gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、修改判断stream_tunnel_type 代码 2、增加因 stream_tunnel 和以data建立连接导致拦截失败的fs_stat 和 安全日志

Browse Source
This commit is contained in:
fumingwei
2020-10-29 21:55:35 +08:00
parent 50eea557a6
commit 88028f7885
3 changed files with 44 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
entry/src/kni_entry.cpp
View File

@@ -86,6 +86,14 @@ static char* stream_errmsg_session_record(enum intercept_error _errno){
return (char*)"e_internal_4";
case INTERCEPT_ERROR_CMSG_ADD_FAIL:
return (char*)"e_internal_5";
case INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN:
return (char*)"e_internal_6";
case INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR:
return (char*)"e_internal_7";
case INTERCEPT_ERROR_STREAM_TUNNLE_TYPE:
return (char *)"e_stream_type_tunnel";
case INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR:
return (char *)"e_internal_8";
default:
return (char*)"unknown error";
}
@@ -1072,20 +1080,42 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
int ret, len;
//intercept_error: TCP CTEAT LINK NOT BYSYN or TCP_CREATE_LINK_MODE error
unsigned char intercept_stream_link_mode;
int intercept_stream_link_mode_len = 1;
int intercept_stream_link_mode_len = sizeof(unsigned char);
unsigned short stream_tunnel_type = STREAM_TUNNLE_NON;
int stream_tunnel_type_len = sizeof(unsigned short);
ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len);
if(ret == 0){
if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){
KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN], 0, FS_OP_ADD, 1);
goto error_out;
}
}
else{
KNI_LOG_DEBUG(logger, "Intercept error: get TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR], 0, FS_OP_ADD, 1);
goto error_out;
}
ret=MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len);
if(ret == 0){
if(stream_tunnel_type != STREAM_TUNNLE_NON){
KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_STREAM_TUNNLE_TYPE;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE], 0, FS_OP_ADD, 1);
goto error_out;
}
}
else
{
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR], 0, FS_OP_ADD, 1);
goto error_out;
}
//intercept_error: no tfe
if(tsg_diagnose_judge_streamshunt(pmeinfo->maat_result.config_id,pmeinfo) == 0) // tsg diagnose shunt
pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
@@ -1565,8 +1595,6 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
int ret;
int can_destroy;
struct pme_info *pmeinfo = *(struct pme_info **)pme;
unsigned short stream_tunnel_type = STREAM_TUNNLE_NON;
int stream_tunnel_type_len = sizeof(unsigned short);
/* a_packet == NULL && not op_state_close, continue
close: a_packet may be null, if a_packet = null, do not send to tfe
*/
@@ -1580,13 +1608,6 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
ret=MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len);
if(stream_tunnel_type != STREAM_TUNNLE_NON)
{
KNI_LOG_DEBUG(logger, "stream type is tunnel, type = %d",ret);
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
switch(stream->pktstate){
case OP_STATE_PENDING:
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_PENDING], 0, FS_OP_ADD, 1);
@@ -2102,6 +2123,9 @@ static struct kni_field_stat_handle * fs_init(const char *profile){
//intercept error link mode
fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_get_link_mode_err");
fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_link_mode_bysyn");
//intercept error stream tunnel type
fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_get_stream_tuntype_err");
fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_stream_is_tuntype");
//intercept_error
fs_handle->fields[KNI_FIELD_INTCPERR_ASYM_ROUTING] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_asym_route");
fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_syn");