From 5a9b1fb7fe01b0f17f7b3867eb1a5052acdb13d8 Mon Sep 17 00:00:00 2001 From: fumingwei Date: Fri, 31 Jul 2020 15:59:57 +0800 Subject: [PATCH] =?UTF-8?q?1=E3=80=81=E4=BF=AE=E6=94=B9sni=20=E8=99=9A?= =?UTF-8?q?=E6=8B=9F=E8=A1=A8=E4=B8=BAfqdn=E8=99=9A=E6=8B=9F=E8=A1=A8=202?= =?UTF-8?q?=E3=80=81=E4=BF=AE=E6=94=B9=E6=97=A5=E5=BF=97=E8=BE=93=E5=87=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/kni/kni.conf | 2 +- entry/include/kni_entry.h | 2 +- entry/src/kni_pxy_tcp_option.cpp | 42 ++++++-------------------------- 3 files changed, 9 insertions(+), 37 deletions(-) diff --git a/conf/kni/kni.conf b/conf/kni/kni.conf index ece8a44..6cbb194 100644 --- a/conf/kni/kni.conf +++ b/conf/kni/kni.conf @@ -98,4 +98,4 @@ mho_eliminate_type = FIFO [proxy_tcp_option] maat_table_compile = PXY_TCP_OPTION_COMPILE maat_table_addr = PXY_TCP_OPTION_ADDR -maat_table_sni = PXY_TCP_OPTION_SSL_SNI \ No newline at end of file +maat_table_fqdn = PXY_TCP_OPTION_SSL_SNI \ No newline at end of file diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h index 2508d77..f60d3b4 100644 --- a/entry/include/kni_entry.h +++ b/entry/include/kni_entry.h @@ -42,7 +42,7 @@ enum kni_action{ enum PXY_TCP_OPTION_MAAT_TABLE{ TABLE_IP_ADDR=0, - TABLE_SSL_SNI, + TABLE_SSL_FQDN, TABLE_COMPILE, TABLE_MAX }; diff --git a/entry/src/kni_pxy_tcp_option.cpp b/entry/src/kni_pxy_tcp_option.cpp index 1621268..78baf11 100644 --- a/entry/src/kni_pxy_tcp_option.cpp +++ b/entry/src/kni_pxy_tcp_option.cpp @@ -276,21 +276,7 @@ void pxy_tcp_option_default_param_new(int idx, const struct Maat_rule_t* rule, c if(ret == 1) { memcpy((void *)&g_kni_handle->pxy_tcp_option, (const void *)&pxy_tcp_option, sizeof(pxy_tcp_option)); - KNI_LOG_INFO(logger, "Proxy tcp option default Policy: " - "{client_side_conn_param:{tcp_maxseg:%d,nodelay=%d,keep_alive:" - "{enable:%d,tcp_keepcnt:%d,tcp_keepidle:%d,tcp_keepintvl:%d}ttl:%d,user_timeout:%d}," - "server_side_conn_param:{tcp_maxseg:%d,nodelay=%d,keep_alive:" - "{enable:%d,tcp_keepcnt:%d,tcp_keepidle:%d,tcp_keepintvl:%d}ttl:%d,user_timeout:%d}," - "bypass_duplicated_packet:%d,tcp_passthrough:%d}", - pxy_tcp_option.client_tcp_maxseg, pxy_tcp_option.client_tcp_nodelay, - pxy_tcp_option.client_tcp_keepalive_enable, pxy_tcp_option.client_tcp_keepalive_keepcnt, - pxy_tcp_option.client_tcp_keepalive_keepidle, pxy_tcp_option.client_tcp_keepalive_keepintvl, - pxy_tcp_option.client_tcp_ttl, pxy_tcp_option.client_tcp_user_timeout, - pxy_tcp_option.server_tcp_maxseg, pxy_tcp_option.server_tcp_nodelay, - pxy_tcp_option.server_tcp_keepalive_enable, pxy_tcp_option.server_tcp_keepalive_keepcnt, - pxy_tcp_option.server_tcp_keepalive_keepidle, pxy_tcp_option.server_tcp_keepalive_keepintvl, - pxy_tcp_option.server_tcp_ttl, pxy_tcp_option.server_tcp_user_timeout, - pxy_tcp_option.bypass_duplicated_packet, pxy_tcp_option.tcp_passthrough); + KNI_LOG_INFO(logger, "Proxy tcp option default Policy: %s", srv_def_large); } else{ KNI_LOG_ERROR(logger, "Fail to get proxy tcp option default policy, Error: json data parse fail"); @@ -321,8 +307,8 @@ int pxy_tcp_option_rule_init(const char* conffile, void *logger) { int i=0; MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_compile", g_kni_handle->table_name[TABLE_COMPILE], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE"); - MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_addr", g_kni_handle->table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE"); - MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_sni", g_kni_handle->table_name[TABLE_SSL_SNI], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE"); + MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_addr", g_kni_handle->table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_ADDR"); + MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_fqdn", g_kni_handle->table_name[TABLE_SSL_FQDN], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN"); for(i=0; itable_id[TABLE_SSL_SNI], + g_kni_handle->table_id[TABLE_SSL_FQDN], CHARSET_UTF8, (const char *)&pmeinfo->domain, pmeinfo->domain_len, @@ -521,6 +507,7 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo KNI_LOG_DEBUG(logger,"Scan hit, json parse error,Proxy tcp option using default param,streamid = %d", pmeinfo->stream_traceid); break; } + KNI_LOG_DEBUG(logger, "Proxy tcp option, streamid: %d,param:%s", pmeinfo->stream_traceid,tmp_buff); is_not_default = 1; free(tmp_buff); tmp_buff = NULL; @@ -529,24 +516,9 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo if(is_not_default != 1) { memcpy((void *)pxy_tcpop, (const void *)&g_kni_handle->pxy_tcp_option, sizeof(g_kni_handle->pxy_tcp_option)); - } - KNI_LOG_DEBUG(logger, "Proxy tcp option, streamid: %d,param: " - "{client_side_conn_param:{tcp_maxseg:%d,nodelay=%d,keep_alive:" - "{enable:%d,tcp_keepcnt:%d,tcp_keepidle:%d,tcp_keepintvl:%d}ttl:%d,user_timeout:%d}," - "server_side_conn_param:{tcp_maxseg:%d,nodelay=%d,keep_alive:" - "{enable:%d,tcp_keepcnt:%d,tcp_keepidle:%d,tcp_keepintvl:%d}ttl:%d,user_timeout:%d}," - "bypass_duplicated_packet:%d,tcp_passthrough:%d}", - pmeinfo->stream_traceid, - pxy_tcpop->client_tcp_maxseg, pxy_tcpop->client_tcp_nodelay, - pxy_tcpop->client_tcp_keepalive_enable, pxy_tcpop->client_tcp_keepalive_keepcnt, - pxy_tcpop->client_tcp_keepalive_keepidle, pxy_tcpop->client_tcp_keepalive_keepintvl, - pxy_tcpop->client_tcp_ttl, pxy_tcpop->client_tcp_user_timeout, - pxy_tcpop->server_tcp_maxseg, pxy_tcpop->server_tcp_nodelay, - pxy_tcpop->server_tcp_keepalive_enable, pxy_tcpop->server_tcp_keepalive_keepcnt, - pxy_tcpop->server_tcp_keepalive_keepidle, pxy_tcpop->server_tcp_keepalive_keepintvl, - pxy_tcpop->server_tcp_ttl, pxy_tcpop->server_tcp_user_timeout, - pxy_tcpop->bypass_duplicated_packet, pxy_tcpop->tcp_passthrough); + KNI_LOG_DEBUG(logger, "Proxy tcp option, streamid: %d, Using default policy", pmeinfo->stream_traceid); + } if(mid!=NULL) { Maat_clean_status(&mid);