1、修改knini_cmsg枚举 2、修改maat命不中sni的问题

2020-08-03 14:58:26 +08:00
parent 1c26e6aba1
commit b74d15efec
2 changed files with 25 additions and 21 deletions
--- a/common/include/kni_cmsg.h
+++ b/common/include/kni_cmsg.h
@@ -1,6 +1,6 @@
 #pragma once

-#define KNI_CMSG_TLV_NR_MAX  64
+//#define KNI_CMSG_TLV_NR_MAX  64
 struct kni_cmsg;
 struct kni_cmsg_serialize_header;

@@ -45,25 +45,26 @@ enum tfe_cmsg_tlv_type
    TFE_CMSG_DST_MAC,
    
    /* TCP option information */
-    TFE_CMSG_DOWNSTREAM_TCP_MAXSEG       = 0x40, //size int
-    TFE_CMSG_DOWNSTREAM_TCP_NODELAY      = 0x41, //size int
-    TFE_CMSG_DOWNSTREAM_TCP_TTL          = 0x42, //size int
-    TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE    = 0x43, //size int
-    TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT      = 0x44, //size int
-    TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE     = 0x45, //size int
-    TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL    = 0x46, //size int
-    TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT = 0x47, //size int
+    TFE_CMSG_DOWNSTREAM_TCP_MAXSEG,
+    TFE_CMSG_DOWNSTREAM_TCP_NODELAY, 
+    TFE_CMSG_DOWNSTREAM_TCP_TTL,
+    TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE,
+    TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT, 
+    TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE,
+    TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, 
+    TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT,

-    TFE_CMSG_UPSTREAM_TCP_MAXSEG         = 0x50, //size int
-    TFE_CMSG_UPSTREAM_TCP_NODELAY        = 0x51, //size int
-    TFE_CMSG_UPSTREAM_TCP_TTL            = 0x52, //size int
-    TFE_CMSG_UPSTREAM_TCP_KEEPALIVE      = 0x53, //size int
-    TFE_CMSG_UPSTREAM_TCP_KEEPCNT        = 0x54, //size int
-    TFE_CMSG_UPSTREAM_TCP_KEEPIDLE       = 0x55, //size int
-    TFE_CMSG_UPSTREAM_TCP_KEEPINTVL      = 0x56, //size int
-    TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT   = 0x57, //size int
+    TFE_CMSG_UPSTREAM_TCP_MAXSEG, 
+    TFE_CMSG_UPSTREAM_TCP_NODELAY , 
+    TFE_CMSG_UPSTREAM_TCP_TTL, 
+    TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, 
+    TFE_CMSG_UPSTREAM_TCP_KEEPCNT, 
+    TFE_CMSG_UPSTREAM_TCP_KEEPIDLE,
+    TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, 
+    TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT,

-    TFE_CMSG_TCP_PASSTHROUGH             = 0x60, //size int
+    TFE_CMSG_TCP_PASSTHROUGH,
+    KNI_CMSG_TLV_NR_MAX,
 };

 struct kni_cmsg* kni_cmsg_init();
--- a/entry/src/kni_pxy_tcp_option.cpp
+++ b/entry/src/kni_pxy_tcp_option.cpp
@@ -408,8 +408,11 @@ static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct str
 static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t *result, int result_num,scan_status_t *mid, struct pme_info *pmeinfo, void *logger)
 {
 	int hit_num = 0, maat_ret = 0;
-	if(pmeinfo->protocol != PROTO_HTTP || pmeinfo->protocol != PROTO_SSL)
+	if(pmeinfo->protocol != PROTO_HTTP && pmeinfo->protocol != PROTO_SSL)
+	{
+		KNI_LOG_DEBUG(logger,"NOT SCAN DOMAIN, streamid: %s,stream protocol: %d",pmeinfo->stream_traceid,pmeinfo->protocol);
 		return hit_num;
+	}
 	if(hit_num < result_num)
 	{
 		maat_ret = Maat_full_scan_string(maat_feather,
@@ -426,14 +429,14 @@ static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t *
 		{
 			KNI_LOG_DEBUG(logger,"SCAN_DOMAIN,Hit streamid: %s, domain: %s",
 								pmeinfo->stream_traceid,
-								pmeinfo->domain);
+								(char*)&(pmeinfo->domain));
 			hit_num += maat_ret;
 		}
 		else
 		{
 			KNI_LOG_DEBUG(logger,"SCAN_DOMAIN,Not hit stream_traceid: %s ,domain :%s scan ret: %d",
 							pmeinfo->stream_traceid,
-							pmeinfo->domain,
+							(char*)&(pmeinfo->domain),
 							maat_ret);	
 		}