kni适配firewall
This commit is contained in:
崔一鸣
@@ -22,7 +22,6 @@
|
||||
#define KNI_STRING_MAX 2048
|
||||
#define KNI_PATH_MAX 256
|
||||
#define KNI_SYMBOL_MAX 64
|
||||
#define KNI_DOMAIN_MAX 256
|
||||
#define KNI_ADDR_MAX 128
|
||||
|
||||
#ifndef MAX
|
||||
@@ -71,26 +70,20 @@ struct kni_tcpopt_info{
|
||||
#define KNI_FS_COLUMN_MAX 256
|
||||
#define KNI_FS_LINE_MAX 256
|
||||
enum kni_field{
|
||||
KNI_FIELD_BYP_STM,
|
||||
KNI_FIELD_BYP_STM_POLICY,
|
||||
KNI_FIELD_BYP_STM_ERR,
|
||||
//stream error
|
||||
KNI_FIELD_STMERR_ASYM_ROUTING,
|
||||
KNI_FIELD_STMERR_NO_SYN,
|
||||
KNI_FIELD_STMERR_NO_SYN_ACK,
|
||||
KNI_FIELD_STMERR_NO_DATA,
|
||||
KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL,
|
||||
KNI_FIELD_STMERR_INVALID_IP_HDR,
|
||||
KNI_FIELD_STMERR_EXCEED_MTU,
|
||||
//stream error: internal error
|
||||
KNI_FIELD_STMERR_INVALID_ACTION,
|
||||
KNI_FIELD_STMERR_SENDTO_TFE_FAIL,
|
||||
KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL,
|
||||
KNI_FIELD_STMERR_NO_TFE,
|
||||
KNI_FIELD_STMERR_PME_INIT_FAIL,
|
||||
KNI_FIELD_STMERR_DUP_TRAFFIC,
|
||||
KNI_FIELD_STMERR_CMSG_ADD_FAIL,
|
||||
//intercept stream
|
||||
KNI_FIELD_BYP_INTCPERR,
|
||||
//intercept error
|
||||
KNI_FIELD_INTCPERR_ASYM_ROUTING,
|
||||
KNI_FIELD_INTCPERR_NO_SYN,
|
||||
KNI_FIELD_INTCPERR_NO_SYN_ACK,
|
||||
KNI_FIELD_INTCPERR_INVALID_IP_HDR,
|
||||
KNI_FIELD_INTCPERR_EXCEED_MTU,
|
||||
//intercept error: internal error
|
||||
KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL,
|
||||
KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL,
|
||||
KNI_FIELD_INTCPERR_NO_TFE,
|
||||
KNI_FIELD_INTCPERR_DUP_TRAFFIC,
|
||||
KNI_FIELD_INTCPERR_CMSG_ADD_FAIL,
|
||||
//success intercept stream
|
||||
KNI_FIELD_INTCP_STM,
|
||||
KNI_FIELD_INTCP_BYTE,
|
||||
KNI_FIELD_SSL_STM,
|
||||
@@ -154,6 +147,7 @@ struct pkt_info{
|
||||
uint16_t tcphdr_len;
|
||||
char *data;
|
||||
uint16_t data_len;
|
||||
int parse_failed;
|
||||
};
|
||||
|
||||
enum kni_ipv4hdr_parse_error{
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
#pragma once
|
||||
struct cipher_suite
|
||||
{
|
||||
int value;
|
||||
const char* name;
|
||||
};
|
||||
|
||||
enum chello_parse_result
|
||||
{
|
||||
CHELLO_PARSE_SUCCESS = 0,
|
||||
CHELLO_PARSE_INVALID_FORMAT = -1,
|
||||
CHELLO_PARSE_NOT_ENOUGH_BUFF = -2
|
||||
};
|
||||
|
||||
struct ssl_version
|
||||
{
|
||||
uint8_t minor;
|
||||
uint8_t major;
|
||||
uint16_t ossl_format;
|
||||
};
|
||||
|
||||
struct ssl_chello
|
||||
{
|
||||
struct ssl_version min_version;
|
||||
struct ssl_version max_version;
|
||||
|
||||
char* sni;
|
||||
char* alpn;
|
||||
char* cipher_suites;
|
||||
char* cipher_suites_tls13;
|
||||
};
|
||||
struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result);
|
||||
|
||||
void ssl_chello_free(struct ssl_chello* chello);
|
||||
Reference in New Issue
Block a user