gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

20180719

Browse Source 
1、增加默认工作模式:BYPASS状态:whitelist和扫描未命中都回注;INTERCEPT:只有whitelist回注;
2、域名定义最长默认MTU1500长度,超长截断;
3、HTTP_HOST扫描whitelist_domain,无HOST的HTTP回注;更改kni.inf的HTTP入口只注册HTTP_HOST
4、流标签从int类型改为struct类型,所以更改./conf/project_list.conf
This commit is contained in:
liuyang
2018-07-19 11:05:10 +08:00
parent e1d571bd92
commit c4026e018c
4 changed files with 92 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/kni/kni.inf
View File

@@ -10,7 +10,7 @@ DESTROY_FUNC=
[TCP_ALL]
FUNC_FLAG=all
FUNC_FLAG=HTTP_HOST
FUNC_NAME=kni_tcpall_entry

2
bin/project_list.conf
View File

@@ -18,4 +18,4 @@
#test_project struct
tcp_flow_stat struct
udp_flow_stat struct
protocol_tag int
protocol_tag struct

331
kni.c
View File

@@ -60,7 +60,7 @@ int kni_debug_info_v4(char* module,int state_flag,struct ip* a_packet)
int iplen=ntohs(a_packet->ip_len);
struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(a_packet->ip_hl));
unsigned int seq=ntohl(tcphdr->seq);
// unsigned int seq=ntohl(tcphdr->seq);
unsigned short sport=0;
unsigned short dport=0;
@@ -72,7 +72,7 @@ int kni_debug_info_v4(char* module,int state_flag,struct ip* a_packet)
inet_ntop(AF_INET, (void *)&((a_packet->ip_src).s_addr), saddr_v4, INET_ADDRSTRLEN);
inet_ntop(AF_INET, (void *)&((a_packet->ip_dst).s_addr), daddr_v4, INET_ADDRSTRLEN);
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_DEBUG,module,"addr:%s,%d,%s,%d,state_flag:%d,ip_len:%d,seq:%u",saddr_v4,sport,daddr_v4,dport,state_flag,iplen,seq);
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_DEBUG,module,"addr:%s,%d,%s,%d,state_flag:%d,ip_len:%d",saddr_v4,sport,daddr_v4,dport,state_flag,iplen);
return 0;
@@ -523,13 +523,13 @@ int kni_sendpkt_routdir(int thread_seq,int iplen,char* ip,struct stream_tuple4_v
}
else
{
printf("interface name is too long\n");
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,KNI_MODULE_SENDPKT,"interface name :%s is too long\n",if_name);
return -1;
}
if(-1==ioctl(g_kni_comminfo.ipv4_fd[thread_seq],SIOCGIFINDEX,&ifr))
{
printf("get if index error:%d,%s",errno,strerror(errno));
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,KNI_MODULE_SENDPKT,"get if index error:%d,%s,name:%d",errno,strerror(errno),if_name);
return -1;
}
@@ -812,7 +812,7 @@ int init_domain_fd()
}
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():domain socket connect succ! ");
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"init_domain_fd","domain socket connect succ! ");
return i_fd;
}
@@ -1173,8 +1173,8 @@ int tcp_repair_process(const struct streaminfo* pstream,const struct ip* a_packe
struct kni_tcp_state fake_client;
struct kni_tcp_state fake_server;
struct ip* iphdr=(struct ip*)a_packet;
struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl));
// struct ip* iphdr=(struct ip*)a_packet;
// struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl));
// int tcplen=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->doff;
fd_client = socket(AF_INET, SOCK_STREAM, 0);
@@ -1207,7 +1207,6 @@ int tcp_repair_process(const struct streaminfo* pstream,const struct ip* a_packe
fds[1]=fd_server;
fds[2]=protocol;
// ret=MESA_lqueue_try_join_head(g_kni_structinfo.lqueue_for_domain,(void*)fds,KNI_FDS_NUM*sizeof(int));
ret=MESA_lqueue_join_head(g_kni_structinfo.lqueue_for_domain,(void*)fds,KNI_FDS_NUM*sizeof(int));
if(ret <0)
{
@@ -1231,180 +1230,42 @@ return :state_flag
kni_bmd:STAT_FLAG_SNIBMD
not kni_bmd:STAT_FLAG_SSL_NOBMD
***************************************************************************************/
int kni_judge_sni(char* sni,int sni_len,int thread_seq,scan_status_t mid)
int kni_scan_whitelist_domain(char* domain,int domain_len,int thread_seq,scan_status_t mid)
{
int i=0;
int action=KNI_ACTION_NONE;
int state_flag=KNI_FLAG_NOTPROC;
int string_scan_num=0;
int found_pos;
struct Maat_rule_t maat_result[KNI_MAX_SAMENUM];
string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,sni,sni_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq);
string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,domain,domain_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq);
if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(string_scan_num==0))
{
action=KNI_ACTION_WHITELIST;
return action;
}
for(i=0;i<string_scan_num;i++)
{
action=abs(maat_result[i].action);
if(action==KNI_ACTION_WHITELIST)
{
state_flag=KNI_FLAG_SNIBMD;
return state_flag;
action=KNI_ACTION_WHITELIST;
return action;
}
}
return state_flag;
return action;
}
/***************************************************************************************
return :state_flag
ssl:STAT_FLAG_SSL_NOBMD
not ssl:STAT_FLAG_NOTSSL
***************************************************************************************/
/*
int kni_judge_ssl_bak(char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
{
// int state_flag=KNI_FLAG_UNKNOW;
// return STAT_FLAG_SSL_NOBMD;
int ssl_header_len=0;
char* ssl_header=NULL;
unsigned char content_type=0;
unsigned short version_in_header=0;
unsigned short len_in_header=0;
int ssl_body_len=0;
char* ssl_body=NULL;
unsigned char handshark_type=0;
unsigned int len_in_body=0;
unsigned short version_in_body=0;
unsigned char session_id_len=0;
unsigned short ciphersuite_len=0;
unsigned char compression_method_len=0;
int ssl_extention_len=0;
char* ssl_extention=NULL;
unsigned short extension_len_less=0;
unsigned short type_in_extension=0;
unsigned short len_in_extension=0;
//ssl header
ssl_header=tcp_data;
content_type=*(unsigned char*)&ssl_header[ssl_header_len];
if(content_type!=SSL_CONTENTTYPE_HANDSHAKE)
{
return STAT_FLAG_NOTSSL;
}
ssl_header_len+=1;
version_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len]));
if((version_in_header!=SSL_VERSION_TLS1_0)&&(version_in_header!=SSL_VERSION_TLS1_1)&&(version_in_header!=SSL_VERSION_TLS1_2))
{
return STAT_FLAG_NOTSSL;
}
ssl_header_len+=2;
len_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len]));
if(len_in_header!=tcp_datalen-SSL_HEADER_LEN)
{
return STAT_FLAG_NOTSSL;
}
ssl_header_len+=2;
//ssl body
ssl_body=ssl_header+ssl_header_len;
handshark_type=*(unsigned char*)&(ssl_body[ssl_body_len]);
if(handshark_type!=SSL_HANDSHAR_TYPE_CLIENTHELLO)
{
return STAT_FLAG_NOTSSL;
}
ssl_body_len+=1;
// memcpy(&len_in_body,&ssl_body[ssl_body_len],3);
len_in_body=*(unsigned char*)&ssl_body[ssl_body_len+2]+256*(*(unsigned char*)&ssl_body[ssl_body_len+1])+65536*(*(unsigned char*)&ssl_body[ssl_body_len]);
if(len_in_body!=(len_in_header-SSL_BODY_LEN))
{
return STAT_FLAG_NOTSSL;
}
ssl_body_len+=3;
version_in_body=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len]));
if((version_in_body!=SSL_VERSION_TLS1_0)&&(version_in_body!=SSL_VERSION_TLS1_1)&&(version_in_body!=SSL_VERSION_TLS1_2))
{
return STAT_FLAG_NOTSSL;
}
ssl_body_len+=2;
ssl_body_len+=32; //4byte time,28bytes random
session_id_len=*(unsigned char*)&(ssl_body[ssl_body_len]);
ssl_body_len+=1;
ssl_body_len+=session_id_len;
ciphersuite_len=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len]));
ssl_body_len+=2;
ssl_body_len+=ciphersuite_len;
compression_method_len=*(unsigned char*)&(ssl_body[ssl_body_len]);
ssl_body_len+=1;
ssl_body_len+=compression_method_len;
//ssl extention
ssl_extention=ssl_body+ssl_body_len;
extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2)
{
return STAT_FLAG_NOTSSL;
}
ssl_extention_len+=2;
while(ssl_extention_len<extension_len_less)
{
type_in_extension=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
ssl_extention_len+=2;
len_in_extension=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
ssl_extention_len+=2;
if(type_in_extension==SSL_EXTENSION_TYPE_SNI)
{
if(len_in_extension>KNI_SNI_MAXLEN)
{
//error
return STAT_FLAG_NOTSSL;
}
memcpy(sni,&ssl_extention[ssl_extention_len],len_in_extension);
*sni_len=len_in_extension;
return STAT_FLAG_SSL_NOBMD;
}
else
{
ssl_extention_len+=len_in_extension;
continue;
}
}
return STAT_FLAG_NOTSSL;
}
*/
/***************************************************************************************
return :action
default:ipscan_num =0 or =1,not >1
***************************************************************************************/
int kni_judge_ipbmd(struct ipaddr* addr,int thread_seq,int protocol,scan_status_t mid)
int kni_scan_whitelist_ip(struct ipaddr* addr,int thread_seq,int protocol,scan_status_t mid)
{
int i=0;
int action=KNI_ACTION_NONE;
@@ -1414,6 +1275,13 @@ int kni_judge_ipbmd(struct ipaddr* addr,int thread_seq,int protocol,scan_status_
ipscan_num=Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ip,addr,protocol,maat_result,KNI_MAX_SAMENUM,&mid,thread_seq);
if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(ipscan_num==0))
{
action=KNI_ACTION_WHITELIST;
return action;
}
for(i=0;i<ipscan_num;i++)
{
action=abs(maat_result[i].action);
@@ -1705,6 +1573,10 @@ int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
return KNI_FLAG_UNKNOW;
}
if(len_in_extension>KNI_DEFAULT_MTU)
{
len_in_extension=KNI_DEFAULT_MTU;
}
memcpy(sni,&ssl_extention[ssl_extention_len],len_in_extension);
*sni_len=len_in_extension;
@@ -1721,20 +1593,29 @@ int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
return KNI_FLAG_UNKNOW;
}
int kni_judge_http(const struct streaminfo *stream)
int kni_judge_http(const struct streaminfo *stream,char* domain,int* domain_len)
{
int val=project_req_get_int(stream,g_kni_comminfo.project_id);
int val=1;
struct kni_http_project* host=(struct kni_http_project*)project_req_get_struct(stream,g_kni_comminfo.project_id);
if(host==NULL)
{
*domain_len=0;
return -1;
}
*domain_len=host->host_len>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:host->host_len;
memcpy(domain,host->host,*domain_len);
return val;
}
int kni_protocol_identify(const struct streaminfo* pstream,char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
int kni_protocol_identify(const struct streaminfo* pstream,char* tcp_data,int tcp_datalen,char* domain,int* domain_len)
{
if(kni_judge_http(pstream)==1)
if(kni_judge_http(pstream,domain,domain_len)==1)
{
return KNI_FLAG_HTTP;
}
else if(kni_judge_ssl(tcp_data,tcp_datalen,sni,sni_len)==KNI_FLAG_SSL)
else if(kni_judge_ssl(tcp_data,tcp_datalen,domain,domain_len)==KNI_FLAG_SSL)
{
return KNI_FLAG_SSL;
}
@@ -1767,20 +1648,26 @@ char kni_first_tcpdata(const struct streaminfo* pstream,const struct ip* ip_hdr,
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
int sni_len=0;
char sni[KNI_MAX_BUFLEN]={0};
int domain_len=0;
char domain[KNI_DEFAULT_MTU]={0};
pmeinfo->status_flag=kni_protocol_identify(pstream,data,datalen,sni,&sni_len);
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"kni_protocol_identify","protocol:%d",pmeinfo->status_flag);
int action=KNI_ACTION_NONE;
pmeinfo->status_flag=kni_protocol_identify(pstream,data,datalen,domain,&domain_len);
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"domain","domain:%s,domain_len:%d",(char*)(domain),domain_len);
if(pmeinfo->status_flag==KNI_FLAG_SSL)
{
pmeinfo->status_flag=kni_judge_sni(sni,sni_len,pstream->threadnum,pmeinfo->mid);
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"kni_judge_sni","status_flag:%d",pmeinfo->status_flag);
}
if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL))
{
action=kni_scan_whitelist_domain(domain,domain_len,pstream->threadnum,pmeinfo->mid);
if(action==KNI_ACTION_WHITELIST)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"whitelist_domain","domain:%s,domain_len:%d",(char*)(domain+5),domain_len);
kni_debug_info_v4((char*)"DOMIN_WHITELIST",0,(struct ip*)ip_hdr);
pmeinfo->status_flag=KNI_FLAG_NOTPROC;
return ret;
}
if(tcp_repair_process(pstream,ip_hdr,pmeinfo,pmeinfo->status_flag)<0)
{
@@ -1833,10 +1720,10 @@ char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* p
struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl));
ipscan_action=kni_judge_ipbmd((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo->mid);
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"kni_judge_ipbmd","action:%d",ipscan_action);
ipscan_action=kni_scan_whitelist_ip((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo->mid);
if(ipscan_action==KNI_ACTION_WHITELIST)
{
kni_debug_info_v4((char*)"IP_WHITELIST",0,(struct ip*)ip_hdr);
return ret;
}
@@ -1847,7 +1734,6 @@ char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* p
{
data=kni_get_data(pstream,&datalen);
kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1]));
}
kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr);
@@ -1972,89 +1858,28 @@ extern "C" char kni_tcpall_entry(const struct streaminfo* pstream,void** pme,int
return ret;
}
/*
long kni_state_htable_cb_v6(void* data,const unsigned char* key,unsigned int size,void* user_arg)
{
struct ipaddr addr_ipbmd;
struct datainfo_to_tun* datainfo=(struct datainfo_to_tun*)data;
struct args_to_tun* arg=(struct args_to_tun*)user_arg;
struct kni_ipv6_hdr* ipv6_hdr=(struct kni_ipv6_hdr*)(arg->a_packet);
if(datainfo==NULL)
{
datainfo=(struct datainfo_to_tun*)malloc(sizeof(struct datainfo_to_tun));
memset(datainfo,0,sizeof(struct datainfo_to_tun));
MESA_htable_add(g_kni_structinfo.htable_to_tun_v4, key,size,(void*)datainfo);
memset(&addr_ipbmd,0,sizeof(struct ipaddr));
addr_ipbmd.addrtype=ADDR_TYPE_IPV6;
addr_ipbmd.v4=(struct stream_tuple4_v4*)key;
datainfo->state_flag=kni_judge_ipbmd(&addr_ipbmd,arg->thread_seq,ipv6_hdr->ip6_nex_hdr);
}
return datainfo->state_flag;
}
char kni_ipv6_entry(struct streaminfo *pstream,unsigned char routedir,int thread_seq,void *a_packet)
{
int ip_reverse=0;
struct kni_ipv6_hdr* ipv6_hdr=(struct kni_ipv6_hdr*)a_packet;
long state_flag=0;
struct args_to_tun usr_arg;
struct stream_tuple4_v6 ipv6_addr;
if(ipv6_hdr->ip6_nex_hdr!=PROTO_TYPE_TCP)
{
return APP_STATE_DROPME;
}
ip_reverse=kni_get_ipaddr_v6(a_packet,&ipv6_addr);
memset(&usr_arg,0,sizeof(struct args_to_tun));
usr_arg.a_packet=(struct ip*)a_packet;
usr_arg.thread_seq=thread_seq;
if(ip_reverse==0)
{
usr_arg.routdir=routedir;
}
else
{
usr_arg.routdir=routedir^0x80;
}
MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v6,(unsigned char*)&ipv6_addr,sizeof(struct stream_tuple4_v6),kni_state_htable_cb_v6,&usr_arg,&state_flag);
if(state_flag==KNI_FLAG_IPBMD)
{
return APP_STATE_DROPPKT;
}
tun_write_data_v6(g_kni_comminfo.fd_tun[thread_seq],(char*)a_packet,ntohl(ipv6_hdr->ip6_payload_len));
return APP_STATE_DROPPKT;
}
*/
extern "C" char kni_http_entry(stSessionInfo* session_info, void **pme, int thread_seq,struct streaminfo *a_stream,const void *a_packet)
{
char ret=PROT_STATE_DROPME;
int val=1;
project_req_add_int(a_stream,g_kni_comminfo.project_id,val);
int host_len=session_info->buflen>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:session_info->buflen;
struct kni_http_project* host_info=(struct kni_http_project*)malloc(sizeof(struct kni_http_project));
host_info->host_len=host_len;
memcpy(host_info->host,session_info->buf,host_len);
project_req_add_struct(a_stream,g_kni_comminfo.project_id,host_info);
return ret;
}
void kni_free_project(int thread_seq, void *project_req_value)
{
free(project_req_value);
project_req_value=NULL;
return ;
}
int init_profile_info(int* logger_level,char* logger_filepath,int* maat_json_switch,char* table_info_path,char* inc_cfg_dir,char* full_cfg_dir )
{
@@ -2065,7 +1890,7 @@ int init_profile_info(int* logger_level,char* logger_filepath,int* maat_json_swi
//kni.conf
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_switch",&(g_kni_switch_info.maat_default_switch),1);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_work_mode",&(g_kni_switch_info.maat_default_mode),KNI_DEFAULT_MODE_INTERCEPT);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_level",logger_level,RLOG_LV_INFO);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"maat_json_switch",maat_json_switch,0);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_filepath",logger_filepath,KNI_CONF_MAXLEN,"./log/kni.log");
@@ -2219,14 +2044,14 @@ extern "C" char kni_init()
}
//project
g_kni_comminfo.project_id=project_producer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_INT,NULL);
g_kni_comminfo.project_id=project_producer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT,kni_free_project);
if(g_kni_comminfo.project_id<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_producer_register() error!project_id:%d",g_kni_comminfo.project_id);
return -1;
}
g_kni_comminfo.project_id=project_customer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_INT);
g_kni_comminfo.project_id=project_customer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT);
if(g_kni_comminfo.project_id<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_customer_register() error!project_id:%d",g_kni_comminfo.project_id);

17
kni.h
View File

@@ -34,6 +34,8 @@
#define KNI_ETHER_LEN 14
#define TCPHDR_DEFAULT_LEN 20
#define KNI_DEFAULT_MTU 1500
#define LOCAL_IP_ADDR "192.168.100.1"
#define KNI_MAX_BUFLEN 1500
@@ -69,9 +71,6 @@
#define KNI_OFFSET_CARDNAME 3
#define KNI_CARD_NUM 2
#define PROTO_TYPE_TCP 6
#define PROTO_TYPE_UDP 17
@@ -156,7 +155,8 @@
#define KNI_PROJECT_NAME "protocol_tag"
#define KNI_DEFAULT_MODE_INTERCEPT 0
#define KNI_DEFAULT_MODE_BYPASS 1
enum kni_flag
{
@@ -173,7 +173,14 @@ enum kni_flag
struct kni_switch_info
{
int maat_default_switch; //0:KNI_ACTION_NONE is fwdpkt;1:KNI_ACTION_NONE is reject
int maat_default_mode; //0:INTERCEPT 1:BYPASS
};
struct kni_http_project
{
int host_len;
char host[KNI_DEFAULT_MTU];
};