TCP协议SNAT和DNAT测试完成。通过在网关192.168.10.5捕包确认；DNAT在虚拟服务器上捕包确认；

2018-12-17 10:26:39 +08:00
parent dba56c9e4b
commit 2a477df49f
3 changed files with 193 additions and 24 deletions
--- a/kni_entry.c
+++ b/kni_entry.c
@@ -1076,6 +1076,117 @@ extern "C" char kni_http_entry(stSessionInfo* session_info,  void **pme, int thr



+
+extern "C" char kni_ipv4_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct ip* ipv4_hdr)
+{
+	if(ipv4_hdr->ip_p !=IPPROTO_ICMP )
+	{
+		return APP_STATE_DROPME;
+	}
+
+
+	char ret = APP_STATE_GIVEME;
+	scan_status_t mid = NULL;
+	struct kni_pme_info pmeinfo;
+
+	
+	struct ipaddr addr;
+	struct tuple4 ipv4_addr;
+
+	addr.addrtype = ADDR_TYPE_IPV4;
+	addr.paddr = (void*)(&ipv4_addr);
+
+	memset(&ipv4_addr,0,sizeof(ipv4_addr));
+	ipv4_addr.daddr = *((unsigned int*)&(ipv4_hdr->ip_dst));
+	ipv4_addr.saddr = *((unsigned int*)&(ipv4_hdr->ip_src));
+
+
+	memset(&pmeinfo,0,sizeof(pmeinfo));
+	pmeinfo.mid = mid;
+	
+	kni_scan_ip(&addr,thread_seq,ipv4_hdr->ip_p,&pmeinfo);
+	Maat_clean_status(&(pmeinfo.mid));
+	
+//add kni_action_redirect  20181216 start
+	if(pmeinfo.action == KNI_ACTION_REDIRECT)
+	{
+		ret = process_redirect_pending(pstream,&pmeinfo,thread_seq,ipv4_hdr,0,routedir);
+		return ret;
+	}
+	else if(redirect_search_htable(pstream->addr.addrtype,&pmeinfo,thread_seq,ipv4_hdr,0) == 1)
+	{
+		ret = process_redirect_data(pstream,&pmeinfo,thread_seq,ipv4_hdr,0,routedir);
+		return ret; 
+			
+	}
+//end
+	
+
+
+	return ret;
+	
+}
+
+extern "C" char kni_ipv6_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct kni_ipv6_hdr* ipv6_hdr)
+{
+	if((ipv6_hdr->ip6_flags[0] & 0xF0) != 0x60) 
+	{
+		return -1;
+	}
+
+	char ret = APP_STATE_GIVEME;
+	scan_status_t mid = NULL;
+	struct kni_pme_info pmeinfo;
+
+	struct ipaddr addr;
+	struct tuple6 ipv6_addr;
+	unsigned char next_hdr_type = ipv6_hdr->ip6_nex_hdr;
+
+	if(next_hdr_type != IPPROTO_ICMP)
+	{
+		return ret;
+	}
+
+	addr.addrtype = ADDR_TYPE_IPV6;
+	addr.paddr = (void*)(&ipv6_addr);
+
+	memset(&ipv6_addr,0,sizeof(ipv6_addr));
+	memcpy(ipv6_addr.saddr,&(ipv6_hdr->ip6_src),sizeof(ipv6_addr.saddr));
+	memcpy(ipv6_addr.daddr,&(ipv6_hdr->ip6_dst),sizeof(ipv6_addr.saddr));
+	
+
+	memset(&pmeinfo,0,sizeof(pmeinfo));
+	pmeinfo.mid = mid;
+	
+	kni_scan_ip(&addr,thread_seq,next_hdr_type,&pmeinfo);
+
+	Maat_clean_status(&(pmeinfo.mid));
+
+	
+//add kni_action_redirect  20181216 start
+	if(pmeinfo.action == KNI_ACTION_REDIRECT)
+	{
+		ret = process_redirect_pending(pstream,&pmeinfo,thread_seq,ipv6_hdr,0,routedir);
+		return ret;
+	}
+	else if(redirect_search_htable(pstream->addr.addrtype,&pmeinfo,thread_seq,ipv6_hdr,0) == 1)
+	{
+		ret = process_redirect_data(pstream,&pmeinfo,thread_seq,ipv6_hdr,0,routedir);
+		return ret; 
+			
+	}
+//end
+	
+
+	return ret;
+	
+
+}
+
+
+
+
+/*
 extern "C" char kni_ipv4_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct ip* ipv4_hdr)
 {
 	if((ipv4_hdr->ip_p == IPPROTO_TCP) || (ipv4_hdr->ip_p == IPPROTO_UDP) || ((g_kni_switch_info.replace_switch == 0) && (g_kni_switch_info.ratelimit_switch == 0)))
@@ -1089,10 +1200,10 @@ extern "C" char kni_ipv4_entry(const struct streaminfo *pstream,unsigned char ro
 	char ret = APP_STATE_GIVEME;
 	scan_status_t mid = NULL;
 	struct kni_pme_info pmeinfo;
-/*
-	int payload_len = ntohs(ipv4_hdr->ip_len) - 4*(ipv4_hdr->ip_hl);
-	char* payload = (char*)ipv4_hdr + 4*(ipv4_hdr->ip_hl);
-*/
+
+//	int payload_len = ntohs(ipv4_hdr->ip_len) - 4*(ipv4_hdr->ip_hl);
+//	char* payload = (char*)ipv4_hdr + 4*(ipv4_hdr->ip_hl);
+
 	
 	struct ipaddr addr;
 	struct tuple4 ipv4_addr;
@@ -1169,6 +1280,7 @@ extern "C" char kni_ipv6_entry(const struct streaminfo *pstream,unsigned char ro
 	

 }
+*/