gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加kni 支持fqdn共享

Browse Source
This commit is contained in:
fumingwei
2020-09-29 17:47:13 +08:00
parent 056d472b2d
commit 346cd4efed
3 changed files with 48 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
entry/src/kni_entry.cpp
View File

@@ -380,6 +380,23 @@ static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pm
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
else
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)session_attribute_label->ja3_fingerprint, strlen(session_attribute_label->ja3_fingerprint), pmeinfo);
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_NUM, (const unsigned char*)&(session_attribute_label->fqdn_category_id_num), sizeof(unsigned int), pmeinfo);
if(session_attribute_label->fqdn_category_id_num <= 0 || session_attribute_label->fqdn_category_id_num > 8)
{
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_VAL, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
}
else
{
char fqdn_val[sizeof(session_attribute_label->fqdn_category_id)] = {0};
for(int i = 0 ; i < session_attribute_label->fqdn_category_id_num; i ++)
{
memcpy((void *)(fqdn_val + i * (sizeof(unsigned int))), (void *)&(session_attribute_label->fqdn_category_id[i]), sizeof(unsigned int));
}
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_VAL, (const unsigned char*)fqdn_val,session_attribute_label->fqdn_category_id_num *sizeof(unsigned int) , pmeinfo);
}
}while(0);
return ret;
}
@@ -994,6 +1011,20 @@ static struct _session_attribute_label_t * kni_pull_session_attribute_results(st
KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is NULL,stream traceid = %s",pmeinfo->stream_traceid);
else
KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is %s,stream traceid = %s",session_attribute_label->ja3_fingerprint,pmeinfo->stream_traceid);
if(session_attribute_label->fqdn_category_id_num < 0 || session_attribute_label->fqdn_category_id_num > 8)
{
KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id_num out of range( 0 <= value <= 8), value = %d,stream traceid = %s",session_attribute_label->fqdn_category_id_num,pmeinfo->stream_traceid);
}
else
{
for(int i= 0; i < session_attribute_label->fqdn_category_id_num; i ++)
{
KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id[%d] = %u,stream traceid = %s",i,session_attribute_label->fqdn_category_id[i]);
}
}
}
else
{
@@ -1127,7 +1158,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1)
{
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid);
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
}
@@ -1168,7 +1199,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
}
}
}
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
}
@@ -1232,13 +1263,13 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
}
FREE(&buff);
return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
error_out:
if(buff != NULL){
FREE(&buff);
}
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_DROPME;
return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_DROPME;
}
static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){
@@ -1296,7 +1327,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
struct ip6_hdr* ipv6_hdr = NULL;
if(pktinfo->parse_failed == 1){
KNI_LOG_ERROR(logger, "next_data_intercept: invalid ip header, drop pkt and not send to tfe");
return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
//search dabloom
if(g_kni_handle->dup_traffic_switch == 1){
@@ -1305,12 +1336,12 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
if(g_kni_handle->pxy_tcp_option_enable == 1)
{
if(pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1){ //Bypass Duplicated Packet
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
}
ret = dabloom_search(pktinfo, thread_seq);
if(ret == 1){
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
}
}
@@ -1325,12 +1356,12 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
KNI_LOG_DEBUG(logger, "Next data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
pmeinfo->stream_traceid, pmeinfo->stream_addr);
return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
if(pmeinfo->is_dynamic_bypass){
next_data_ssl_dynamic_bypass(pktinfo);
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
}
@@ -1343,7 +1374,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
else{
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
}
return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){