gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix:TSG-15593:修复kni命中no intercept策略不发送日志的bug

Browse Source
This commit is contained in:
fumingwei
2023-06-16 11:36:28 +08:00
parent 50fcd56322
commit 68bb2ed36a
1 changed files with 90 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
entry/src/kni_entry.cpp
View File

@@ -269,6 +269,53 @@ error_out:
return -1;
}
static int log_generate_no_intercept(struct pme_info *pmeinfo)
{
int ret = 0;
void *local_logger = g_kni_handle->local_logger;
struct TLD_handle_t *tld_handle = pmeinfo->tld_handle;
switch(pmeinfo->protocol)
{
case PROTO_SSL:
TLD_append(tld_handle, (char*)"ssl_sni", (void*)pmeinfo->domain.sni,
TLD_TYPE_STRING);
TLD_append(tld_handle, (char*)"common_schema_type", (void*)"SSL",
TLD_TYPE_STRING);
break;
case PROTO_HTTP:
TLD_append(tld_handle, (char*)"http_host", (void*)pmeinfo->domain.host,
TLD_TYPE_STRING);
TLD_append(tld_handle, (char*)"common_schema_type", (void*)"HTTP",
TLD_TYPE_STRING);
break;
default:
break;
}
ret = tsg_send_log(g_tsg_log_instance, tld_handle, NULL,
LOG_TYPE_INTERCEPT_EVENT, &pmeinfo->maat_rule, 1, 0);
if(ret < 0)
{
FS_operate(g_kni_fs_handle->handle,
g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_FAIL],
0, FS_OP_ADD, 1);
KNI_LOG_ERROR(local_logger, "Failed at sendlog, ret = %d, "
"strem_traceid = %s",
ret, pmeinfo->stream_traceid);
return -1;
}
FS_operate(g_kni_fs_handle->handle,
g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_SUCC],
0, FS_OP_ADD, 1);
return 0;
}
static void set_proxy_rule_hits_metric(struct pme_info *pmeinfo, int thread_id)
{
void *logger = g_kni_handle->local_logger;
@@ -298,20 +345,45 @@ static void set_proxy_rule_hits_metric(struct pme_info *pmeinfo, int thread_id)
}
static void stream_destroy(struct pme_info *pmeinfo){
//sendlog
void *logger = g_kni_handle->local_logger;
if(pmeinfo->action == KNI_ACTION_INTERCEPT){
int ret = log_generate(pmeinfo);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
else{
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
}
//free pme
pme_info_destroy(pmeinfo);
static void send_log_message(struct pme_info *pmeinfo)
{
int ret = 0;
void *logger = g_kni_handle->local_logger;
switch(pmeinfo->action)
{
case KNI_ACTION_INTERCEPT:
ret = log_generate(pmeinfo);
break;
case KNI_ACTION_NO_INTERCEPT:
ret = log_generate_no_intercept(pmeinfo);
break;
default:
return;
break;
}
if(ret < 0)
{
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s,"
" stream addr = %s",
pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
else
{
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s,"
" stream addr = %s",
pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
return;
}
static void stream_destroy(struct pme_info *pmeinfo)
{
//sendlog
send_log_message(pmeinfo);
//free pme
pme_info_destroy(pmeinfo);
}
static int judge_stream_can_destroy(struct pme_info *pmeinfo, int caller){
@@ -2034,6 +2106,7 @@ static int first_data_hit_policy(struct streaminfo *stream, struct pme_info *pme
break;
case KNI_ACTION_NO_INTERCEPT:
pmeinfo->tld_handle = TLD_create(-1);
FS_operate(g_kni_fs_handle->handle,
g_kni_fs_handle->fields[KNI_FIELD_NO_INTCP_STM],
0, FS_OP_ADD, 1);
@@ -2171,7 +2244,7 @@ static char close_opstate(const struct streaminfo *stream, struct pme_info *pmei
//close: because of timeout, return value has no meaning
switch(pmeinfo->action){
case KNI_ACTION_INTERCEPT:
TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle, (struct streaminfo*)pmeinfo->stream);
//TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle, (struct streaminfo*)pmeinfo->stream);
kni_set_policy_into_pem_info(stream,pmeinfo);
//reset clock: when sapp end, start clock
// if(pmeinfo->is_dynamic_bypass != 1)
@@ -2241,6 +2314,8 @@ static void deal_app_state_dropme(struct pme_info *pmeinfo, int thread_seq)
return;
}
TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle,
(struct streaminfo*)pmeinfo->stream);
//hit no intercept rule
if(pmeinfo->action == KNI_ACTION_NO_INTERCEPT)
{
@@ -2257,8 +2332,6 @@ static void deal_app_state_dropme(struct pme_info *pmeinfo, int thread_seq)
FS_operate(g_kni_fs_handle->handle,
g_kni_fs_handle->fields[KNI_FIELD_BYP_INTCPERR],
0, FS_OP_ADD, 1);
TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle,
(struct streaminfo*)pmeinfo->stream);
set_proxy_rule_hits_metric(pmeinfo, thread_seq);
stream_destroy(pmeinfo);
return;