初步调通maat扫描

entry/src/kni_entry.cpp

@@ -61,8 +61,13 @@ static int protocol_identify(const struct streaminfo* stream, char *buf, int len
 	chello = ssl_chello_parse((const unsigned char*)buf, len, &chello_status);
 	if(chello_status == CHELLO_PARSE_SUCCESS){
 		result->protocol = KNI_PROTOCOL_SSL;
-		result->domain_len = strnlen(chello->sni, KNI_DOMAIN_MAX);
-		memcpy(result->domain, chello->sni, result->domain_len);
+		if(chello->sni == NULL){
+			result->domain_len = 0;
+		}
+		else{
+			result->domain_len = strnlen(chello->sni, KNI_DOMAIN_MAX);
+			memcpy(result->domain, chello->sni, result->domain_len);
+		}
 		ssl_chello_free(chello);
 		return 0;
 	}
@@ -178,13 +183,11 @@ static int send_to_tfe(struct kni_marsio_handle *handle, char *raw_data, int raw
 
 static char pending_opstate(const struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo){
 	void *logger = g_kni_handle->logger;
-	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TOT_STM], 0, FS_OP_ADD, 1);
 	if(!pktinfo->tcphdr->syn){
 		//TODO: pending_opstate 不是syn, bypass这个流
 		KNI_LOG_ERROR(logger, "pending opstate: not syn");
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NO_SYN_EXP], 0, FS_OP_ADD, 1);
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
 	pmeinfo->client_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len);
@@ -194,11 +197,13 @@ static char pending_opstate(const struct streaminfo *stream, struct pme_info *pm
 
 static int get_action(struct ipaddr *addr, char *domain, int domain_len, int thread_seq){
 	//return KNI_ACTION_INTERCEPT;
-	int action = kni_maat_scan_ip(g_kni_handle->maat_handle, addr, thread_seq, g_kni_handle->logger);
+	int action = kni_maat_scan_ip(g_kni_handle->maat_handle, addr, thread_seq);
 	if(action == KNI_ACTION_BYPASS){
 		return action;
 	}
-	action = kni_maat_scan_domain(g_kni_handle->maat_handle, domain, domain_len, thread_seq, g_kni_handle->logger);
+	if(domain_len != 0){
+		action = kni_maat_scan_domain(g_kni_handle->maat_handle, domain, domain_len, thread_seq);
+	}
 	return action;
 }
 
@@ -230,9 +235,10 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein
 	if(stream->dir != DIR_DOUBLE){
 		KNI_LOG_INFO(logger, "stream dir is %d, bypass", stream->dir);
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
+	//三次握手成功才算一个流
+	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TOT_STM], 0, FS_OP_ADD, 1);
 	struct protocol_identify_result *result = ALLOC(struct protocol_identify_result, 1);
 	protocol_identify(stream, pktinfo->data, pktinfo->data_len, result);
 	pmeinfo->protocol = result->protocol;
@@ -428,7 +434,7 @@ static struct kni_field_stat_handle * fs_init(const char *profile){
 	void *logger = g_kni_handle->logger;
 	const char *section = "field_stat";
 	char stat_path[KNI_PATH_MAX];
-	MESA_load_profile_string_def(profile, section, "stat_path", stat_path, KNI_PATH_MAX, "./fs2_kni.status");
+	MESA_load_profile_string_def(profile, section, "stat_path", stat_path, KNI_PATH_MAX, "unknown");
 	KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n stat_path: %s\n", "field_stat", stat_path);
 	screen_stat_handle_t handle = FS_create_handle();
 	if(handle == NULL){
@@ -464,6 +470,8 @@ static struct kni_field_stat_handle * fs_init(const char *profile){
 	fs_handle->fields[KNI_FIELD_SSL_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ssl_stm");
 	fs_handle->fields[KNI_FIELD_HTTP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "http_stm");
 	fs_handle->fields[KNI_FIELD_UNKNOWN_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "unknown_stm");
+	fs_handle->handle = handle;
+	FS_start(handle);
 	return fs_handle;
 }