gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix: fix chello first packet hit intercept policy bug.

Browse Source
This commit is contained in:
fumingwei
2024-06-20 22:04:40 +08:00
parent bfd7b97a78
commit b0354fd100
2 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
entry/include/kni_entry.h
View File

@@ -154,6 +154,7 @@ struct pme_info{
int pxy_tcp_option_is_scan;
struct session_attribute_label *session_attribute;
int check_data_packets_num;
int has_send_packet_nums;
};
struct wrapped_packet{

25
entry/src/kni_entry.cpp
View File

@@ -1425,6 +1425,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
//Note: traceid2pme_add_fail, still work. no cmsg
traceid2pme_htable_add(pmeinfo);
//send to tfe
pmeinfo->has_send_packet_nums ++;
ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
if(ret < 0){
KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
@@ -1522,6 +1523,16 @@ char* kni_maat_action_trans(enum kni_action action){
char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct pkt_info *pktinfo, int thread_seq){
//return value 0
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
struct wrapped_packet new_pkt;
if(pmeinfo->has_send_packet_nums < g_kni_handle->reassembled_packets_num){
memset(&new_pkt, 0, sizeof(struct wrapped_packet));
int offset = 0;
offset = rebuild_packet_to_add_tcp_option(pmeinfo, pktinfo, (char *)&new_pkt);
set_new_packet_checksum(pmeinfo, pktinfo, (char *)&new_pkt, offset);
a_packet = (void *)&(new_pkt);
}
int ret, len;
void *logger = g_kni_handle->local_logger;
struct iphdr *ipv4_hdr = NULL;
@@ -1570,7 +1581,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
//return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
}
pmeinfo->has_send_packet_nums ++;
ret = send_to_tfe((char*)a_packet, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s, stream addr = %s",
@@ -1641,12 +1652,12 @@ char deal_chello_frag(struct streaminfo *stream, struct pme_info *pmeinfo, int t
return APP_STATE_KILL_FOLLOW | APP_STATE_DROPME;
}
} else {
struct wrapped_packet new_pkt;
memset(&new_pkt, 0, sizeof(struct wrapped_packet));
int offset = 0;
offset = rebuild_packet_to_add_tcp_option(pmeinfo, &rawpkt_info, (char *)&new_pkt);
set_new_packet_checksum(pmeinfo, &rawpkt_info, (char *)&new_pkt, offset);
next_data_intercept(pmeinfo, (void *)&new_pkt, &rawpkt_info, thread_seq);
// struct wrapped_packet new_pkt;
// memset(&new_pkt, 0, sizeof(struct wrapped_packet));
// int offset = 0;
// offset = rebuild_packet_to_add_tcp_option(pmeinfo, &rawpkt_info, (char *)&new_pkt);
// set_new_packet_checksum(pmeinfo, &rawpkt_info, (char *)&new_pkt, offset);
next_data_intercept(pmeinfo, rawpkt, &rawpkt_info, thread_seq);
}
}
ssl_frag_chello_free(stream);