调整重复流量识别逻辑
This commit is contained in:
崔一鸣
@@ -1082,6 +1082,7 @@ void next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
|
||||
struct iphdr *ipv4_hdr = NULL;
|
||||
struct ip6_hdr* ipv6_hdr = NULL;
|
||||
if(pktinfo->parse_failed == 1){
|
||||
KNI_LOG_ERROR(logger, "next_data_intercept: invalid ip header, drop pkt and not send to tfe");
|
||||
return;
|
||||
}
|
||||
//search dabloom
|
||||
@@ -1157,7 +1158,64 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
||||
}
|
||||
}
|
||||
|
||||
void dup_traffic_detect(struct pme_info *pmeinfo, struct pkt_info *pktinfo){
|
||||
if(g_kni_handle->dup_traffic_switch == 0){
|
||||
return;
|
||||
}
|
||||
//syn
|
||||
if(pktinfo->tcphdr->syn && !pktinfo->tcphdr->ack){
|
||||
if(pmeinfo->syn_packet == NULL){
|
||||
struct dup_traffic_dabloom_key *syn_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
|
||||
dup_traffic_dabloom_key_get(pktinfo, syn_packet);
|
||||
pmeinfo->syn_packet = syn_packet;
|
||||
}
|
||||
else{
|
||||
struct dup_traffic_dabloom_key *syn_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
|
||||
dup_traffic_dabloom_key_get(pktinfo, syn_packet);
|
||||
if(memcmp(pmeinfo->syn_packet, syn_packet, sizeof(*syn_packet)) == 0){
|
||||
pmeinfo->has_dup_syn = 1;
|
||||
}
|
||||
FREE(&(pmeinfo->syn_packet));
|
||||
pmeinfo->syn_packet = syn_packet;
|
||||
}
|
||||
}
|
||||
//syn/ack
|
||||
if(pktinfo->tcphdr->syn && pktinfo->tcphdr->ack){
|
||||
if(pmeinfo->syn_ack_packet == NULL){
|
||||
struct dup_traffic_dabloom_key *syn_ack_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
|
||||
dup_traffic_dabloom_key_get(pktinfo, syn_ack_packet);
|
||||
pmeinfo->syn_ack_packet = syn_ack_packet;
|
||||
}
|
||||
else{
|
||||
struct dup_traffic_dabloom_key *syn_ack_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
|
||||
dup_traffic_dabloom_key_get(pktinfo, syn_ack_packet);
|
||||
if(memcmp(pmeinfo->syn_ack_packet, syn_ack_packet, sizeof(*syn_ack_packet)) == 0){
|
||||
pmeinfo->has_dup_syn_ack = 1;
|
||||
}
|
||||
FREE(&(pmeinfo->syn_ack_packet));
|
||||
pmeinfo->syn_ack_packet = syn_ack_packet;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void tcp_handshake_pkt_process(struct pme_info *pmeinfo, struct pkt_info *pktinfo){
|
||||
//syn
|
||||
if(pktinfo->tcphdr->syn && !pktinfo->tcphdr->ack){
|
||||
pmeinfo->client_window = ntohs(pktinfo->tcphdr->window);
|
||||
pmeinfo->has_syn = 1;
|
||||
kni_get_tcpopt(&(pmeinfo->client_tcpopt), pktinfo->tcphdr, pktinfo->tcphdr_len);
|
||||
}
|
||||
//syn/ack
|
||||
if(pktinfo->tcphdr->syn && pktinfo->tcphdr->ack){
|
||||
pmeinfo->server_window = ntohs(pktinfo->tcphdr->window);
|
||||
pmeinfo->has_syn_ack = 1;
|
||||
kni_get_tcpopt(&(pmeinfo->server_tcpopt), pktinfo->tcphdr, pktinfo->tcphdr_len);
|
||||
}
|
||||
dup_traffic_detect(pmeinfo, pktinfo);
|
||||
}
|
||||
|
||||
static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, const void *a_packet, int thread_seq){
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
//parse ipv4/6 header
|
||||
struct pkt_info pktinfo;
|
||||
memset(&pktinfo, 0, sizeof(pktinfo));
|
||||
@@ -1171,31 +1229,12 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
if(stream->ptcpdetail->datalen > 0){
|
||||
return first_data_process(stream, pmeinfo, &pktinfo, thread_seq);
|
||||
}
|
||||
//before first data, may be syn/ack, ack
|
||||
if(pktinfo.parse_failed == 0){
|
||||
if(pktinfo.tcphdr->syn && pktinfo.tcphdr->ack){
|
||||
pmeinfo->server_window = ntohs(pktinfo.tcphdr->window);
|
||||
pmeinfo->has_syn_ack = 1;
|
||||
kni_get_tcpopt(&(pmeinfo->server_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len);
|
||||
//dup traffic detect
|
||||
if(g_kni_handle->dup_traffic_switch == 1){
|
||||
if(pmeinfo->syn_ack_packet == NULL){
|
||||
struct dup_traffic_dabloom_key *syn_ack_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
|
||||
dup_traffic_dabloom_key_get(&pktinfo, syn_ack_packet);
|
||||
pmeinfo->syn_ack_packet = syn_ack_packet;
|
||||
}
|
||||
else{
|
||||
struct dup_traffic_dabloom_key *syn_ack_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
|
||||
dup_traffic_dabloom_key_get(&pktinfo, syn_ack_packet);
|
||||
if(memcmp(pmeinfo->syn_ack_packet, syn_ack_packet, sizeof(*syn_ack_packet)) == 0){
|
||||
pmeinfo->has_dup_syn_ack = 1;
|
||||
}
|
||||
FREE(&(pmeinfo->syn_ack_packet));
|
||||
pmeinfo->syn_ack_packet = syn_ack_packet;
|
||||
}
|
||||
}
|
||||
}
|
||||
//before first data, may be dup_syn, syn/ack, dup_syn/ack
|
||||
if(pktinfo.parse_failed != 0){
|
||||
KNI_LOG_ERROR(logger, "before first data: invalid ip header, bypass pkt");
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
}
|
||||
tcp_handshake_pkt_process(pmeinfo, &pktinfo);
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
@@ -1217,34 +1256,15 @@ static char close_opstate(const struct streaminfo *stream, struct pme_info *pmei
|
||||
}
|
||||
|
||||
static void pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, const void *a_packet, int thread_seq){
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
pme_info_init(pmeinfo, stream, thread_seq);
|
||||
struct pkt_info pktinfo;
|
||||
wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo);
|
||||
if(pktinfo.parse_failed == 1){
|
||||
KNI_LOG_ERROR(logger, "pending opstate: invalid ip header, bypass pkt");
|
||||
return;
|
||||
}
|
||||
if(pktinfo.tcphdr->syn){
|
||||
pmeinfo->client_window = ntohs(pktinfo.tcphdr->window);
|
||||
pmeinfo->has_syn = 1;
|
||||
kni_get_tcpopt(&(pmeinfo->client_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len);
|
||||
//dup traffic detect
|
||||
if(g_kni_handle->dup_traffic_switch == 1){
|
||||
if(pmeinfo->syn_packet == NULL){
|
||||
struct dup_traffic_dabloom_key *syn_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
|
||||
dup_traffic_dabloom_key_get(&pktinfo, syn_packet);
|
||||
pmeinfo->syn_packet = syn_packet;
|
||||
}
|
||||
else{
|
||||
struct dup_traffic_dabloom_key *syn_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
|
||||
dup_traffic_dabloom_key_get(&pktinfo, syn_packet);
|
||||
if(memcmp(pmeinfo->syn_packet, syn_packet, sizeof(*syn_packet)) == 0){
|
||||
pmeinfo->has_dup_syn = 1;
|
||||
}
|
||||
FREE(&(pmeinfo->syn_packet));
|
||||
pmeinfo->syn_packet = syn_packet;
|
||||
}
|
||||
}
|
||||
}
|
||||
tcp_handshake_pkt_process(pmeinfo, &pktinfo);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1261,6 +1281,11 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1);
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
}
|
||||
enum addr_type_t addr_type = (enum addr_type_t)stream->addr.addrtype;
|
||||
if(addr_type != ADDR_TYPE_IPV6 && addr_type != ADDR_TYPE_IPV4){
|
||||
KNI_LOG_ERROR(logger, "addr_type(%d) is not ipv4 or ipv6, bypass stream");
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
switch(stream->pktstate){
|
||||
case OP_STATE_PENDING:
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_PENDING], 0, FS_OP_ADD, 1);
|
||||
|
||||
Reference in New Issue
Block a user