gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、修改关闭tcp_option后cmsg没有tcp—_option相关的值,2、使用sapp字段MSO_HAVE_DUP_PKT判断重复流量

Browse Source
This commit is contained in:
fumingwei
2021-05-06 18:42:47 +08:00
parent f0e8af3f50
commit 37191f51c5
4 changed files with 54 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
entry/src/kni_entry.cpp
View File

@@ -1115,6 +1115,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
int intercept_stream_link_mode_len = sizeof(unsigned char);
unsigned short stream_tunnel_type = STREAM_TUNNLE_NON;
int stream_tunnel_type_len = sizeof(unsigned short);
int have_dup_pkt_len = sizeof(pmeinfo->has_dup_traffic);
ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len);
if(ret == 0){
if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){
@@ -1216,12 +1217,22 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
}
}
// get HAVE_DUP_PKT field
ret=MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&(pmeinfo->has_dup_traffic), &have_dup_pkt_len);
if(ret != 0){
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, FS_OP_ADD, 1);
goto error_out;
}
//Bypass Duplicated Packet
if(g_kni_handle->pxy_tcp_option_enable == 1)
{
if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1)
{
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1);
return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
}
@@ -1249,8 +1260,8 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
}
if(pmeinfo->has_dup_traffic == 1){
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
}
pmeinfo->ssl_intercept_state = 0;
@@ -2171,6 +2182,8 @@ static struct kni_field_stat_handle * fs_init(const char *profile){
//intercept error link mode
fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_lkmd_get");
fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_lkmd_not_syn");
//intercept error get HAVE_DUP_PKT error
fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_dup_get");
//intercept error stream tunnel type
fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tuntype_get");
fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_type_tun");