删除一些多余配置, 修复一些小bug
This commit is contained in:
崔一鸣
@@ -11,7 +11,6 @@ bypass: drome: pme_new_fail: destroy_pme
|
||||
|
||||
#include "kni_utils.h"
|
||||
#include "marsio.h"
|
||||
#include "MESA/http.h"
|
||||
#include "MESA/stream_inc/sapp_inject.h"
|
||||
#include "kni_cmsg.h"
|
||||
#include "uuid/uuid.h"
|
||||
@@ -35,7 +34,6 @@ extern "C" {
|
||||
struct kni_handle *g_kni_handle = NULL;
|
||||
struct kni_field_stat_handle *g_kni_fs_handle = NULL;
|
||||
|
||||
#define HTTP_PROJECT_NAME "kni_http_tag"
|
||||
#define BURST_MAX 1
|
||||
#define STREAM_TRACEID_LEN 37
|
||||
#define CALLER_SAPP 0
|
||||
@@ -74,10 +72,6 @@ enum kni_action{
|
||||
KNI_ACTION_BYPASS = 0x80
|
||||
};
|
||||
|
||||
struct http_project{
|
||||
int host_len;
|
||||
char host[MAX_DOAMIN_LEN];
|
||||
};
|
||||
|
||||
//memset 0
|
||||
struct dup_traffic_dabloom_key{
|
||||
@@ -195,7 +189,6 @@ struct tuple2stream_htable_value{
|
||||
|
||||
|
||||
struct kni_handle{
|
||||
int http_project_id;
|
||||
struct kni_marsio_handle *marsio_handle;
|
||||
struct kni_tun_handle *tun_handle;
|
||||
struct kni_maat_handle *maat_handle;
|
||||
@@ -511,7 +504,6 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
unsigned char *buff = NULL;
|
||||
uint8_t protocol_type = pmeinfo->protocol == PROTO_SSL ? 0x1 : 0x0;
|
||||
struct kni_cmsg *cmsg = kni_cmsg_init();
|
||||
int policy_id = -1;
|
||||
char *trace_id = NULL;
|
||||
uint32_t seq = pktinfo->tcphdr->seq;
|
||||
uint32_t ack = pktinfo->tcphdr->ack_seq;
|
||||
@@ -521,6 +513,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
uint16_t server_window = htons(pmeinfo->server_window);
|
||||
char src_mac[6] = {0};
|
||||
char dst_mac[6] = {0};
|
||||
int policy_id;
|
||||
//seq
|
||||
int ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (const unsigned char*)&seq, 4, pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
@@ -758,7 +751,7 @@ static void wrapped_kni_header_parse(const void *a_packet, struct pme_info *pmei
|
||||
int ret = kni_ipv6_header_parse(a_packet, pktinfo);
|
||||
if(ret < 0){
|
||||
char *errmsg = kni_ipv6_errmsg_get((enum kni_ipv6hdr_parse_error)ret);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: failed at parse ipv6 header, errmsg = %s, stream treaceid = %s",
|
||||
KNI_LOG_ERROR(logger, "Failed at parse ipv6 header, errmsg = %s, stream treaceid = %s",
|
||||
errmsg, pmeinfo->stream_traceid);
|
||||
pktinfo->parse_failed = 1;
|
||||
}
|
||||
@@ -767,7 +760,7 @@ static void wrapped_kni_header_parse(const void *a_packet, struct pme_info *pmei
|
||||
int ret = kni_ipv4_header_parse(a_packet, pktinfo);
|
||||
if(ret < 0){
|
||||
char *errmsg = kni_ipv4_errmsg_get((enum kni_ipv4hdr_parse_error)ret);
|
||||
KNI_LOG_ERROR(logger, "Intercept error: failed at parse ipv4 header, errmsg = %s, stream treaceid = %s",
|
||||
KNI_LOG_ERROR(logger, "Failed at parse ipv4 header, errmsg = %s, stream treaceid = %s",
|
||||
errmsg, pmeinfo->stream_traceid);
|
||||
pktinfo->parse_failed = 1;
|
||||
}
|
||||
@@ -1023,6 +1016,8 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
}
|
||||
if(pktinfo->parse_failed == 1){
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_INVALID_IP_HDR;
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: invalid ip header, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
}
|
||||
@@ -1115,7 +1110,7 @@ error_out:
|
||||
if(buff != NULL){
|
||||
FREE(&buff);
|
||||
}
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
return APP_STATE_DROPPKT | APP_STATE_DROPME;
|
||||
}
|
||||
|
||||
static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){
|
||||
@@ -1243,25 +1238,25 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
||||
int ret = 0;
|
||||
struct _identify_info identify_info;
|
||||
ret = tsg_pull_policy_result(stream, PULL_KNI_RESULT, &result, 1, &identify_info);
|
||||
pmeinfo->protocol = identify_info.proto;
|
||||
strncpy((char*)&(pmeinfo->domain), identify_info.domain, identify_info.domain_len);
|
||||
pmeinfo->domain_len = MAX(pmeinfo->domain_len, (int)sizeof(pmeinfo->domain) - 1);
|
||||
pmeinfo->domain_len = '\0';
|
||||
//ret == 0, bypass and dropme
|
||||
if(ret == 0){
|
||||
pmeinfo->action = KNI_ACTION_NONE;
|
||||
pmeinfo->policy_id = -1;
|
||||
maat_hit = 0;
|
||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s",
|
||||
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
|
||||
}
|
||||
else{
|
||||
pmeinfo->protocol = identify_info.proto;
|
||||
pmeinfo->domain_len = MIN(identify_info.domain_len, (int)sizeof(pmeinfo->domain) - 1);
|
||||
strncpy(pmeinfo->domain.sni, identify_info.domain, pmeinfo->domain_len);
|
||||
pmeinfo->action = (enum kni_action)(result.action);
|
||||
pmeinfo->policy_id = result.config_id;
|
||||
pmeinfo->do_log = result.do_log;
|
||||
maat_hit = 1;
|
||||
char *action_str = kni_maat_action_trans(pmeinfo->action);
|
||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
|
||||
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
|
||||
}
|
||||
char *action_str = kni_maat_action_trans(pmeinfo->action);
|
||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
switch(pmeinfo->action){
|
||||
case KNI_ACTION_INTERCEPT:
|
||||
pmeinfo->intercept_state = 1;
|
||||
@@ -1283,6 +1278,7 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
}
|
||||
//parse ipv4/6 header
|
||||
struct pkt_info pktinfo;
|
||||
memset(&pktinfo, 0, sizeof(pktinfo));
|
||||
wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo);
|
||||
//pmeinfo->action has only 2 value: KNI_ACTION_NONE, KNI_ACTION_INTERCEPT
|
||||
if(pmeinfo->action == KNI_ACTION_INTERCEPT){
|
||||
@@ -1339,7 +1335,7 @@ static char close_opstate(const struct streaminfo *stream, struct pme_info *pmei
|
||||
return APP_STATE_DROPPKT | APP_STATE_DROPME;
|
||||
//stream has no data.
|
||||
default:
|
||||
return APP_STATE_DROPPKT | APP_STATE_DROPME;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1430,7 +1426,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
||||
pmeinfo->intercept_state = 0;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_INTCPERR], 0, FS_OP_ADD, 1);
|
||||
if(pmeinfo != NULL){
|
||||
pmeinfo->policy_id = -1;
|
||||
//pmeinfo->policy_id = -1;
|
||||
stream_destroy(pmeinfo, 1);
|
||||
}
|
||||
}
|
||||
@@ -1446,45 +1442,6 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
||||
return ret;
|
||||
}
|
||||
|
||||
void http_project_free(int thread_seq, void *project_req_value){
|
||||
FREE(&project_req_value);
|
||||
}
|
||||
|
||||
static int http_project_init(){
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
int id = project_producer_register(HTTP_PROJECT_NAME, PROJECT_VAL_TYPE_STRUCT, http_project_free);
|
||||
if(id < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at project_producer_register, project name = %s, ret = %d", HTTP_PROJECT_NAME, id);
|
||||
return -1;
|
||||
}
|
||||
id = project_customer_register(HTTP_PROJECT_NAME, PROJECT_VAL_TYPE_STRUCT);
|
||||
if(id < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at project_customer_register, project name = %s, ret = %d", HTTP_PROJECT_NAME, id);
|
||||
return -1;
|
||||
}
|
||||
return id;
|
||||
}
|
||||
|
||||
extern "C" char kni_http_entry(stSessionInfo* session_info, void **pme, int thread_seq, struct streaminfo *a_stream, const void *a_packet){
|
||||
http_infor* http_info = (http_infor*)(session_info->app_info);
|
||||
//only process first http session
|
||||
if(http_info->http_session_seq != 1){
|
||||
return PROT_STATE_DROPME;
|
||||
}
|
||||
if(session_info->prot_flag != HTTP_HOST){
|
||||
return PROT_STATE_GIVEME;
|
||||
}
|
||||
int host_len = MIN(session_info->buflen, KNI_DEFAULT_MTU);
|
||||
struct http_project* host_info = ALLOC(struct http_project, 1);
|
||||
host_info->host_len = host_len;
|
||||
memcpy(host_info->host, session_info->buf, host_len);
|
||||
if(project_req_add_struct(a_stream, g_kni_handle->http_project_id, host_info) < 0){
|
||||
FREE(&host_info);
|
||||
host_info = NULL;
|
||||
}
|
||||
return PROT_STATE_DROPME;
|
||||
}
|
||||
|
||||
static void kni_marsio_destroy(struct kni_marsio_handle *handle){
|
||||
if(handle != NULL){
|
||||
if(handle->instance != NULL){
|
||||
@@ -2087,7 +2044,6 @@ extern "C" int kni_init(){
|
||||
char manage_eth[KNI_SYMBOL_MAX] = "";
|
||||
struct kni_send_logger *send_logger = NULL;
|
||||
struct kni_field_stat_handle *fs_handle = NULL;
|
||||
int id = -1;
|
||||
void *local_logger = NULL;
|
||||
int log_level = -1;
|
||||
pthread_t thread_id = -1;
|
||||
@@ -2172,13 +2128,6 @@ extern "C" int kni_init(){
|
||||
KNI_LOG_ERROR(local_logger, "MESA_prof_load: dst_mac_addr = invalid, ret = %d, profile = %s, section = %s", ret, profile, section);
|
||||
goto error_out;
|
||||
}
|
||||
//init http_project
|
||||
id = http_project_init();
|
||||
if(id < 0){
|
||||
KNI_LOG_ERROR(local_logger, "Failed at init http project, ret = %d", id);
|
||||
goto error_out;
|
||||
}
|
||||
g_kni_handle->http_project_id = id;
|
||||
|
||||
// get thread count
|
||||
g_kni_handle->thread_count = get_thread_count();
|
||||
|
||||
Reference in New Issue
Block a user