gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

加maat扫描日志

Browse Source
This commit is contained in:
崔一鸣
2019-06-04 15:38:27 +08:00
parent f89c0cf902
commit 55cd850403
5 changed files with 90 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
entry/src/kni_entry.cpp
View File

@@ -66,6 +66,7 @@ struct http_project{
struct pme_info{
int protocol;
int policy_id;
int maat_hit;
int action;
int service;
struct kni_tcpopt_info *client_tcpopt;
@@ -509,14 +510,14 @@ static char pending_opstate(const struct streaminfo *stream, struct pme_info *pm
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
}
static int get_action(struct ipaddr *addr, char *domain, int domain_len, int thread_seq, int *policy_id){
static int get_action(struct ipaddr *addr, char *domain, int domain_len, int thread_seq, int *policy_id, int *maat_hit){
//return KNI_ACTION_INTERCEPT;
int action = kni_maat_scan_ip(g_kni_handle->maat_handle, addr, thread_seq, policy_id);
int ret = kni_maat_scan_ip(g_kni_handle->maat_handle, addr, thread_seq, policy_id, maat_hit);
if(action == KNI_ACTION_BYPASS){
return action;
}
if(domain_len != 0){
action = kni_maat_scan_domain(g_kni_handle->maat_handle, domain, domain_len, thread_seq, policy_id);
action = kni_maat_scan_domain(g_kni_handle->maat_handle, domain, domain_len, thread_seq, policy_id, maat_hit);
}
return action;
}
@@ -592,12 +593,15 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein
memcpy(pmeinfo->host, result->domain, result->domain_len);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1);
}
pmeinfo->action = get_action((struct ipaddr*)(&stream->addr), result->domain, result->domain_len, thread_seq, &(pmeinfo->policy_id));
pmeinfo->action = get_action((struct ipaddr*)(&stream->addr), result->domain, result->domain_len,
thread_seq, &(pmeinfo->policy_id), &(pmeinfo->maat_hit));
//输出maat拦截日志
char domain_str[KNI_DOMAIN_MAX] = "";
memcpy(domain_str, result->domain, result->domain_len);
KNI_LOG_DEBUG(logger, "get_action: %s, %s, policy_id = %d, action = %s",
stream_addr, domain_str, pmeinfo->policy_id, pmeinfo->action == KNI_ACTION_BYPASS ? "bypass" : "intercept");
char action_str[KNI_SYMBOL_MAX];
kni_maat_action_trans(pmeinfo->action, action_str);
KNI_LOG_DEBUG(logger, "get_action: %s, %s, policy_id = %d, action = %d(%s), maat_hit = %d",
stream_addr, domain_str, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->maat_hit);
FREE(&result);
//TODO: 这块比较奇怪, 收到client hello, 但是没有syn/ack包, 直接bypass了
if(pmeinfo->client_tcpopt == NULL || pmeinfo->server_tcpopt == NULL){