diff --git a/common/include/kni_cmsg.h b/common/include/kni_cmsg.h index 0763dc2..3b96e3e 100644 --- a/common/include/kni_cmsg.h +++ b/common/include/kni_cmsg.h @@ -45,7 +45,7 @@ enum tfe_cmsg_tlv_type TFE_CMSG_DST_MAC, /* TCP option information */ - TFE_CMSG_DOWNSTREAM_TCP_MAXSEG, +// TFE_CMSG_DOWNSTREAM_TCP_MAXSEG, TFE_CMSG_DOWNSTREAM_TCP_NODELAY, TFE_CMSG_DOWNSTREAM_TCP_TTL, TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE, @@ -54,7 +54,7 @@ enum tfe_cmsg_tlv_type TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT, - TFE_CMSG_UPSTREAM_TCP_MAXSEG, +// TFE_CMSG_UPSTREAM_TCP_MAXSEG, TFE_CMSG_UPSTREAM_TCP_NODELAY , TFE_CMSG_UPSTREAM_TCP_TTL, TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, diff --git a/conf/kni/kni.conf b/conf/kni/kni.conf index 6cbb194..5b3ce9b 100644 --- a/conf/kni/kni.conf +++ b/conf/kni/kni.conf @@ -96,6 +96,7 @@ mho_expire_time = 300 mho_eliminate_type = FIFO [proxy_tcp_option] +enabled = 1 maat_table_compile = PXY_TCP_OPTION_COMPILE maat_table_addr = PXY_TCP_OPTION_ADDR maat_table_fqdn = PXY_TCP_OPTION_SSL_SNI \ No newline at end of file diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h index f60d3b4..84aaab2 100644 --- a/entry/include/kni_entry.h +++ b/entry/include/kni_entry.h @@ -12,7 +12,7 @@ #define CALLER_TFE 1 #define SSL_INFO_LEN 2048 -#define _MAX_TABLE_NAME_LEN 64 +#define _MAX_MAAT_TABLE_NAME_LEN 64 enum intercept_error{ INTERCEPT_ERROR_ASYM_ROUTING = -1, @@ -203,8 +203,9 @@ struct kni_handle{ int *arr_last_tfe_dispatch_index; int secpolicyid_evenflow_self_check; MESA_htable_handle sslinfo2bypass_htable; - char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN]; // for proxy tcp option maat name - int table_id[TABLE_MAX]; + int pxy_tcp_option_enable; //for proxy tcp option enable + char maat_table_name[TABLE_MAX][_MAX_MAAT_TABLE_NAME_LEN]; // for proxy tcp option maat name + int maat_table_id[TABLE_MAX]; struct proxy_tcp_option pxy_tcp_option; }; diff --git a/entry/include/kni_pxy_tcp_option.h b/entry/include/kni_pxy_tcp_option.h index 492f044..adb6105 100644 --- a/entry/include/kni_pxy_tcp_option.h +++ b/entry/include/kni_pxy_tcp_option.h @@ -10,5 +10,8 @@ int pxy_tcp_option_rule_init(const char* conffile, void *logger); int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo *a_stream,struct pme_info *pmeinfo, void *logger); +void pxy_tcp_option_modify_mss(struct pme_info *pmeinfo,void *logger); + +int pxy_tcp_option_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo); #endif diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index 1526645..8541328 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -252,7 +252,7 @@ static int judge_stream_can_destroy(struct pme_info *pmeinfo, int caller){ return can_destroy; } -static int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo){ +int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo){ void *logger = g_kni_handle->local_logger; int ret = kni_cmsg_set(cmsg, type, value, size); if(ret < 0){ @@ -271,6 +271,9 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st char *trace_id = NULL; uint32_t seq = pktinfo->tcphdr->seq; uint32_t ack = pktinfo->tcphdr->ack_seq; + if(g_kni_handle->pxy_tcp_option_enable == 1){ + pxy_tcp_option_modify_mss(pmeinfo, logger); + } uint16_t client_mss = htons(pmeinfo->client_tcpopt.mss); uint16_t server_mss = htons(pmeinfo->server_tcpopt.mss); uint16_t client_window = htons(pmeinfo->client_window); @@ -354,80 +357,12 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_STREAM_TRACE_ID, (const unsigned char*)trace_id, strnlen(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid)), pmeinfo); if(ret < 0) goto error_out; -/* - TFE_CMSG_DOWNSTREAM_TCP_MAXSEG = 0x40, //size int - TFE_CMSG_DOWNSTREAM_TCP_NODELAY = 0x41, //size int - TFE_CMSG_DOWNSTREAM_TCP_TTL = 0x42, //size int - TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE = 0x43, //size int - TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT = 0x44, //size int - TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE = 0x45, //size int - TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL = 0x46, //size int - TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT = 0x47, //size int - - TFE_CMSG_UPSTREAM_TCP_MAXSEG = 0x50, //size int - TFE_CMSG_UPSTREAM_TCP_NODELAY = 0x51, //size int - TFE_CMSG_UPSTREAM_TCP_TTL = 0x52, //size int - TFE_CMSG_UPSTREAM_TCP_KEEPALIVE = 0x53, //size int - TFE_CMSG_UPSTREAM_TCP_KEEPCNT = 0x54, //size int - TFE_CMSG_UPSTREAM_TCP_KEEPIDLE = 0x55, //size int - TFE_CMSG_UPSTREAM_TCP_KEEPINTVL = 0x56, //size int - TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT = 0x57, //size int - - TFE_CMSG_TCP_PASSTHROUGH = 0x60, //size int -*/ - // proxy tcp option start - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_MAXSEG, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_maxseg), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_nodelay), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_ttl), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_enable), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepcnt), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepidle), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepintvl), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_user_timeout), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_MAXSEG, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_maxseg), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_nodelay), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_ttl), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_enable), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPCNT , (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepcnt), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepidle), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepintvl), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_user_timeout), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char*)&(pmeinfo->pxy_tcp_option.tcp_passthrough), sizeof(int), pmeinfo); - if(ret < 0) goto error_out; - // proxy tcp option end - + // proxy tcp option + if(g_kni_handle->pxy_tcp_option_enable == 1) + { + ret = pxy_tcp_option_cmsg_set(cmsg, pmeinfo); + if(ret < 0) goto error_out; + } //src mac ret = get_rawpkt_opt_from_streaminfo(stream, RAW_PKT_GET_VXLAN_OUTER_GDEV_MAC, src_mac); @@ -1206,10 +1141,13 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei } //Bypass Duplicated Packet - if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1) + if(g_kni_handle->pxy_tcp_option_enable == 1) { - KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy tcp option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid); - return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME; + if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1) + { + KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid); + return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME; + } } //dynamic bypass if(first_data_ssl_dynamic_bypass(stream, pmeinfo, pktinfo, thread_seq) == 0) @@ -1353,8 +1291,11 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct if(g_kni_handle->dup_traffic_switch == 1){ if(pmeinfo->has_dup_traffic == 1){ //ret = 1, = dup packet, bypass the packet - if(pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1){ //Bypass Duplicated Packet - return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME; + if(g_kni_handle->pxy_tcp_option_enable == 1) + { + if(pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1){ //Bypass Duplicated Packet + return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME; + } } ret = dabloom_search(pktinfo, thread_seq); if(ret == 1){ diff --git a/entry/src/kni_pxy_tcp_option.cpp b/entry/src/kni_pxy_tcp_option.cpp index 0b87754..603d3cd 100644 --- a/entry/src/kni_pxy_tcp_option.cpp +++ b/entry/src/kni_pxy_tcp_option.cpp @@ -1,8 +1,10 @@ #include #include "kni_pxy_tcp_option.h" #include "kni_utils.h" +#include "kni_cmsg.h" extern struct kni_handle *g_kni_handle; +extern int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo); int pxy_tcp_option_parse_json(const struct Maat_rule_t* rule, const char* srv_def_large,struct proxy_tcp_option *pxy_tcpop, void *logger) { @@ -280,6 +282,7 @@ void pxy_tcp_option_default_param_new(int idx, const struct Maat_rule_t* rule, c } else{ KNI_LOG_ERROR(logger, "Fail to get proxy tcp option default policy, Error: json data parse fail"); + assert(ret == 1); } return; } @@ -305,30 +308,37 @@ void pxy_tcp_option_default_param_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_ int pxy_tcp_option_rule_init(const char* conffile, void *logger) { - int i=0; - MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_compile", g_kni_handle->table_name[TABLE_COMPILE], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE"); - MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_addr", g_kni_handle->table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_ADDR"); - MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_fqdn", g_kni_handle->table_name[TABLE_SSL_FQDN], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN"); + int i = 0; + int pxy_tcp_option_enable = 0; + char section[KNI_SYMBOL_MAX] = "proxy_tcp_option"; + MESA_load_profile_int_def(conffile, section, "enabled", &pxy_tcp_option_enable, 1); + MESA_load_profile_string_def(conffile, section, "maat_table_compile", g_kni_handle->maat_table_name[TABLE_COMPILE], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE"); + MESA_load_profile_string_def(conffile, section, "maat_table_addr", g_kni_handle->maat_table_name[TABLE_IP_ADDR], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_ADDR"); + MESA_load_profile_string_def(conffile, section, "maat_table_fqdn", g_kni_handle->maat_table_name[TABLE_SSL_FQDN], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN"); + KNI_LOG_ERROR(logger, "MESA_prof_load, [%s]:\n enabled: %d", section, pxy_tcp_option_enable); + g_kni_handle->pxy_tcp_option_enable = pxy_tcp_option_enable; + if(pxy_tcp_option_enable == 0) + return 0; for(i=0; itable_id[i]=Maat_table_register(g_tsg_maat_feather, g_kni_handle->table_name[i]); - if(g_kni_handle->table_id[i]<0) + g_kni_handle->maat_table_id[i]=Maat_table_register(g_tsg_maat_feather, g_kni_handle->maat_table_name[i]); + if(g_kni_handle->maat_table_id[i]<0) { - KNI_LOG_ERROR(logger, "Maat_table_register %s failed, Please check etc/kni/kni.conf", g_kni_handle->table_name[i]); + KNI_LOG_ERROR(logger, "Maat_table_register %s failed, Please check etc/kni/kni.conf", g_kni_handle->maat_table_name[i]); return -1; } } - g_kni_handle->table_id[TABLE_COMPILE] = Maat_rule_get_ex_new_index(g_tsg_maat_feather, - g_kni_handle->table_name[TABLE_COMPILE], + g_kni_handle->maat_table_id[TABLE_COMPILE] = Maat_rule_get_ex_new_index(g_tsg_maat_feather, + g_kni_handle->maat_table_name[TABLE_COMPILE], pxy_tcp_option_default_param_new, pxy_tcp_option_default_param_free_cb, pxy_tcp_option_default_param_dup, 0, logger); - if(g_kni_handle->table_id[TABLE_COMPILE] < 0) + if(g_kni_handle->maat_table_id[TABLE_COMPILE] < 0) { - KNI_LOG_ERROR(logger, "Maat_rule_get_ex_new_index %s failed, Please check etc/kni/kni.conf", g_kni_handle->table_id[TABLE_COMPILE]); + KNI_LOG_ERROR(logger, "Maat_rule_get_ex_new_index %s failed, Please check etc/kni/kni.conf", g_kni_handle->maat_table_id[TABLE_COMPILE]); return -1; } return 0; @@ -345,7 +355,7 @@ static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct str if(a_stream==NULL || maat_feather==NULL || result_num <=0 || result == NULL) { - KNI_LOG_ERROR(logger,"SCAN_ADDR a_stream==NULL || maat_feather==NULL || result_num <= 0 || result == NULL ,streamid=%s ", pmeinfo->stream_traceid); + KNI_LOG_ERROR(logger,"Proxy-tcp-option: SCAN_ADDR a_stream==NULL || maat_feather==NULL || result_num <= 0 || result == NULL ,streamid=%s ", pmeinfo->stream_traceid); return 0; } @@ -378,7 +388,7 @@ static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct str { maat_ret=Maat_scan_addr(maat_feather, - g_kni_handle->table_id[TABLE_IP_ADDR], + g_kni_handle->maat_table_id[TABLE_IP_ADDR], p_addr, result+hit_num, result_num-hit_num, @@ -387,12 +397,12 @@ static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct str if(maat_ret > 0) { - KNI_LOG_DEBUG(logger,"SCAN_IP,Hit streamid: %s",pmeinfo->stream_traceid); + KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_IP,Hit streamid: %s",pmeinfo->stream_traceid); hit_num+=maat_ret; } else { - KNI_LOG_DEBUG(logger,"SCAN_IP,Not hit streamid: %s,scan ret: %d", + KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_IP,Not hit streamid: %s,scan ret: %d", pmeinfo->stream_traceid, maat_ret); } @@ -410,13 +420,13 @@ static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t * int hit_num = 0, maat_ret = 0; if(pmeinfo->protocol != PROTO_HTTP && pmeinfo->protocol != PROTO_SSL) { - KNI_LOG_DEBUG(logger,"NOT SCAN DOMAIN, streamid: %s,stream protocol: %d",pmeinfo->stream_traceid,pmeinfo->protocol); + KNI_LOG_DEBUG(logger,"Proxy-tcp-option: NOT SCAN DOMAIN, streamid: %s,stream protocol: %d",pmeinfo->stream_traceid,pmeinfo->protocol); return hit_num; } if(hit_num < result_num) { maat_ret = Maat_full_scan_string(maat_feather, - g_kni_handle->table_id[TABLE_SSL_FQDN], + g_kni_handle->maat_table_id[TABLE_SSL_FQDN], CHARSET_UTF8, (const char *)&pmeinfo->domain, pmeinfo->domain_len, @@ -427,14 +437,14 @@ static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t * pmeinfo->thread_seq); if(maat_ret > 0) { - KNI_LOG_DEBUG(logger,"SCAN_DOMAIN,Hit streamid: %s, domain: %s", + KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_DOMAIN,Hit streamid: %s, domain: %s", pmeinfo->stream_traceid, (char*)&(pmeinfo->domain)); hit_num += maat_ret; } else { - KNI_LOG_DEBUG(logger,"SCAN_DOMAIN,Not hit stream_traceid: %s ,domain :%s scan ret: %d", + KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_DOMAIN,Not hit stream_traceid: %s ,domain :%s scan ret: %d", pmeinfo->stream_traceid, (char*)&(pmeinfo->domain), maat_ret); @@ -491,26 +501,26 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo do { if(p_result == NULL) { - KNI_LOG_DEBUG(logger,"Scan not hit, Proxy tcp option using default param, streamid = %s", pmeinfo->stream_traceid); + KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan not hit, using default param, streamid = %s", pmeinfo->stream_traceid); break; } - KNI_LOG_DEBUG(logger,"Scan hit, hit_num = %d, streamid = %s", hit_num, pmeinfo->stream_traceid); + KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan hit, hit_num = %d, streamid = %s", hit_num, pmeinfo->stream_traceid); tmp_buff=(char *)calloc(1, p_result->serv_def_len+1); Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, tmp_buff, p_result->serv_def_len); if( strlen(tmp_buff) < strlen("{}") + 1) { - KNI_LOG_DEBUG(logger, "Scan hit, Get extra data error: No json data or data is null,streamid = %s", pmeinfo->stream_traceid); + KNI_LOG_DEBUG(logger, "Proxy-tcp-option: Scan hit, Get extra data error: No json data or data is null,streamid = %s", pmeinfo->stream_traceid); break; } ret = pxy_tcp_option_parse_json((const struct Maat_rule_t*)p_result, (const char*)tmp_buff, pxy_tcpop, logger); if(ret != 1) { - KNI_LOG_DEBUG(logger,"Scan hit, json parse error,Proxy tcp option using default param,streamid = %s", pmeinfo->stream_traceid); + KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan hit, json parse error,using default param,streamid = %s", pmeinfo->stream_traceid); break; } - KNI_LOG_DEBUG(logger, "Proxy tcp option, streamid: %s,param:%s", pmeinfo->stream_traceid,tmp_buff); + KNI_LOG_DEBUG(logger, "Proxy-tcp-option: Scan hit, streamid: %s, param: %s", pmeinfo->stream_traceid,tmp_buff); is_not_default = 1; free(tmp_buff); tmp_buff = NULL; @@ -519,7 +529,7 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo if(is_not_default != 1) { memcpy((void *)pxy_tcpop, (const void *)&g_kni_handle->pxy_tcp_option, sizeof(g_kni_handle->pxy_tcp_option)); - KNI_LOG_DEBUG(logger, "Proxy tcp option, streamid: %s, Using default policy", pmeinfo->stream_traceid); + KNI_LOG_DEBUG(logger, "Proxy-tcp-option: streamid: %s, Using default policy", pmeinfo->stream_traceid); } if(mid!=NULL) @@ -529,3 +539,66 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo } return ret; } + + +void pxy_tcp_option_modify_mss(struct pme_info *pmeinfo,void *logger) +{ + KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, origin client mss:%u,origin server mss:%u", pmeinfo->stream_traceid,pmeinfo->client_tcpopt.mss, pmeinfo->server_tcpopt.mss); + pmeinfo->client_tcpopt.mss = pmeinfo->pxy_tcp_option.client_tcp_maxseg; + pmeinfo->server_tcpopt.mss = pmeinfo->pxy_tcp_option.server_tcp_maxseg; + KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, modified client mss:%u, server mss:%u", pmeinfo->stream_traceid,pmeinfo->client_tcpopt.mss, pmeinfo->server_tcpopt.mss); +} + + +int pxy_tcp_option_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo){ + int ret = 0; + do { + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_nodelay), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_ttl), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_enable), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepcnt), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepidle), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepintvl), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_user_timeout), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_nodelay), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_ttl), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_enable), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPCNT , (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepcnt), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepidle), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepintvl), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_user_timeout), sizeof(int), pmeinfo); + if(ret < 0) break; + + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char*)&(pmeinfo->pxy_tcp_option.tcp_passthrough), sizeof(int), pmeinfo); + if(ret < 0) break; + + } while (0); + return ret; +} +