gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-2611:1、通过修改cmsg修改mss值 2、增加tcp option 功能开关

Browse Source
This commit is contained in:
fumingwei
2020-08-17 11:37:46 +08:00
parent b74d15efec
commit c88516a573
6 changed files with 129 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
entry/src/kni_entry.cpp
View File

@@ -252,7 +252,7 @@ static int judge_stream_can_destroy(struct pme_info *pmeinfo, int caller){
return can_destroy;
}
static int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo){
int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo){
void *logger = g_kni_handle->local_logger;
int ret = kni_cmsg_set(cmsg, type, value, size);
if(ret < 0){
@@ -271,6 +271,9 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
char *trace_id = NULL;
uint32_t seq = pktinfo->tcphdr->seq;
uint32_t ack = pktinfo->tcphdr->ack_seq;
if(g_kni_handle->pxy_tcp_option_enable == 1){
pxy_tcp_option_modify_mss(pmeinfo, logger);
}
uint16_t client_mss = htons(pmeinfo->client_tcpopt.mss);
uint16_t server_mss = htons(pmeinfo->server_tcpopt.mss);
uint16_t client_window = htons(pmeinfo->client_window);
@@ -354,80 +357,12 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_STREAM_TRACE_ID, (const unsigned char*)trace_id,
strnlen(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid)), pmeinfo);
if(ret < 0) goto error_out;
/*
TFE_CMSG_DOWNSTREAM_TCP_MAXSEG = 0x40, //size int
TFE_CMSG_DOWNSTREAM_TCP_NODELAY = 0x41, //size int
TFE_CMSG_DOWNSTREAM_TCP_TTL = 0x42, //size int
TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE = 0x43, //size int
TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT = 0x44, //size int
TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE = 0x45, //size int
TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL = 0x46, //size int
TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT = 0x47, //size int
TFE_CMSG_UPSTREAM_TCP_MAXSEG = 0x50, //size int
TFE_CMSG_UPSTREAM_TCP_NODELAY = 0x51, //size int
TFE_CMSG_UPSTREAM_TCP_TTL = 0x52, //size int
TFE_CMSG_UPSTREAM_TCP_KEEPALIVE = 0x53, //size int
TFE_CMSG_UPSTREAM_TCP_KEEPCNT = 0x54, //size int
TFE_CMSG_UPSTREAM_TCP_KEEPIDLE = 0x55, //size int
TFE_CMSG_UPSTREAM_TCP_KEEPINTVL = 0x56, //size int
TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT = 0x57, //size int
TFE_CMSG_TCP_PASSTHROUGH = 0x60, //size int
*/
// proxy tcp option start
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_MAXSEG, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_maxseg), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_nodelay), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_ttl), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_enable), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepcnt), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepidle), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepintvl), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_user_timeout), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_MAXSEG, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_maxseg), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_nodelay), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_ttl), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_enable), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPCNT , (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepcnt), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepidle), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepintvl), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_user_timeout), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char*)&(pmeinfo->pxy_tcp_option.tcp_passthrough), sizeof(int), pmeinfo);
if(ret < 0) goto error_out;
// proxy tcp option end
// proxy tcp option
if(g_kni_handle->pxy_tcp_option_enable == 1)
{
ret = pxy_tcp_option_cmsg_set(cmsg, pmeinfo);
if(ret < 0) goto error_out;
}
//src mac
ret = get_rawpkt_opt_from_streaminfo(stream, RAW_PKT_GET_VXLAN_OUTER_GDEV_MAC, src_mac);
@@ -1206,10 +1141,13 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
}
//Bypass Duplicated Packet
if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1)
if(g_kni_handle->pxy_tcp_option_enable == 1)
{
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy tcp option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid);
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1)
{
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid);
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
}
}
//dynamic bypass
if(first_data_ssl_dynamic_bypass(stream, pmeinfo, pktinfo, thread_seq) == 0)
@@ -1353,8 +1291,11 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
if(g_kni_handle->dup_traffic_switch == 1){
if(pmeinfo->has_dup_traffic == 1){
//ret = 1, = dup packet, bypass the packet
if(pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1){ //Bypass Duplicated Packet
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
if(g_kni_handle->pxy_tcp_option_enable == 1)
{
if(pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1){ //Bypass Duplicated Packet
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
}
}
ret = dabloom_search(pktinfo, thread_seq);
if(ret == 1){