gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、kni.conf增加[send_log];2、log_debug支持TCP/UDP协议;3、IPV4/V6_entry中addr_type更正;4、redirect日志更新

Browse Source
This commit is contained in:
liuyang
2018-12-17 14:48:08 +08:00
parent 9d2cee16ae
commit a011f87f21
6 changed files with 127 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bin/kniconf/kni.conf
View File

@@ -53,6 +53,12 @@ table_info_path=./kniconf/maat_table_info.conf
full_cfg_dir=/home/mesasoft/tango_rules/full/index full_cfg_dir=/home/mesasoft/tango_rules/full/index
inc_cfg_dir=/home/mesasoft/tango_rules/inc/index inc_cfg_dir=/home/mesasoft/tango_rules/inc/index
[send_log]
send_log_switch=0
NIC_NAME=eth0
ENTRANCE_ID=0
KAFKA_BROKERLIST=192.168.10.73:9092
[Module] [Module]

48
bin/kniconf/maat_test.json.dnat Normal file
View File

@@ -0,0 +1,48 @@
{
"compile_table": "PXY_INTERCEPT_COMPILE",
"group_table": "PXY_INTERCEPT_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action":48,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "spoofing_ip_pool=10;nat_type=dnat;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "PXY_INTERCEPT_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.11.80",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "61.135.169.125",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "PXY_OBJ_SPOOFING_IP_POOL",
"table_content": [
"1\t4\t0\t123.57.35.217\t0\t0\t\t0\t0\t1\t123\t10\t{}\t20181217-0:22"
]
}
]
}

48
bin/kniconf/maat_test.json.snat Normal file
View File

@@ -0,0 +1,48 @@
{
"compile_table": "PXY_INTERCEPT_COMPILE",
"group_table": "PXY_INTERCEPT_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action":48,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "spoofing_ip_pool=10;nat_type=snat;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "PXY_INTERCEPT_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.11.80",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "PXY_OBJ_SPOOFING_IP_POOL",
"table_content": [
"1\t4\t0\t192.168.11.127\t0\t0\t\t0\t0\t1\t123\t10\t{}\t20181217-0:22"
]
}
]
}

27
kni_comm.c
View File

@@ -126,10 +126,11 @@ int kni_log_debug(int level,char* module,const void* a_packet,const char* format
char saddr_str[INET6_ADDRSTRLEN ]={0}; char saddr_str[INET6_ADDRSTRLEN ]={0};
char daddr_str[INET6_ADDRSTRLEN ]={0}; char daddr_str[INET6_ADDRSTRLEN ]={0};
int protocol=0;
struct ip* ipv4_hdr = (struct ip*)a_packet; struct ip* ipv4_hdr = (struct ip*)a_packet;
struct kni_ipv6_hdr* ipv6_hdr = (struct kni_ipv6_hdr*)a_packet; struct kni_ipv6_hdr* ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
struct tcphdr* tcphdr = NULL; struct kni_tcp_hdr* tcphdr=NULL;
struct udphdr* udphdr = NULL; struct kni_udp_hdr* udphdr=NULL;
char buf[4096] = {0}; char buf[4096] = {0};
@@ -143,11 +144,14 @@ int kni_log_debug(int level,char* module,const void* a_packet,const char* format
if(ipv4_hdr->ip_v==4) if(ipv4_hdr->ip_v==4)
{ {
tcphdr=(struct tcphdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl)); tcphdr=(struct kni_tcp_hdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));
udphdr=(struct kni_udp_hdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));
inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_src).s_addr), saddr_str, INET_ADDRSTRLEN); inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_src).s_addr), saddr_str, INET_ADDRSTRLEN);
inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_dst).s_addr), daddr_str, INET_ADDRSTRLEN); inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_dst).s_addr), daddr_str, INET_ADDRSTRLEN);
protocol = ipv4_hdr->ip_p;
} }
else if((ipv6_hdr->ip6_flags[0] & 0xF0) == 0x60) else if((ipv6_hdr->ip6_flags[0] & 0xF0) == 0x60)
{ {
@@ -156,15 +160,26 @@ int kni_log_debug(int level,char* module,const void* a_packet,const char* format
return -1; return -1;
} }
tcphdr =(struct tcphdr*)( (unsigned char*)ipv6_hdr + sizeof(struct kni_ipv6_hdr)); tcphdr =(struct kni_tcp_hdr*)( (unsigned char*)ipv6_hdr + sizeof(struct kni_ipv6_hdr));
udphdr =(struct kni_udp_hdr*)( (unsigned char*)ipv6_hdr + sizeof(struct kni_ipv6_hdr));
inet_ntop(AF_INET6, (void *)&(ipv6_hdr->ip6_src), saddr_str, INET6_ADDRSTRLEN); inet_ntop(AF_INET6, (void *)&(ipv6_hdr->ip6_src), saddr_str, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, (void *)&(ipv6_hdr->ip6_dst), daddr_str, INET6_ADDRSTRLEN); inet_ntop(AF_INET6, (void *)&(ipv6_hdr->ip6_dst), daddr_str, INET6_ADDRSTRLEN);
protocol= ipv6_hdr->ip6_nex_hdr;
} }
sport=ntohs(tcphdr->source); if(protocol == PROTO_TYPE_TCP)
dport=ntohs(tcphdr->dest); {
sport=ntohs(tcphdr->th_sport);
dport=ntohs(tcphdr->th_dport);
}
else if(protocol == PROTO_TYPE_UDP)
{
sport=ntohs(udphdr->uh_sport);
dport=ntohs(udphdr->uh_dport);
}
MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"addr:%s,%d,%s,%d %s",saddr_str,sport,daddr_str,dport,buf); MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"addr:%s,%d,%s,%d %s",saddr_str,sport,daddr_str,dport,buf);

4
kni_entry.c
View File

@@ -1113,7 +1113,7 @@ extern "C" char kni_ipv4_entry(const struct streaminfo *pstream,unsigned char ro
ret = process_redirect_pending(pstream,&pmeinfo,thread_seq,ipv4_hdr,0,routedir); ret = process_redirect_pending(pstream,&pmeinfo,thread_seq,ipv4_hdr,0,routedir);
return ret; return ret;
} }
else if(redirect_search_htable(pstream->addr.addrtype,&pmeinfo,thread_seq,ipv4_hdr,0) == 1) else if(redirect_search_htable(ADDR_TYPE_IPV4,&pmeinfo,thread_seq,ipv4_hdr,0) == 1)
{ {
ret = process_redirect_data(pstream,&pmeinfo,thread_seq,ipv4_hdr,0,routedir); ret = process_redirect_data(pstream,&pmeinfo,thread_seq,ipv4_hdr,0,routedir);
return ret; return ret;
@@ -1169,7 +1169,7 @@ extern "C" char kni_ipv6_entry(const struct streaminfo *pstream,unsigned char ro
ret = process_redirect_pending(pstream,&pmeinfo,thread_seq,ipv6_hdr,0,routedir); ret = process_redirect_pending(pstream,&pmeinfo,thread_seq,ipv6_hdr,0,routedir);
return ret; return ret;
} }
else if(redirect_search_htable(pstream->addr.addrtype,&pmeinfo,thread_seq,ipv6_hdr,0) == 1) else if(redirect_search_htable(ADDR_TYPE_IPV6,&pmeinfo,thread_seq,ipv6_hdr,0) == 1)
{ {
ret = process_redirect_data(pstream,&pmeinfo,thread_seq,ipv6_hdr,0,routedir); ret = process_redirect_data(pstream,&pmeinfo,thread_seq,ipv6_hdr,0,routedir);
return ret; return ret;

4
kni_redirect.c
View File

@@ -105,7 +105,7 @@ int redirect_search_htable(unsigned char addr_type,struct kni_pme_info* pmeinfo,
{ {
pmeinfo->action=KNI_ACTION_REDIRECT; pmeinfo->action=KNI_ACTION_REDIRECT;
kni_log_debug(RLOG_LV_DEBUG,(char*)"redirect",a_packet,"redirect_search_htable()"); kni_log_debug(RLOG_LV_DEBUG,(char*)"redirect_search_htable",a_packet,"search htable_data succ!");
kni_filestate2_set(thread_seq,FS_REDIRECT_REPLY,0,1); kni_filestate2_set(thread_seq,FS_REDIRECT_REPLY,0,1);
} }
@@ -528,7 +528,7 @@ int redirect_sendlog(const struct streaminfo* pstream,struct kni_pme_info* pmein
kni_send_log(&log_msg,(char*)"redirect",content); kni_send_log(&log_msg,(char*)"redirect",content);
kni_log_debug(RLOG_LV_DEBUG,(char*)"redirect",a_packet,"process_redirect_pending(),%s",content); kni_log_debug(RLOG_LV_DEBUG,(char*)"redirect_pending",a_packet,"content:%s",content);
kni_filestate2_set(thread_seq,FS_REDIRECT,0,1); kni_filestate2_set(thread_seq,FS_REDIRECT,0,1);
return 0; return 0;