重构maat扫描部分代码
This commit is contained in:
zhengchao
@@ -67,15 +67,17 @@ struct pme_info{
|
||||
int protocol;
|
||||
int policy_id;
|
||||
int maat_hit;
|
||||
int action;
|
||||
enum kni_action action;
|
||||
int service;
|
||||
struct kni_tcpopt_info *client_tcpopt;
|
||||
struct kni_tcpopt_info *server_tcpopt;
|
||||
int tfe_id;
|
||||
void *logger;
|
||||
char stream_trace_id[STREAM_TRACE_ID_LEN];
|
||||
char host[KNI_DOMAIN_MAX]; //http only
|
||||
char sni[KNI_DOMAIN_MAX]; //ssl only
|
||||
union{
|
||||
char host[KNI_DOMAIN_MAX]; //http only
|
||||
char sni[KNI_DOMAIN_MAX]; //ssl only
|
||||
};
|
||||
//tfe_release = 1: tfe don't need pmeinfo
|
||||
int tfe_release;
|
||||
int sapp_release;
|
||||
@@ -510,18 +512,6 @@ static char pending_opstate(const struct streaminfo *stream, struct pme_info *pm
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
static int get_action(struct ipaddr *addr, char *domain, int domain_len, int thread_seq, int *policy_id, int *maat_hit){
|
||||
//return KNI_ACTION_INTERCEPT;
|
||||
int ret = kni_maat_scan_ip(g_kni_handle->maat_handle, addr, thread_seq, policy_id, maat_hit);
|
||||
if(action == KNI_ACTION_BYPASS){
|
||||
return action;
|
||||
}
|
||||
if(domain_len != 0){
|
||||
action = kni_maat_scan_domain(g_kni_handle->maat_handle, domain, domain_len, thread_seq, policy_id, maat_hit);
|
||||
}
|
||||
return action;
|
||||
}
|
||||
|
||||
//TODO: 这一块逻辑需要和洋姐和秋秋讨论一下
|
||||
static char data_opstate(const struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
@@ -589,18 +579,18 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein
|
||||
memcpy(pmeinfo->sni, result->domain, result->domain_len);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SSL_STM], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
if(pmeinfo->protocol == KNI_PROTOCOL_HTTP){
|
||||
else if(pmeinfo->protocol == KNI_PROTOCOL_HTTP){
|
||||
memcpy(pmeinfo->host, result->domain, result->domain_len);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
pmeinfo->action = get_action((struct ipaddr*)(&stream->addr), result->domain, result->domain_len,
|
||||
pmeinfo->action = intercept_policy_scan(g_kni_handle->maat_handle, (struct ipaddr*)(&stream->addr), result->domain, result->domain_len,
|
||||
thread_seq, &(pmeinfo->policy_id), &(pmeinfo->maat_hit));
|
||||
//输出maat拦截日志
|
||||
char domain_str[KNI_DOMAIN_MAX] = "";
|
||||
memcpy(domain_str, result->domain, result->domain_len);
|
||||
char action_str[KNI_SYMBOL_MAX];
|
||||
kni_maat_action_trans(pmeinfo->action, action_str);
|
||||
KNI_LOG_DEBUG(logger, "get_action: %s, %s, policy_id = %d, action = %d(%s), maat_hit = %d",
|
||||
KNI_LOG_DEBUG(logger, "intercept_policy_scan: %s, %s, policy_id = %d, action = %d(%s), maat_hit = %d",
|
||||
stream_addr, domain_str, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->maat_hit);
|
||||
FREE(&result);
|
||||
//TODO: 这块比较奇怪, 收到client hello, 但是没有syn/ack包, 直接bypass了
|
||||
@@ -1322,4 +1312,4 @@ extern "C" int kni_init(){
|
||||
error_out:
|
||||
kni_destroy(g_kni_handle);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user