diff --git a/kni.c b/kni.c index 432eab9..f4450ab 100644 --- a/kni.c +++ b/kni.c @@ -631,9 +631,11 @@ int kni_keepalive_replay(struct stream_tuple4_v4* ipv4_addr,int iprever_flag,str #ifdef KNI_DEBUG_TCPREPAIR return 0; #endif -#ifdef KNI_DEBUG_KEEPALIVE - return 0; -#endif + + if(!g_kni_switch_info.replay_win_update) + { + return 0; + } int index=1-iprever_flag; @@ -1097,11 +1099,21 @@ int tcprepair_set_state(int sk,struct kni_tcp_state* tcp) MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","connect() error,errno:%d,%s",errno,strerror(errno)); return -1; } - +/* opts[onr].opt_code = TCPOPT_WINDOW; opts[onr].opt_val = tcp->wscale_src+ (tcp->wscale_dst<< 16); onr++; +*/ + + if((tcp->wscale_dst)&&(tcp->wscale_src)) + { + opts[onr].opt_code = TCPOPT_WINDOW; + opts[onr].opt_val = tcp->wscale_dst+ (tcp->wscale_src<< 16); + onr++; + } + + opts[onr].opt_code = TCPOPT_MAXSEG; opts[onr].opt_val = (tcp->mss_srcmss_dst)?tcp->mss_src:tcp->mss_dst; onr++; @@ -1118,7 +1130,7 @@ int tcprepair_set_state(int sk,struct kni_tcp_state* tcp) onr++; */ - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","onr:%d,wscale_src:%d,wscale_dst:%d,wscale:%x,mss:%d,sack:%d",onr,tcp->wscale_src,tcp->wscale_dst,opts[0].opt_val,opts[1].opt_val,opts[2].opt_val); + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","src_port:%d,dst_port:%d,onr:%d,wscale_src:%d,wscale_dst:%d,wscale:%x,mss:%d,sack:%d",ntohs(tcp->sport),ntohs(tcp->dport),onr,tcp->wscale_src,tcp->wscale_dst,opts[0].opt_val,opts[1].opt_val,opts[2].opt_val); if (setsockopt(sk, SOL_TCP, TCP_REPAIR_OPTIONS,opts, onr * sizeof(struct tcp_repair_opt)) < 0) { @@ -1218,19 +1230,18 @@ int kni_scan_whitelist_domain(char* domain,int domain_len,int thread_seq,scan_st struct Maat_rule_t maat_result[KNI_MAX_SAMENUM]; string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,domain,domain_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq); - +/* if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(string_scan_num==0)) { action=KNI_ACTION_WHITELIST; return action; } - +*/ for(i=0;istatus_flag=KNI_FLAG_NOTPROC; return ret; } - +//20180803 add + else if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(action==KNI_ACTION_NONE)&&(pmeinfo->ip_not_hit)) + { + kni_debug_info_v4((char*)"BYPASS_NOTHIT",0,(struct ip*)ip_hdr); + + pmeinfo->status_flag=KNI_FLAG_NOTPROC; + return ret; + } +//end if(tcp_repair_process(pstream,ip_hdr,pmeinfo,pmeinfo->status_flag)<0) { @@ -1708,7 +1728,12 @@ char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* p kni_set_filestate2(thread_seq,FS2_COLUME_WITELIST_IP,0,1); return ret; } - +//20180803 add + else if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(ipscan_action==KNI_ACTION_NONE)) + { + pmeinfo->ip_not_hit=1; + } +//end pmeinfo->status_flag=KNI_FLAG_UNKNOW; // pmeinfo->wndsize[pstream->curdir-1]=ntohs(tcphdr->th_win); @@ -1716,7 +1741,7 @@ char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* p { data=kni_get_data(pstream,&datalen); kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1])); - } +} kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr); @@ -1759,8 +1784,8 @@ char kni_data_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmei { if((tcphdr->th_flags&TH_SYN)&&(tcphdr->th_flags&TH_ACK)) { - kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1])); + } kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr); @@ -1884,6 +1909,7 @@ int init_profile_info(int* scandir_interval,int* effect_interval,int* logger_lev //kni.conf + MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"replay_win_update",&(g_kni_switch_info.replay_win_update),1); MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_work_mode",&(g_kni_switch_info.maat_default_mode),KNI_DEFAULT_MODE_INTERCEPT); MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_level",logger_level,RLOG_LV_INFO); MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"maat_readconf_mode",maat_readconf_mode,KNI_READCONF_IRIS); diff --git a/kni.h b/kni.h index abaed47..39c6105 100644 --- a/kni.h +++ b/kni.h @@ -191,6 +191,7 @@ enum kni_flag struct kni_switch_info { int maat_default_mode; //0:INTERCEPT 1:BYPASS + int replay_win_update; //0:not replay;1:replay }; struct kni_http_project @@ -336,6 +337,7 @@ struct kni_wndpro_reply_info struct kni_pme_info { + unsigned int ip_not_hit; unsigned short status_flag; unsigned short mss[KNI_DIR_DOUBLE]; //host order unsigned char wnscal[KNI_DIR_DOUBLE]; //host order