TSG-2611:1、通过修改cmsg修改mss值 2、增加tcp option 功能开关
This commit is contained in:
fumingwei
@@ -45,7 +45,7 @@ enum tfe_cmsg_tlv_type
|
||||
TFE_CMSG_DST_MAC,
|
||||
|
||||
/* TCP option information */
|
||||
TFE_CMSG_DOWNSTREAM_TCP_MAXSEG,
|
||||
// TFE_CMSG_DOWNSTREAM_TCP_MAXSEG,
|
||||
TFE_CMSG_DOWNSTREAM_TCP_NODELAY,
|
||||
TFE_CMSG_DOWNSTREAM_TCP_TTL,
|
||||
TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE,
|
||||
@@ -54,7 +54,7 @@ enum tfe_cmsg_tlv_type
|
||||
TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL,
|
||||
TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT,
|
||||
|
||||
TFE_CMSG_UPSTREAM_TCP_MAXSEG,
|
||||
// TFE_CMSG_UPSTREAM_TCP_MAXSEG,
|
||||
TFE_CMSG_UPSTREAM_TCP_NODELAY ,
|
||||
TFE_CMSG_UPSTREAM_TCP_TTL,
|
||||
TFE_CMSG_UPSTREAM_TCP_KEEPALIVE,
|
||||
|
||||
@@ -96,6 +96,7 @@ mho_expire_time = 300
|
||||
mho_eliminate_type = FIFO
|
||||
|
||||
[proxy_tcp_option]
|
||||
enabled = 1
|
||||
maat_table_compile = PXY_TCP_OPTION_COMPILE
|
||||
maat_table_addr = PXY_TCP_OPTION_ADDR
|
||||
maat_table_fqdn = PXY_TCP_OPTION_SSL_SNI
|
||||
@@ -12,7 +12,7 @@
|
||||
#define CALLER_TFE 1
|
||||
|
||||
#define SSL_INFO_LEN 2048
|
||||
#define _MAX_TABLE_NAME_LEN 64
|
||||
#define _MAX_MAAT_TABLE_NAME_LEN 64
|
||||
|
||||
enum intercept_error{
|
||||
INTERCEPT_ERROR_ASYM_ROUTING = -1,
|
||||
@@ -203,8 +203,9 @@ struct kni_handle{
|
||||
int *arr_last_tfe_dispatch_index;
|
||||
int secpolicyid_evenflow_self_check;
|
||||
MESA_htable_handle sslinfo2bypass_htable;
|
||||
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN]; // for proxy tcp option maat name
|
||||
int table_id[TABLE_MAX];
|
||||
int pxy_tcp_option_enable; //for proxy tcp option enable
|
||||
char maat_table_name[TABLE_MAX][_MAX_MAAT_TABLE_NAME_LEN]; // for proxy tcp option maat name
|
||||
int maat_table_id[TABLE_MAX];
|
||||
struct proxy_tcp_option pxy_tcp_option;
|
||||
};
|
||||
|
||||
|
||||
@@ -10,5 +10,8 @@ int pxy_tcp_option_rule_init(const char* conffile, void *logger);
|
||||
|
||||
int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo *a_stream,struct pme_info *pmeinfo, void *logger);
|
||||
|
||||
void pxy_tcp_option_modify_mss(struct pme_info *pmeinfo,void *logger);
|
||||
|
||||
int pxy_tcp_option_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo);
|
||||
#endif
|
||||
|
||||
|
||||
@@ -252,7 +252,7 @@ static int judge_stream_can_destroy(struct pme_info *pmeinfo, int caller){
|
||||
return can_destroy;
|
||||
}
|
||||
|
||||
static int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo){
|
||||
int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo){
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
int ret = kni_cmsg_set(cmsg, type, value, size);
|
||||
if(ret < 0){
|
||||
@@ -271,6 +271,9 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
char *trace_id = NULL;
|
||||
uint32_t seq = pktinfo->tcphdr->seq;
|
||||
uint32_t ack = pktinfo->tcphdr->ack_seq;
|
||||
if(g_kni_handle->pxy_tcp_option_enable == 1){
|
||||
pxy_tcp_option_modify_mss(pmeinfo, logger);
|
||||
}
|
||||
uint16_t client_mss = htons(pmeinfo->client_tcpopt.mss);
|
||||
uint16_t server_mss = htons(pmeinfo->server_tcpopt.mss);
|
||||
uint16_t client_window = htons(pmeinfo->client_window);
|
||||
@@ -354,80 +357,12 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_STREAM_TRACE_ID, (const unsigned char*)trace_id,
|
||||
strnlen(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid)), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
/*
|
||||
TFE_CMSG_DOWNSTREAM_TCP_MAXSEG = 0x40, //size int
|
||||
TFE_CMSG_DOWNSTREAM_TCP_NODELAY = 0x41, //size int
|
||||
TFE_CMSG_DOWNSTREAM_TCP_TTL = 0x42, //size int
|
||||
TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE = 0x43, //size int
|
||||
TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT = 0x44, //size int
|
||||
TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE = 0x45, //size int
|
||||
TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL = 0x46, //size int
|
||||
TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT = 0x47, //size int
|
||||
|
||||
TFE_CMSG_UPSTREAM_TCP_MAXSEG = 0x50, //size int
|
||||
TFE_CMSG_UPSTREAM_TCP_NODELAY = 0x51, //size int
|
||||
TFE_CMSG_UPSTREAM_TCP_TTL = 0x52, //size int
|
||||
TFE_CMSG_UPSTREAM_TCP_KEEPALIVE = 0x53, //size int
|
||||
TFE_CMSG_UPSTREAM_TCP_KEEPCNT = 0x54, //size int
|
||||
TFE_CMSG_UPSTREAM_TCP_KEEPIDLE = 0x55, //size int
|
||||
TFE_CMSG_UPSTREAM_TCP_KEEPINTVL = 0x56, //size int
|
||||
TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT = 0x57, //size int
|
||||
|
||||
TFE_CMSG_TCP_PASSTHROUGH = 0x60, //size int
|
||||
*/
|
||||
// proxy tcp option start
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_MAXSEG, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_maxseg), sizeof(int), pmeinfo);
|
||||
// proxy tcp option
|
||||
if(g_kni_handle->pxy_tcp_option_enable == 1)
|
||||
{
|
||||
ret = pxy_tcp_option_cmsg_set(cmsg, pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_nodelay), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_ttl), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_enable), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepcnt), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepidle), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepintvl), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_user_timeout), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_MAXSEG, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_maxseg), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_nodelay), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_ttl), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_enable), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPCNT , (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepcnt), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepidle), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepintvl), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_user_timeout), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char*)&(pmeinfo->pxy_tcp_option.tcp_passthrough), sizeof(int), pmeinfo);
|
||||
if(ret < 0) goto error_out;
|
||||
// proxy tcp option end
|
||||
|
||||
}
|
||||
|
||||
//src mac
|
||||
ret = get_rawpkt_opt_from_streaminfo(stream, RAW_PKT_GET_VXLAN_OUTER_GDEV_MAC, src_mac);
|
||||
@@ -1206,11 +1141,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
}
|
||||
|
||||
//Bypass Duplicated Packet
|
||||
if(g_kni_handle->pxy_tcp_option_enable == 1)
|
||||
{
|
||||
if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1)
|
||||
{
|
||||
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy tcp option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid);
|
||||
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
|
||||
}
|
||||
}
|
||||
//dynamic bypass
|
||||
if(first_data_ssl_dynamic_bypass(stream, pmeinfo, pktinfo, thread_seq) == 0)
|
||||
{
|
||||
@@ -1353,9 +1291,12 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
|
||||
if(g_kni_handle->dup_traffic_switch == 1){
|
||||
if(pmeinfo->has_dup_traffic == 1){
|
||||
//ret = 1, = dup packet, bypass the packet
|
||||
if(g_kni_handle->pxy_tcp_option_enable == 1)
|
||||
{
|
||||
if(pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1){ //Bypass Duplicated Packet
|
||||
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
|
||||
}
|
||||
}
|
||||
ret = dabloom_search(pktinfo, thread_seq);
|
||||
if(ret == 1){
|
||||
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
#include <MESA/cJSON.h>
|
||||
#include "kni_pxy_tcp_option.h"
|
||||
#include "kni_utils.h"
|
||||
#include "kni_cmsg.h"
|
||||
|
||||
extern struct kni_handle *g_kni_handle;
|
||||
extern int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo);
|
||||
|
||||
int pxy_tcp_option_parse_json(const struct Maat_rule_t* rule, const char* srv_def_large,struct proxy_tcp_option *pxy_tcpop, void *logger)
|
||||
{
|
||||
@@ -280,6 +282,7 @@ void pxy_tcp_option_default_param_new(int idx, const struct Maat_rule_t* rule, c
|
||||
}
|
||||
else{
|
||||
KNI_LOG_ERROR(logger, "Fail to get proxy tcp option default policy, Error: json data parse fail");
|
||||
assert(ret == 1);
|
||||
}
|
||||
return;
|
||||
}
|
||||
@@ -306,29 +309,36 @@ void pxy_tcp_option_default_param_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_
|
||||
int pxy_tcp_option_rule_init(const char* conffile, void *logger)
|
||||
{
|
||||
int i = 0;
|
||||
MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_compile", g_kni_handle->table_name[TABLE_COMPILE], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE");
|
||||
MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_addr", g_kni_handle->table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_ADDR");
|
||||
MESA_load_profile_string_def(conffile, "proxy_tcp_option", "maat_table_fqdn", g_kni_handle->table_name[TABLE_SSL_FQDN], _MAX_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN");
|
||||
int pxy_tcp_option_enable = 0;
|
||||
char section[KNI_SYMBOL_MAX] = "proxy_tcp_option";
|
||||
MESA_load_profile_int_def(conffile, section, "enabled", &pxy_tcp_option_enable, 1);
|
||||
MESA_load_profile_string_def(conffile, section, "maat_table_compile", g_kni_handle->maat_table_name[TABLE_COMPILE], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE");
|
||||
MESA_load_profile_string_def(conffile, section, "maat_table_addr", g_kni_handle->maat_table_name[TABLE_IP_ADDR], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_ADDR");
|
||||
MESA_load_profile_string_def(conffile, section, "maat_table_fqdn", g_kni_handle->maat_table_name[TABLE_SSL_FQDN], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN");
|
||||
KNI_LOG_ERROR(logger, "MESA_prof_load, [%s]:\n enabled: %d", section, pxy_tcp_option_enable);
|
||||
g_kni_handle->pxy_tcp_option_enable = pxy_tcp_option_enable;
|
||||
if(pxy_tcp_option_enable == 0)
|
||||
return 0;
|
||||
|
||||
for(i=0; i<TABLE_COMPILE; i++)
|
||||
{
|
||||
g_kni_handle->table_id[i]=Maat_table_register(g_tsg_maat_feather, g_kni_handle->table_name[i]);
|
||||
if(g_kni_handle->table_id[i]<0)
|
||||
g_kni_handle->maat_table_id[i]=Maat_table_register(g_tsg_maat_feather, g_kni_handle->maat_table_name[i]);
|
||||
if(g_kni_handle->maat_table_id[i]<0)
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "Maat_table_register %s failed, Please check etc/kni/kni.conf", g_kni_handle->table_name[i]);
|
||||
KNI_LOG_ERROR(logger, "Maat_table_register %s failed, Please check etc/kni/kni.conf", g_kni_handle->maat_table_name[i]);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
g_kni_handle->table_id[TABLE_COMPILE] = Maat_rule_get_ex_new_index(g_tsg_maat_feather,
|
||||
g_kni_handle->table_name[TABLE_COMPILE],
|
||||
g_kni_handle->maat_table_id[TABLE_COMPILE] = Maat_rule_get_ex_new_index(g_tsg_maat_feather,
|
||||
g_kni_handle->maat_table_name[TABLE_COMPILE],
|
||||
pxy_tcp_option_default_param_new,
|
||||
pxy_tcp_option_default_param_free_cb,
|
||||
pxy_tcp_option_default_param_dup,
|
||||
0, logger);
|
||||
if(g_kni_handle->table_id[TABLE_COMPILE] < 0)
|
||||
if(g_kni_handle->maat_table_id[TABLE_COMPILE] < 0)
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "Maat_rule_get_ex_new_index %s failed, Please check etc/kni/kni.conf", g_kni_handle->table_id[TABLE_COMPILE]);
|
||||
KNI_LOG_ERROR(logger, "Maat_rule_get_ex_new_index %s failed, Please check etc/kni/kni.conf", g_kni_handle->maat_table_id[TABLE_COMPILE]);
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
@@ -345,7 +355,7 @@ static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct str
|
||||
|
||||
if(a_stream==NULL || maat_feather==NULL || result_num <=0 || result == NULL)
|
||||
{
|
||||
KNI_LOG_ERROR(logger,"SCAN_ADDR a_stream==NULL || maat_feather==NULL || result_num <= 0 || result == NULL ,streamid=%s ", pmeinfo->stream_traceid);
|
||||
KNI_LOG_ERROR(logger,"Proxy-tcp-option: SCAN_ADDR a_stream==NULL || maat_feather==NULL || result_num <= 0 || result == NULL ,streamid=%s ", pmeinfo->stream_traceid);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -378,7 +388,7 @@ static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct str
|
||||
{
|
||||
|
||||
maat_ret=Maat_scan_addr(maat_feather,
|
||||
g_kni_handle->table_id[TABLE_IP_ADDR],
|
||||
g_kni_handle->maat_table_id[TABLE_IP_ADDR],
|
||||
p_addr,
|
||||
result+hit_num,
|
||||
result_num-hit_num,
|
||||
@@ -387,12 +397,12 @@ static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct str
|
||||
|
||||
if(maat_ret > 0)
|
||||
{
|
||||
KNI_LOG_DEBUG(logger,"SCAN_IP,Hit streamid: %s",pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_IP,Hit streamid: %s",pmeinfo->stream_traceid);
|
||||
hit_num+=maat_ret;
|
||||
}
|
||||
else
|
||||
{
|
||||
KNI_LOG_DEBUG(logger,"SCAN_IP,Not hit streamid: %s,scan ret: %d",
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_IP,Not hit streamid: %s,scan ret: %d",
|
||||
pmeinfo->stream_traceid,
|
||||
maat_ret);
|
||||
}
|
||||
@@ -410,13 +420,13 @@ static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t *
|
||||
int hit_num = 0, maat_ret = 0;
|
||||
if(pmeinfo->protocol != PROTO_HTTP && pmeinfo->protocol != PROTO_SSL)
|
||||
{
|
||||
KNI_LOG_DEBUG(logger,"NOT SCAN DOMAIN, streamid: %s,stream protocol: %d",pmeinfo->stream_traceid,pmeinfo->protocol);
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: NOT SCAN DOMAIN, streamid: %s,stream protocol: %d",pmeinfo->stream_traceid,pmeinfo->protocol);
|
||||
return hit_num;
|
||||
}
|
||||
if(hit_num < result_num)
|
||||
{
|
||||
maat_ret = Maat_full_scan_string(maat_feather,
|
||||
g_kni_handle->table_id[TABLE_SSL_FQDN],
|
||||
g_kni_handle->maat_table_id[TABLE_SSL_FQDN],
|
||||
CHARSET_UTF8,
|
||||
(const char *)&pmeinfo->domain,
|
||||
pmeinfo->domain_len,
|
||||
@@ -427,14 +437,14 @@ static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t *
|
||||
pmeinfo->thread_seq);
|
||||
if(maat_ret > 0)
|
||||
{
|
||||
KNI_LOG_DEBUG(logger,"SCAN_DOMAIN,Hit streamid: %s, domain: %s",
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_DOMAIN,Hit streamid: %s, domain: %s",
|
||||
pmeinfo->stream_traceid,
|
||||
(char*)&(pmeinfo->domain));
|
||||
hit_num += maat_ret;
|
||||
}
|
||||
else
|
||||
{
|
||||
KNI_LOG_DEBUG(logger,"SCAN_DOMAIN,Not hit stream_traceid: %s ,domain :%s scan ret: %d",
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_DOMAIN,Not hit stream_traceid: %s ,domain :%s scan ret: %d",
|
||||
pmeinfo->stream_traceid,
|
||||
(char*)&(pmeinfo->domain),
|
||||
maat_ret);
|
||||
@@ -491,26 +501,26 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo
|
||||
do {
|
||||
if(p_result == NULL)
|
||||
{
|
||||
KNI_LOG_DEBUG(logger,"Scan not hit, Proxy tcp option using default param, streamid = %s", pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan not hit, using default param, streamid = %s", pmeinfo->stream_traceid);
|
||||
break;
|
||||
}
|
||||
KNI_LOG_DEBUG(logger,"Scan hit, hit_num = %d, streamid = %s", hit_num, pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan hit, hit_num = %d, streamid = %s", hit_num, pmeinfo->stream_traceid);
|
||||
|
||||
tmp_buff=(char *)calloc(1, p_result->serv_def_len+1);
|
||||
|
||||
Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, tmp_buff, p_result->serv_def_len);
|
||||
if( strlen(tmp_buff) < strlen("{}") + 1)
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "Scan hit, Get extra data error: No json data or data is null,streamid = %s", pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "Proxy-tcp-option: Scan hit, Get extra data error: No json data or data is null,streamid = %s", pmeinfo->stream_traceid);
|
||||
break;
|
||||
}
|
||||
ret = pxy_tcp_option_parse_json((const struct Maat_rule_t*)p_result, (const char*)tmp_buff, pxy_tcpop, logger);
|
||||
if(ret != 1)
|
||||
{
|
||||
KNI_LOG_DEBUG(logger,"Scan hit, json parse error,Proxy tcp option using default param,streamid = %s", pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan hit, json parse error,using default param,streamid = %s", pmeinfo->stream_traceid);
|
||||
break;
|
||||
}
|
||||
KNI_LOG_DEBUG(logger, "Proxy tcp option, streamid: %s,param:%s", pmeinfo->stream_traceid,tmp_buff);
|
||||
KNI_LOG_DEBUG(logger, "Proxy-tcp-option: Scan hit, streamid: %s, param: %s", pmeinfo->stream_traceid,tmp_buff);
|
||||
is_not_default = 1;
|
||||
free(tmp_buff);
|
||||
tmp_buff = NULL;
|
||||
@@ -519,7 +529,7 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo
|
||||
if(is_not_default != 1)
|
||||
{
|
||||
memcpy((void *)pxy_tcpop, (const void *)&g_kni_handle->pxy_tcp_option, sizeof(g_kni_handle->pxy_tcp_option));
|
||||
KNI_LOG_DEBUG(logger, "Proxy tcp option, streamid: %s, Using default policy", pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "Proxy-tcp-option: streamid: %s, Using default policy", pmeinfo->stream_traceid);
|
||||
|
||||
}
|
||||
if(mid!=NULL)
|
||||
@@ -529,3 +539,66 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
void pxy_tcp_option_modify_mss(struct pme_info *pmeinfo,void *logger)
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, origin client mss:%u,origin server mss:%u", pmeinfo->stream_traceid,pmeinfo->client_tcpopt.mss, pmeinfo->server_tcpopt.mss);
|
||||
pmeinfo->client_tcpopt.mss = pmeinfo->pxy_tcp_option.client_tcp_maxseg;
|
||||
pmeinfo->server_tcpopt.mss = pmeinfo->pxy_tcp_option.server_tcp_maxseg;
|
||||
KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, modified client mss:%u, server mss:%u", pmeinfo->stream_traceid,pmeinfo->client_tcpopt.mss, pmeinfo->server_tcpopt.mss);
|
||||
}
|
||||
|
||||
|
||||
int pxy_tcp_option_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo){
|
||||
int ret = 0;
|
||||
do {
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_nodelay), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_ttl), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_enable), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepcnt), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepidle), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepintvl), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_user_timeout), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_nodelay), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_ttl), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_enable), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPCNT , (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepcnt), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepidle), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepintvl), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_user_timeout), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char*)&(pmeinfo->pxy_tcp_option.tcp_passthrough), sizeof(int), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
} while (0);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user