值, 解决发送日志时streaminfo为空的问题

Browse Source
This commit is contained in:
崔一鸣
2019-11-27 15:46:50 +08:00
parent e9c696199c
commit 1d1ed798d1
1 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
entry/src/kni_entry.cpp
View File

@@ -103,6 +103,7 @@ struct pme_info{
int tfe_release; int tfe_release;
int sapp_release; int sapp_release;
//kafka log //kafka log
struct TLD_handle_t *tld_handle;
const struct streaminfo *stream; const struct streaminfo *stream;
int maat_result_num; int maat_result_num;
Maat_rule_t maat_result; Maat_rule_t maat_result;
@@ -296,7 +297,7 @@ ssl: ssl_sni, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_c
*/ */
static int log_generate(struct pme_info *pmeinfo){ static int log_generate(struct pme_info *pmeinfo){
void *local_logger = g_kni_handle->local_logger; void *local_logger = g_kni_handle->local_logger;
TLD_handle_t tld_handle = TLD_create(-1); struct TLD_handle_t *tld_handle = pmeinfo->tld_handle;
//common //common
//schema_type //schema_type
TLD_append(tld_handle, (char*)"common_schema_type", (void*)(pmeinfo->protocol == PROTO_SSL ? "SSL" : "HTTP"), TLD_TYPE_STRING); TLD_append(tld_handle, (char*)"common_schema_type", (void*)(pmeinfo->protocol == PROTO_SSL ? "SSL" : "HTTP"), TLD_TYPE_STRING);
@@ -336,7 +337,7 @@ static int log_generate(struct pme_info *pmeinfo){
memset(&log_msg, 0, sizeof(log_msg)); memset(&log_msg, 0, sizeof(log_msg));
log_msg.result_num = pmeinfo->maat_result_num; log_msg.result_num = pmeinfo->maat_result_num;
log_msg.result = &(pmeinfo->maat_result); log_msg.result = &(pmeinfo->maat_result);
log_msg.a_stream = (struct streaminfo*)pmeinfo->stream; log_msg.a_stream = NULL;
int ret = tsg_send_log(g_tsg_log_instance, tld_handle, &log_msg, -1); int ret = tsg_send_log(g_tsg_log_instance, tld_handle, &log_msg, -1);
if(ret < 0){ if(ret < 0){
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_FAIL], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_FAIL], 0, FS_OP_ADD, 1);
@@ -354,6 +355,7 @@ error_out:
static void stream_destroy(struct pme_info *pmeinfo){ static void stream_destroy(struct pme_info *pmeinfo){
//sendlog //sendlog
void *logger = g_kni_handle->local_logger; void *logger = g_kni_handle->local_logger;
if(pmeinfo->action == KNI_ACTION_INTERCEPT){
int ret = log_generate(pmeinfo); int ret = log_generate(pmeinfo);
if(ret < 0){ if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
@@ -361,6 +363,7 @@ static void stream_destroy(struct pme_info *pmeinfo){
else{ else{
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
} }
}
//free pme //free pme
pme_info_destroy(pmeinfo); pme_info_destroy(pmeinfo);
} }
@@ -1002,13 +1005,13 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid); KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
} }
FREE(&buff); FREE(&buff);
return APP_STATE_KILL_OTHER | APP_STATE_GIVEME; return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
error_out: error_out:
if(buff != NULL){ if(buff != NULL){
FREE(&buff); FREE(&buff);
} }
return APP_STATE_KILL_OTHER | APP_STATE_DROPME; return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_DROPME;
} }
static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){ static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){
@@ -1146,6 +1149,8 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
switch(pmeinfo->action){ switch(pmeinfo->action){
case KNI_ACTION_INTERCEPT: case KNI_ACTION_INTERCEPT:
pmeinfo->ssl_intercept_state = 1; pmeinfo->ssl_intercept_state = 1;
//only action = intercept, need sendlog
pmeinfo->tld_handle = TLD_create(-1);
return first_data_intercept(stream, pmeinfo, pktinfo, thread_seq); return first_data_intercept(stream, pmeinfo, pktinfo, thread_seq);
default: default:
//action != interceptbypass and dropme //action != interceptbypass and dropme
@@ -1161,7 +1166,7 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
//pmeinfo->action has only 2 value: KNI_ACTION_NONE, KNI_ACTION_INTERCEPT //pmeinfo->action has only 2 value: KNI_ACTION_NONE, KNI_ACTION_INTERCEPT
if(pmeinfo->action == KNI_ACTION_INTERCEPT){ if(pmeinfo->action == KNI_ACTION_INTERCEPT){
next_data_intercept(pmeinfo, a_packet, &pktinfo, thread_seq); next_data_intercept(pmeinfo, a_packet, &pktinfo, thread_seq);
return APP_STATE_KILL_OTHER | APP_STATE_GIVEME; return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
} }
//first data //first data
if(stream->ptcpdetail->datalen > 0){ if(stream->ptcpdetail->datalen > 0){
@@ -1200,11 +1205,12 @@ static char close_opstate(const struct streaminfo *stream, struct pme_info *pmei
//close: a_packet = null, do not sendto tfe //close: a_packet = null, do not sendto tfe
switch(pmeinfo->action){ switch(pmeinfo->action){
case KNI_ACTION_INTERCEPT: case KNI_ACTION_INTERCEPT:
TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle, (struct streaminfo*)pmeinfo->stream);
//reset clock: when sapp end, start clock //reset clock: when sapp end, start clock
MESA_htable_search(g_kni_handle->traceid2pme_htable, (const unsigned char*)pmeinfo->stream_traceid, MESA_htable_search(g_kni_handle->traceid2pme_htable, (const unsigned char*)pmeinfo->stream_traceid,
strnlen(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid))); strnlen(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid)));
tuple2stream_htable_del(stream, thread_seq); tuple2stream_htable_del(stream, thread_seq);
return APP_STATE_KILL_OTHER | APP_STATE_DROPME; return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_DROPME;
//stream has no data. //stream has no data.
default: default:
return APP_STATE_FAWPKT | APP_STATE_DROPME; return APP_STATE_FAWPKT | APP_STATE_DROPME;
@@ -1299,6 +1305,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_INTCPERR], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_INTCPERR], 0, FS_OP_ADD, 1);
if(pmeinfo != NULL){ if(pmeinfo != NULL){
//pmeinfo->policy_id = -1; //pmeinfo->policy_id = -1;
TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle, (struct streaminfo*)pmeinfo->stream);
stream_destroy(pmeinfo); stream_destroy(pmeinfo);
} }
} }