gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

使用TCPREPAIR替换FORGESOCKET版本,数据可以联通,代码待整理

Browse Source
This commit is contained in:
liuyang
2018-07-09 11:03:00 +08:00
parent 4c6d0af1dd
commit cb19b06b03
14 changed files with 781 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@@ -1,6 +1,6 @@
#CC = gcc
CC = g++
CFLAGS = -g -Wall -fPIC -shared
CFLAGS = -g -Wall -fPIC -shared
OBJECTS = kni.o libforge_socket.o
TARGET = kni.so
@@ -15,15 +15,18 @@ MODULES = -lMESA_htable -lMESA_prof_load -lMESA_handle_logger -lrulescan -lmaatf
.c.o:
$(CC) -c -o $@ $(CFLAGS) $(INCS) $<
.cc.o:
$(CC) -c -o $@ $(CFLAGS) $(INCS) $<
.PHONY: all clean
all: $(TARGET)
$(TARGET):$(OBJECTS)
$(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) $(LD_DICTATOR)
# $(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) -Wl,--whole-archive $(WHOLE_MODULES) -wL,--NO-WHOLE-ARCHIVE $(LD_DICTATOR)
kni.o:kni.c
libforge_socket.o:libforge_socket.c
clean:
rm -f $(TARGET) $(OBJECTS)

18
bin/kni/kni.inf Normal file
View File

@@ -0,0 +1,18 @@
[PLUGINFO]
PLUGNAME=KNI
SO_PATH=./plug/business/kni/kni.so
INIT_FUNC=kni_init
DESTROY_FUNC=
[IP]
FUNC_FLAG=all
FUNC_NAME=kni_ip_entry
#[TCP_ALL]
#FUNC_FLAG=all
#FUNC_NAME=kni_tcpall_entry

BIN
bin/kni/kni.so Normal file
View File

Binary file not shown.

30
bin/kni_set_cmd Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/sh
# cd /home/liuyang/src/forge_socket-master/;insmod forge_socket.ko
#ip tuntap add dev tun0 mode tun
#ifconfig tun0 up
echo 1 > /proc/sys/net/ipv4/ip_forward
#route add default dev tun0
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
ip rule add fwmark 1 lookup 100
#ip route add local 0.0.0.0/0 dev tun0 table 100
ip route add local 0.0.0.0/0 dev lo table 100
#iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080
ethtool -K p7p1 lro off
ethtool -K p7p1 tso off
ethtool -K p7p1 gro off
ethtool -K em2 lro off
ethtool -K em2 tso off
ethtool -K em2 gro off

9
bin/kniconf/kni.conf Normal file
View File

@@ -0,0 +1,9 @@
[MOUDLE]
table_info_path=./kniconf/maat_table_info.conf
ful_cfg_dir=/home/liuyang/run/sapp_run/config/index
inc_cfg_dir=/home/liuyang/run/sapp_run/config/inc/index
logger_filepath=./log/kni.log
logger_level=10
maat_json_switch=1

5
bin/kniconf/maat_table_info.conf Normal file
View File

@@ -0,0 +1,5 @@
1 MATT_CONFIG_COMPILE compile GBK GBK no 0
#2 MATT_CONFIG_GROUP group GBK GBK no 0
3 IP_BMD ip GBK GBK no 0
4 USER_AREA ip GBK GBK no 0
5 SNI_BMD expr GBK GBK yes 0

67
bin/kniconf/maat_test.json Normal file
View File

@@ -0,0 +1,67 @@
{
"compile_table": "MATT_CONFIG_COMPILE",
"group_table": "MATT_CONFIG_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"regions": [
{
"table_name": "IP_BMD",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.11.199",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 2,
"service": 48,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_2",
"regions": [
{
"table_name": "SNI_BMD",
"table_type": "string",
"table_content": {
"keywords": "www.baidu.com",
"expr_type": "regex",
"match_method": "sub",
"format":"uncase plain"
}
}
]
}
]
}
]
}

3
bin/kniconf/maat_test.json_iris_tmp/.local Normal file
View File

@@ -0,0 +1,3 @@
0000000002
0 1 1
1 2 1

2
bin/kniconf/maat_test.json_iris_tmp/IP_BMD.local Normal file
View File

@@ -0,0 +1,2 @@
0000000001
0 0 4 192.168.11.199 255.255.255.255 0 65535 0.0.0.0 255.255.255.255 0 65535 0 0 1

3
bin/kniconf/maat_test.json_iris_tmp/MATT_CONFIG_COMPILE.local Normal file
View File

@@ -0,0 +1,3 @@
0000000002
1 1 2 1 1 0 anything 1
2 48 2 1 1 0 anything 1

2
bin/kniconf/maat_test.json_iris_tmp/SNI_BMD.local Normal file
View File

@@ -0,0 +1,2 @@
0000000001
1 1 www.baidu.com 2 0 0 1

4
bin/kniconf/maat_test.json_iris_tmp/index/full_config_index.0000000001 Normal file
View File

@@ -0,0 +1,4 @@
MATT_CONFIG_COMPILE 2 ./kniconf/maat_test.json_iris_tmp/MATT_CONFIG_COMPILE.local
2 ./kniconf/maat_test.json_iris_tmp/.local
IP_BMD 1 ./kniconf/maat_test.json_iris_tmp/IP_BMD.local
SNI_BMD 1 ./kniconf/maat_test.json_iris_tmp/SNI_BMD.local

640
kni.c
View File

@@ -1,6 +1,7 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/time.h>
#include <unistd.h>
#include <sys/un.h>
#include <errno.h>
@@ -10,6 +11,8 @@
#include <net/if.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <linux/socket.h>
//#include <linux/tcp.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -33,7 +36,7 @@ struct kni_var_comm g_kni_comminfo;
struct kni_var_struct g_kni_structinfo;
struct kni_var_maat g_kni_maatinfo;
int g_kni_fds[2];
extern int g_iThreadNum;
@@ -49,10 +52,16 @@ return:
*********************************************************************************************************************/
int kni_debug_info_v4(char* module,int state_flag,struct ip* a_packet)
{
// return 0;
struct timeval cur_time;
int iplen=ntohs(a_packet->ip_len);
struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(a_packet->ip_hl));
unsigned int seq=ntohl(tcphdr->seq);
unsigned int ack=ntohl(tcphdr->ack_seq);
unsigned short sport=0;
unsigned short dport=0;
@@ -64,7 +73,9 @@ int kni_debug_info_v4(char* module,int state_flag,struct ip* a_packet)
inet_ntop(AF_INET, (void *)&((a_packet->ip_src).s_addr), saddr_v4, INET_ADDRSTRLEN);
inet_ntop(AF_INET, (void *)&((a_packet->ip_dst).s_addr), daddr_v4, INET_ADDRSTRLEN);
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_DEBUG,module,"addr:%s,%d,%s,%d,state_flag:%d,ip_len:%d,seq:%u",saddr_v4,sport,daddr_v4,dport,state_flag,iplen,seq);
gettimeofday(&cur_time,NULL);
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_DEBUG,module,"addr:%s,%d,%s,%d,state_flag:%d,ip_len:%d,seq:%u,ack:%u,tv_sec:%lu,tv_usec:%lu",saddr_v4,sport,daddr_v4,dport,state_flag,iplen,seq,ack,cur_time.tv_sec,cur_time.tv_usec);
return 0;
@@ -233,7 +244,8 @@ int tun_alloc_mq(char *dev, int queues, int *fds)
char *clonedev = (char*)"/dev/net/tun";
memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = IFF_TUN | IFF_NO_PI | IFF_MULTI_QUEUE;
// ifr.ifr_flags = IFF_TUN | IFF_NO_PI | IFF_MULTI_QUEUE;
ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
if (*dev)
{
strncpy(ifr.ifr_name, dev, IFNAMSIZ);
@@ -309,7 +321,7 @@ int tun_read_data(int fd,char* recv_buf,int max_buflen)
if(recv_len <0)
{
printf("tun_read_data error,msg is: %s\n",strerror(errno));
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_READTUN,"tun_read_data error,msg is: %s\n",strerror(errno));
}
return recv_len;
@@ -399,17 +411,18 @@ int kni_sendpkt_eth(int thread_seq,int iplen,char* ip,struct stream_tuple4_v4* i
size_t ifname_len=strlen(if_name);
if(ifname_len<sizeof(ifr.ifr_name))
{
memset(ifr.ifr_name,0,IFNAMSIZ);
memcpy(ifr.ifr_name,if_name,ifname_len);
}
else
{
printf("interface name is too long\n");
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_SENDPKT,"interface name is too long\n");
return -1;
}
if(-1==ioctl(g_kni_comminfo.ipv4_fd[thread_seq],SIOCGIFINDEX,&ifr))
{
printf("get if index error:%d",errno);
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_SENDPKT,"get if index error:%d,card:%s",errno,ifr.ifr_name);
return -1;
}
@@ -426,8 +439,8 @@ int kni_sendpkt_eth(int thread_seq,int iplen,char* ip,struct stream_tuple4_v4* i
return -1;
}
unsigned char* mac=(unsigned char*)ifr.ifr_hwaddr.sa_data;
printf("%02x:%02x:%02x:%02x:%02x:%02x\n",mac[0],mac[1],mac[2],mac[3],mac[4],mac[5]);
// unsigned char* mac=(unsigned char*)ifr.ifr_hwaddr.sa_data;
// printf("%02x:%02x:%02x:%02x:%02x:%02x\n",mac[0],mac[1],mac[2],mac[3],mac[4],mac[5]);
sendpacket_build_ethernet((unsigned char*)tmp_dmac,(unsigned char*)tmp_smac,eth_type,(const unsigned char*)ip,iplen,(unsigned char*)buf);
@@ -447,24 +460,113 @@ int kni_sendpkt_eth(int thread_seq,int iplen,char* ip,struct stream_tuple4_v4* i
}
int kni_keepalive_replay(struct stream_tuple4_v4* ipv4_addr,int iprever_flag,struct datainfo_to_tun* datainfo,void* a_packet,int iplen,int thread_seq)
{
int index=1-iprever_flag;
unsigned short win=datainfo->win;
unsigned short win_scale=datainfo->wnscal[1];
unsigned short ipid=random()%65535;
struct ip* iphdr=(struct ip*)a_packet;
struct tcphdr* tcphdr=(struct tcphdr*)((char*)iphdr+4*(iphdr->ip_hl));
struct ip* snd_iphdr=NULL;
struct tcphdr* snd_tcphdr=NULL;
char* sendbuf=(char*)malloc(iplen);
memcpy(sendbuf,a_packet,iplen);
snd_iphdr=(struct ip*)sendbuf;
snd_tcphdr=(struct tcphdr*)((char*)snd_iphdr+4*(snd_iphdr->ip_hl));
(snd_iphdr->ip_src).s_addr=(iphdr->ip_dst).s_addr;
(snd_iphdr->ip_dst).s_addr=(iphdr->ip_src).s_addr;
snd_iphdr->ip_id=htons(datainfo->ipid[index]+1);
// snd_iphdr->ip_ttl=datainfo->ttl[index];
snd_tcphdr->source=tcphdr->dest;
snd_tcphdr->dest=tcphdr->source;
snd_tcphdr->seq=htonl(datainfo->seq[index]+datainfo->len[index]);
snd_tcphdr->ack_seq=htonl(datainfo->ack[index]);
/*
if(iprever_flag==0)
{
snd_iphdr->ip_id=ipid;
snd_tcphdr->window=htons((win>>win_scale)+1);
}
*/
sendpacket_do_checksum((unsigned char*)sendbuf,IPPROTO_TCP,(iplen-4*(iphdr->ip_hl)));
sendpacket_do_checksum((unsigned char*)sendbuf,IPPROTO_IP,sizeof(struct ip));
tun_write_data(g_kni_comminfo.fd_tun[thread_seq],sendbuf,iplen,ipv4_addr);
kni_debug_info_v4((char*)"recv_keepalive_request",STAT_FLAG_SSL_NOBMD,(struct ip*)a_packet);
kni_debug_info_v4((char*)"send_keepalive_replay",STAT_FLAG_SSL_NOBMD,(struct ip*)sendbuf);
free(sendbuf);
sendbuf=NULL;
datainfo->pro_reply[iprever_flag]=1;
return 1;
}
long kni_readtun_htable_cb_v4(void* data,const unsigned char* key,unsigned int size,void* user_arg)
{
long result=0;
struct datainfo_to_tun* ret_data=(struct datainfo_to_tun*)user_arg;
struct stream_tuple4_v4* ipv4_addr=(struct stream_tuple4_v4*)key;
struct args_read_tun* args=(struct args_read_tun*)user_arg;
// struct datainfo_to_tun* ret_data=(struct datainfo_to_tun*)user_arg;
struct datainfo_to_tun* datainfo=(struct datainfo_to_tun*)data;
if(datainfo!=NULL)
{
ret_data->route_dir=datainfo->route_dir;
ret_data->mss=datainfo->mss;
ret_data->state_flag=datainfo->state_flag;
memcpy(ret_data->smac,datainfo->smac,MAC_ADDR_LEN);
memcpy(ret_data->dmac,datainfo->dmac,MAC_ADDR_LEN);
// memcpy(ret_data,datainfo,sizeof(struct datainfo_to_tun));
memcpy(args->smac,datainfo->smac,KNI_MACADDR_LEN);
memcpy(args->dmac,datainfo->dmac,KNI_MACADDR_LEN);
if(datainfo->pro_reply[args->iprevers]>0)
{
result=1;
}
else
{
kni_keepalive_replay(ipv4_addr,args->iprevers,datainfo,args->a_packet,args->iplen,args->thread_seq);
result=0;
}
result=1;
}
/*
#ifdef KNI_DEBUG_SWITCH
else if(ipv4_addr->saddr==1698867392)
{
printf("sip is 192.168.66.101\n");
ret_data->route_dir=0;
ret_data->smac[0]=0x18;
ret_data->smac[1]=0x66;
ret_data->smac[2]=0xda;
ret_data->smac[3]=0xe5;
ret_data->smac[4]=0xfa;
ret_data->smac[5]=0xa1;
ret_data->dmac[0]=0xe8;
ret_data->dmac[1]=0x61;
ret_data->dmac[2]=0x1f;
ret_data->dmac[3]=0x13;
ret_data->dmac[4]=0x70;
ret_data->dmac[5]=0x7a;
result=0;
}
#endif
*/
return result;
}
@@ -473,12 +575,12 @@ long kni_readtun_htable_cb_v4(void* data,const unsigned char* key,unsigned int s
int kni_process_readdata(int thread_seq,int buflen,char* buf)
{
// int ret=0;
int ret;
int iprever_flag=0;
// unsigned char routdir=0;
long result=0;
struct datainfo_to_tun datainfo;
// struct datainfo_to_tun datainfo;
struct args_read_tun args;
struct ip* iphdr=(struct ip*)buf;
struct stream_tuple4_v4 ipv4_addr;
struct stream_tuple4_v6 ipv6_addr;
@@ -488,15 +590,15 @@ int kni_process_readdata(int thread_seq,int buflen,char* buf)
iprever_flag=kni_get_ipaddr_v4((void*)buf,&ipv4_addr);
kni_debug_info_v4((char*)KNI_MODULE_READTUN,STAT_FLAG_SSL_NOBMD,(struct ip*)buf);
MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),kni_readtun_htable_cb_v4,(void*)&datainfo,&result);
args.a_packet=buf;
args.iplen=buflen;
args.iprevers=iprever_flag;
args.thread_seq=thread_seq;
MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),kni_readtun_htable_cb_v4,(void*)&args,&result);
if(result==1)
{
if(iprever_flag==1)
{
// routdir=MESA_dir_reverse(datainfo.route_dir);
}
kni_sendpkt_eth(thread_seq,buflen,buf,&ipv4_addr,iprever_flag,datainfo.smac,datainfo.dmac);
kni_sendpkt_eth(thread_seq,buflen,buf,&ipv4_addr,iprever_flag,args.smac,args.dmac);
}
}
@@ -505,6 +607,7 @@ int kni_process_readdata(int thread_seq,int buflen,char* buf)
iprever_flag=kni_get_ipaddr_v6((void*)buf,&ipv6_addr);
}
return 0;
}
@@ -563,8 +666,11 @@ struct tcp_state* fs_get_default_state()
st->sack_ok = 0;
st->wscale_ok = 0;
st->ecn_ok = 0;
st->snd_wscale = 0;
st->rcv_wscale = 0;
// st->snd_wscale = 0;
// st->rcv_wscale = 0;
st->snd_wscale = 128;
st->rcv_wscale = 128;
st->snd_wnd = 0x1000;
st->rcv_wnd = 0x1000;
st->inet_ttl=-1;
@@ -663,8 +769,6 @@ return:
*********************************************************************************************************************/
int kni_process_fs(void* a_packet,unsigned int mss)
{
// int ret=0;
// int val = 1;
int fds[2]={0};
fds[KNI_FDS_INDEX_CLIENT]=socket(AF_INET, SOCK_FORGE, 0);
@@ -681,16 +785,13 @@ int kni_process_fs(void* a_packet,unsigned int mss)
fs_get_modify_state(fake_client,fake_server,a_packet,mss);
fs_set_state(fds[KNI_FDS_INDEX_CLIENT],fake_server);
fs_set_state(fds[KNI_FDS_INDEX_SERVER],fake_client);
kni_send_fds(g_kni_comminfo.fd_domain,fds,2);
kni_debug_info_v4((char*)KNI_MODULE_SENDFD,STAT_FLAG_SSL_NOBMD,(struct ip*)a_packet);
// kni_debug_info_v4((char*)KNI_MODULE_SENDFD,STAT_FLAG_SSL_NOBMD,(struct ip*)a_packet);
close(fds[KNI_FDS_INDEX_CLIENT]);
close(fds[KNI_FDS_INDEX_SERVER]);
@@ -698,6 +799,331 @@ int kni_process_fs(void* a_packet,unsigned int mss)
}
int tcprepair_set_state_bak(int sk,struct kni_state_info* tcp)
{
int val,yes=1, onr = 0;
int src=KNI_INDEX_SRC;
int dst=KNI_INDEX_DST;
struct tcp_repair_opt opts[KNI_TCPREPAIR_OPT_NUM];
struct sockaddr_in addr;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR, &yes, sizeof(yes))==-1)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR error");
return -1;
}
if (setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() SO_REUSEADDR error");
return -1;
}
/* ============= Restore TCP properties ==================*/
val = TCP_SEND_QUEUE;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_SEND_QUEUE error");
return -1;
}
val = tcp[src].seq;
if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error");
return -1;
}
val = TCP_RECV_QUEUE;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_RECV_QUEUE error");
return -1;
}
val = tcp[dst].seq;
if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error");
return -1;
}
/* ============= Bind and connect ================ */
memset(&addr,0,sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(tcp[src].port);
if (inet_pton(AF_INET, tcp[src].addr, &(addr.sin_addr)) < 0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error");
return -1;
}
if (bind(sk, (struct sockaddr *) &addr, sizeof(addr)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error");
return -1;
}
memset(&addr,0,sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(tcp[dst].port);
if (inet_pton(AF_INET, tcp[dst].addr, &(addr.sin_addr)) < 0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error");
return -1;
}
if (connect(sk, (struct sockaddr *) &addr, sizeof(addr)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error");
return -1;
}
opts[onr].opt_code = TCPOPT_WINDOW;
opts[onr].opt_val = tcp[src].wscale + (tcp[dst].wscale << 16);
onr++;
opts[onr].opt_code = TCPOPT_MAXSEG;
opts[onr].opt_val = tcp[src].mss_clamp;
onr++;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR_OPTIONS,opts, onr * sizeof(struct tcp_repair_opt)) < 0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error");
return -1;
}
return 0;
}
int tcprepair_set_state(int sk,struct kni_tcp_state* tcp,struct tcp_repair_window win)
{
int val,yes=1, onr = 0;
struct tcp_repair_opt opts[KNI_TCPREPAIR_OPT_NUM];
struct sockaddr_in addr;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR, &yes, sizeof(yes))==-1)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR error,errno:%d",errno);
return -1;
}
if (setsockopt(sk, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) < 0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() IP_TRANSPARENT error,errno:%d",errno);
return -1;
}
if (setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() SO_REUSEADDR error,errno:%d",errno);
return -1;
}
/* ============= Restore TCP properties ==================*/
val = TCP_SEND_QUEUE;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_SEND_QUEUE error,errno:%d",errno);
return -1;
}
val = tcp->seq;
if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error,errno:%d",errno);
return -1;
}
val = TCP_RECV_QUEUE;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_RECV_QUEUE error,errno:%d",errno);
return -1;
}
val = tcp->ack;
if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error,errno:%d",errno);
return -1;
}
/* if (setsockopt(sk, SOL_TCP, TCP_REPAIR_WINDOW, &win, sizeof(win)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_WINDOW error,errno:%d",errno);
return -1;
}
//test
// MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","snd_wl1:%u,snd_wnd:%u,max_wnd:%u,rcv_wnd:%u,rcv_wup:%u",win.snd_wl1,win.snd_wnd,win.max_window,win.rcv_wnd,win.rcv_wup);
struct tcp_repair_window win_tmp;
socklen_t opt_len=sizeof(win_tmp);
if (getsockopt(sk, SOL_TCP, TCP_REPAIR_WINDOW, &win_tmp,&opt_len))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","getsockopt() TCP_REPAIR_WINDOW error,errno:%d",errno);
return -1;
}
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","snd_wl1:%u,snd_wnd:%u,max_wnd:%u,rcv_wnd:%u,rcv_wup:%u",win_tmp.snd_wl1,win_tmp.snd_wnd,win_tmp.max_window,win_tmp.rcv_wnd,win_tmp.rcv_wup);
//end
*/
/* ============= Bind and connect ================ */
memset(&addr,0,sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = tcp->sport;
addr.sin_addr.s_addr=tcp->src_ip;
// addr.sin_addr.s_addr= g_kni_comminfo.local_ip;
if (bind(sk, (struct sockaddr *) &addr, sizeof(addr)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","bind() error,errno:%d",errno);
return -1;
}
memset(&addr,0,sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = tcp->dport;
addr.sin_addr.s_addr=tcp->dst_ip;
if (connect(sk, (struct sockaddr *) &addr, sizeof(addr)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","connect() error,errno:%d",errno);
return -1;
}
opts[onr].opt_code = TCPOPT_WINDOW;
opts[onr].opt_val = tcp->wscale_src+ (tcp->wscale_dst<< 16);
onr++;
opts[onr].opt_code = TCPOPT_MAXSEG;
opts[onr].opt_val = tcp->mss_src;
onr++;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR_OPTIONS,opts, onr * sizeof(struct tcp_repair_opt)) < 0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_OPTIONS error,errno:%d",errno);
return -1;
}
val = 0;
if (setsockopt(sk, SOL_TCP, TCP_REPAIR, &val, sizeof(val)))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR close error,errno:%d",errno);
return -1;
}
return 0;
}
int tcprepair_get_state(struct kni_tcp_state* fake_client,struct kni_tcp_state* fake_server,void* a_packet,unsigned short* mss,unsigned short* wnscale,unsigned short win)
{
struct ip* iphdr=(struct ip*)a_packet;
struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl));
fake_client->src_ip=(iphdr->ip_src).s_addr;
fake_client->sport=tcphdr->source;
fake_client->dst_ip=(iphdr->ip_dst).s_addr;
fake_client->dport =tcphdr->dest;
fake_client->seq=ntohl(tcphdr->seq);
fake_client->ack=ntohl(tcphdr->ack_seq);
// fake_client->win=ntohs(tcphdr->window);
fake_client->win=win;
fake_client->mss_src=mss[KNI_INDEX_SRC];
fake_client->mss_dst=mss[KNI_INDEX_DST];
fake_client->wscale_src=wnscale[KNI_INDEX_SRC];
fake_client->wscale_dst=wnscale[KNI_INDEX_DST];
fake_server->src_ip=(iphdr->ip_dst).s_addr;
fake_server->sport=tcphdr->dest;
fake_server->dst_ip=(iphdr->ip_src).s_addr;
fake_server->dport =tcphdr->source;
fake_server->seq=ntohl(tcphdr->ack_seq);
fake_server->ack=ntohl(tcphdr->seq);
fake_server->win=ntohs(tcphdr->window);
fake_server->mss_src=mss[KNI_INDEX_DST];
fake_server->mss_dst=mss[KNI_INDEX_SRC];
fake_server->wscale_src=wnscale[KNI_INDEX_DST];
fake_server->wscale_dst=wnscale[KNI_INDEX_SRC];
return 0;
}
int kni_process_tcprepair(void* a_packet,unsigned short* mss,unsigned short* wnscale,unsigned short win)
{
int fds[2];
int fd_client,fd_server;
struct kni_tcp_state fake_client;
struct kni_tcp_state fake_server;
struct ip* iphdr=(struct ip*)a_packet;
struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl));
int tcplen=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->doff;
struct tcp_repair_window fclient_win;
struct tcp_repair_window fserver_win;
fd_client = socket(AF_INET, SOCK_STREAM, 0);
fd_server = socket(AF_INET, SOCK_STREAM, 0);
if ((fd_client < 0)||(fd_server<0))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","socket() error");
return -1;
}
tcprepair_get_state(&fake_client,&fake_server,a_packet,mss,wnscale,win);
fserver_win.snd_wl1=ntohl(tcphdr->seq);
fserver_win.snd_wnd=ntohs(tcphdr->window)<<wnscale[KNI_INDEX_SRC];
fserver_win.max_window=fserver_win.snd_wnd;
fserver_win.rcv_wnd=win;
fserver_win.rcv_wup=ntohl(tcphdr->seq);
fclient_win.snd_wl1=ntohl(tcphdr->ack_seq)-1;
fclient_win.snd_wnd=win;
fclient_win.max_window=fclient_win.snd_wnd;
fclient_win.rcv_wnd=ntohs(tcphdr->window)<<wnscale[KNI_INDEX_SRC];
fclient_win.rcv_wup=ntohl(tcphdr->ack_seq);
/*
//c has get
fclient_win.snd_wl1=ntohl(tcphdr->ack_seq);
fclient_win.snd_wnd=ntohs(tcphdr->window)<<wnscale[KNI_INDEX_SRC];
fclient_win.max_window=fclient_win.snd_wnd;
fclient_win.rcv_wnd=fclient_win.snd_wnd ;
fclient_win.rcv_wup=fclient_win.snd_wl1;
*/
tcprepair_set_state(fd_client,&fake_server,fserver_win);
tcprepair_set_state(fd_server,&fake_client,fclient_win);
fds[0]=fd_client;
fds[1]=fd_server;
kni_send_fds(g_kni_comminfo.fd_domain,fds,2);
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","mss_src:%d,mss_dst:%d,wnscale_src:%d,wnscale_dst:%d",mss[0],mss[1],wnscale[0],wnscale[1]);
return 0;
}
/***************************************************************************************
return :state_flag
@@ -891,18 +1317,20 @@ int kni_judge_ipbmd(struct ipaddr* addr,int thread_seq)
return state_flag;
}
unsigned short kni_get_mss(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len)
int kni_get_mss(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len,unsigned short* mss,unsigned char* winscale)
{
unsigned short mss=KNI_DEFAULT_MSS;
// unsigned short mss=KNI_DEFAULT_MSS;
*mss=KNI_DEFAULT_MSS;
*winscale=KNI_DEFAULT_WINSCLE;
return mss;
// return 0;
int remain_len=tcp_hdr_len;
struct kni_tcp_opt* tcp_opt=NULL;
if((tcp_hdr_len<=20)||(tcp_hdr_len>64))
{
return mss;
return 0;
}
tcp_opt=(struct kni_tcp_opt*)((char*)tcphdr+TCPHDR_DEFAULT_LEN);
@@ -912,8 +1340,15 @@ unsigned short kni_get_mss(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len)
{
if(tcp_opt->type==2) //MSS
{
mss=*(unsigned short*)(tcp_opt->content);
return mss;
remain_len-=tcp_opt->len;
*mss=htons(*(unsigned short*)(tcp_opt->content));
tcp_opt=(struct kni_tcp_opt*)((char*)tcp_opt+tcp_opt->len);
}
else if(tcp_opt->type==3) //winscale
{
remain_len-=tcp_opt->len;
*winscale=*(unsigned char*)(tcp_opt->content);
tcp_opt=(struct kni_tcp_opt*)((char*)tcp_opt+tcp_opt->len);
}
else if((tcp_opt->type==0)||(tcp_opt->type==1))
{
@@ -929,16 +1364,17 @@ unsigned short kni_get_mss(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len)
}
}
return mss;
return 0;
}
long kni_state_htable_cb_v4(void* data,const unsigned char* key,unsigned int size,void* user_arg)
{
// unsigned short mss=KNI_DEFAULT_MSS;
long state_flag=STAT_FLAG_NONE;
int iprevers;
int sni_len=0;
char sni[KNI_MAX_BUFLEN]={0};
@@ -952,21 +1388,28 @@ long kni_state_htable_cb_v4(void* data,const unsigned char* key,unsigned int siz
struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)iphdr+4*(iphdr->ip_hl));
struct layer_addr_mac* mac_addr=(struct layer_addr_mac*)((char*)iphdr-KNI_ETHER_LEN);
//first stream pkt and syn and not syn/ack
// if((datainfo==NULL)&&(tcphdr->th_flags&TH_SYN)&&!(tcphdr->th_flags&TH_ACK))
if(datainfo==NULL)
{
datainfo=(struct datainfo_to_tun*)malloc(sizeof(struct datainfo_to_tun));
memset(datainfo,0,sizeof(struct datainfo_to_tun));
datainfo->route_dir=arg->routdir;
/*
datainfo->mss[0]=KNI_DEFAULT_MSS;
datainfo->mss[1]=KNI_DEFAULT_MSS;
datainfo->wnscal[0]=KNI_DEFAULT_WINSCLE;
datainfo->wnscal[1]=KNI_DEFAULT_WINSCLE;
*/
memset(&addr_ipbmd,0,sizeof(struct ipaddr));
addr_ipbmd.addrtype=ADDR_TYPE_IPV4;
addr_ipbmd.v4=(struct stream_tuple4_v4*)key;
datainfo->state_flag=kni_judge_ipbmd(&addr_ipbmd,arg->thread_seq);
datainfo->mss=kni_get_mss(tcphdr,ntohs(iphdr->ip_len)-4*(iphdr->ip_hl)-arg->tcpdata_len);
//for sendpkt test
datainfo->state_flag=kni_judge_ipbmd(&addr_ipbmd,arg->thread_seq);
kni_get_mss(tcphdr,ntohs(iphdr->ip_len)-4*(iphdr->ip_hl)-arg->tcpdata_len,&(datainfo->mss[KNI_INDEX_SRC]),(unsigned char*)&(datainfo->wnscal[KNI_INDEX_SRC]));
//for sendpkt
if(arg->iprevers==0)
{
memcpy(datainfo->smac,mac_addr->src_mac,MAC_ADDR_LEN);
@@ -978,8 +1421,8 @@ long kni_state_htable_cb_v4(void* data,const unsigned char* key,unsigned int siz
memcpy(datainfo->dmac,mac_addr->src_mac,MAC_ADDR_LEN);
}
//end
MESA_htable_add(g_kni_structinfo.htable_to_tun_v4, key,size,(void*)datainfo);
}
if(datainfo==NULL)
@@ -987,7 +1430,35 @@ long kni_state_htable_cb_v4(void* data,const unsigned char* key,unsigned int siz
return state_flag;
}
/*
datainfo->pktnum++;
iprevers=arg->iprevers;
if(datainfo->pro_reply[iprevers]==0)
{
datainfo->seq[iprevers]=ntohl(tcphdr->th_seq);
datainfo->ack[iprevers]=ntohl(tcphdr->th_ack);
datainfo->ipid[iprevers]=ntohs(iphdr->ip_id);
datainfo->ttl[iprevers]=iphdr->ip_ttl;
datainfo->len[iprevers]=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->th_off;
if(tcphdr->th_flags&TH_SYN)
{
datainfo->len[iprevers]=1;
}
}
// if((datainfo->state_flag==STAT_FLAG_NONE)&&(arg->iprevers==1))
if((datainfo->state_flag==STAT_FLAG_NONE)&&(datainfo->pktnum==2))
{
datainfo->win=ntohs(tcphdr->th_win);
kni_get_mss(tcphdr,ntohs(iphdr->ip_len)-4*(iphdr->ip_hl)-arg->tcpdata_len,&(datainfo->mss[KNI_INDEX_DST]),(unsigned char*)&(datainfo->wnscal[KNI_INDEX_DST]));
}
/*
if((datainfo->state_flag==STAT_FLAG_NONE)&&(tcphdr->th_flags&TH_SYN)&&(tcphdr->th_flags&TH_ACK))
{
mss=kni_get_mss(tcphdr,ntohs(iphdr->ip_len)-4*(iphdr->ip_hl)-arg->tcpdata_len);
@@ -995,6 +1466,9 @@ long kni_state_htable_cb_v4(void* data,const unsigned char* key,unsigned int siz
}
*/
#ifdef KNI_DEBUG_SWITCH
return STAT_FLAG_SSL_NOBMD;
#endif
//only process full stream pkt,star from syn,double dir;
if((datainfo->state_flag==STAT_FLAG_NONE)&&(arg->tcpdata_len>0))
@@ -1005,13 +1479,15 @@ long kni_state_htable_cb_v4(void* data,const unsigned char* key,unsigned int siz
datainfo->state_flag=kni_judge_sni(sni,sni_len,arg->thread_seq);
if(datainfo->state_flag==STAT_FLAG_SSL_NOBMD)
{
kni_process_fs(arg->a_packet,datainfo->mss);
// kni_process_fs(arg->a_packet,datainfo->mss);
kni_process_tcprepair(arg->a_packet,datainfo->mss,datainfo->wnscal,datainfo->win);
}
}
}
return datainfo->state_flag;;
return datainfo->state_flag;
}
@@ -1041,10 +1517,34 @@ long kni_state_htable_cb_v6(void* data,const unsigned char* key,unsigned int siz
return datainfo->state_flag;
}
int kni_recv_msg(int socket)
{
struct msghdr msg = {0};
struct cmsghdr *cmsg;
char buf[CMSG_SPACE(sizeof(int))], dup[256];
memset(buf, 0, sizeof(buf));
struct iovec io = { .iov_base = &dup, .iov_len = sizeof(dup) };
msg.msg_iov = &io;
msg.msg_iovlen = 1;
msg.msg_control = buf;
msg.msg_controllen = sizeof(buf);
if (recvmsg (socket, &msg, 0) < 0)
{
printf("recvmsg() error,errno:%d\n",errno);
}
// handle_error ("Failed to receive message");
cmsg = CMSG_FIRSTHDR(&msg);
return 0;
}
extern "C" int kni_ip_entry(struct streaminfo* f_stream,unsigned char routedir,int thread_seq,struct ip* a_packet)
{
printf("kni_ip_entry!\n");
char ret=APP_STATE_FAWPKT;
//ip/tcp info
@@ -1057,7 +1557,6 @@ extern "C" int kni_ip_entry(struct streaminfo* f_stream,unsigned char routedir,i
unsigned short dport=ntohs(tcphdr->dest);
if((sport!=80)&&(sport!=443)&&(dport!=80)&&(dport!=443))
{
printf("kni_ip_entry return,ret:%d\n",ret);
return ret;
}
@@ -1073,7 +1572,6 @@ extern "C" int kni_ip_entry(struct streaminfo* f_stream,unsigned char routedir,i
usr_arg.iprevers=kni_get_ipaddr_v4(a_packet,&ipv4_addr);
if(usr_arg.iprevers==0)
{
usr_arg.routdir=routedir;
@@ -1088,16 +1586,13 @@ extern "C" int kni_ip_entry(struct streaminfo* f_stream,unsigned char routedir,i
if(state_flag==STAT_FLAG_SSL_NOBMD)
{
tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)a_packet,iplen,&ipv4_addr);
ret= APP_STATE_DROPPKT;
}
kni_debug_info_v4((char*)KNI_MODULE_IPENTRY,state_flag,a_packet);
printf("kni_ip_entry return,ret:%d\n",ret);
return ret;
}
@@ -1174,8 +1669,8 @@ int init_domain_fd()
char serverpath[32] = "/home/server_unixsocket_file";
int i_addr_len = sizeof( struct sockaddr_un );
// if ( ( i_fd = socket( AF_UNIX, SOCK_STREAM, 0 ) ) < 0 )
if ( ( i_fd = socket( AF_UNIX, SOCK_DGRAM, 0 ) ) < 0 )
if ( ( i_fd = socket( AF_UNIX, SOCK_STREAM, 0 ) ) < 0 )
// if ( ( i_fd = socket( AF_UNIX, SOCK_DGRAM, 0 ) ) < 0 )
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():socket error,errno is %d,action:%s",errno,KNI_ACTION_EXIT);
return -1;
@@ -1261,10 +1756,6 @@ extern "C" char kni_init()
return -1;
}
//sendpkt init
// wangyan_send_fake_pkt_init();
//maat
g_kni_maatinfo.maat_feather=Maat_feather(g_iThreadNum,table_info_path,g_kni_comminfo.logger);
if(g_kni_maatinfo.maat_feather==NULL)
@@ -1316,7 +1807,7 @@ extern "C" char kni_init()
}
g_kni_comminfo.fd_tun=(int*)malloc(g_kni_comminfo.thread_num*sizeof(int));
memset(g_kni_comminfo.fd_tun,0,sizeof(g_kni_comminfo.thread_num*sizeof(int)));
memset(g_kni_comminfo.fd_tun,0,g_kni_comminfo.thread_num*sizeof(int));
ret=tun_alloc_mq(__tun_symbol,g_kni_comminfo.thread_num,g_kni_comminfo.fd_tun);
if(ret<0)
@@ -1334,11 +1825,10 @@ extern "C" char kni_init()
if(g_kni_comminfo.fd_domain<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd()error,action:%s",KNI_ACTION_EXIT);
return -1;
// return -1;
}
//test init raw_socket
g_kni_comminfo.ipv4_fd=(int*)malloc(g_kni_comminfo.thread_num*sizeof(int));
for(i=0;i<g_kni_comminfo.thread_num;i++)
{
@@ -1351,22 +1841,6 @@ extern "C" char kni_init()
}
//init lqueue
/*
g_kni_structinfo.lqueue_to_tun=(MESA_lqueue_head*)malloc(g_kni_comminfo.thread_num*sizeof(MESA_lqueue_head));
for(i=0;i<g_kni_comminfo.thread_num;i++)
{
g_kni_structinfo.lqueue_to_tun[i]=MESA_lqueue_create(KNI_THREAD_SAFE,KNI_LQUEUE_MAXNUM);
if(g_kni_structinfo.lqueue_to_tun[i]==NULL)
{
printf("MESA_lqueue_create() error!\n");
return -1;
}
}
pthread_create(&pid_write_tun,NULL,kni_write_tun,NULL);
*/
pthread_create(&pid_read_tun,NULL,kni_read_tun,NULL);
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"KNI_INIT succ!");

78
kni.h
View File

@@ -25,6 +25,23 @@
#define TH_URG 0x20
#endif
#ifndef TCP_REPAIR_WINDOW
#define TCP_REPAIR_WINDOW 29
#endif
struct tcp_repair_window {
__u32 snd_wl1;
__u32 snd_wnd;
__u32 max_window;
__u32 rcv_wnd;
__u32 rcv_wup;
};
//#define KNI_DEBUG_SWITCH 0
#define TCPHDR_DEFAULT_LEN 20
@@ -36,7 +53,7 @@
#define LOCAL_IP_ADDR "192.168.100.1"
#define KNI_MAX_BUFLEN 15000
#define KNI_MAX_BUFLEN 1500
#define KNI_MAX_PORT 65535
@@ -72,6 +89,7 @@
#define PROTO_TYPE_UDP 17
#define KNI_DEFAULT_MSS 1460
#define KNI_DEFAULT_WINSCLE 0
#define KNI_MAX_CFGNUM 50
@@ -121,16 +139,72 @@
#define KNI_MACADDR_LEN 6
#define KNI_TCPREPAIR_OPT_NUM 4
#define KNI_QUEUE_NUM 2
#define KNI_INDEX_SRC 0
#define KNI_INDEX_DST 1
struct kni_state_info
{
char *addr;
unsigned int port;
unsigned int seq;
unsigned short mss_clamp;
unsigned short wscale;
};
struct kni_tcp_state
{
unsigned int src_ip;
unsigned int dst_ip;
unsigned short sport;
unsigned short dport;
unsigned int seq;
unsigned int ack;
unsigned short win;
unsigned short mss_src;
unsigned short mss_dst;
unsigned short wscale_src;
unsigned short wscale_dst;
};
#define KNI_DIR_DOUBLE 2
#define KNI_DIR_C2S 0
#define KNI_DIR_S2C 1
//htable_data_info
struct datainfo_to_tun
{
int pktnum;
int state_flag;
int route_dir;
unsigned int mss;
//test
unsigned char ttl[KNI_DIR_DOUBLE]; //host order
unsigned short ipid[KNI_DIR_DOUBLE]; //host order
int pro_reply[KNI_DIR_DOUBLE];
unsigned int seq[KNI_DIR_DOUBLE]; //host order
unsigned int ack[KNI_DIR_DOUBLE]; //host order
unsigned int len[KNI_DIR_DOUBLE]; //host order
//end
unsigned short win; //host order
unsigned short mss[KNI_QUEUE_NUM]; //host order
unsigned short wnscal[KNI_QUEUE_NUM]; //host order
unsigned char smac[KNI_MACADDR_LEN];
unsigned char dmac[KNI_MACADDR_LEN];
};
struct args_read_tun
{
int thread_seq;
int iprevers; //in
int iplen; //in
char* a_packet; //in
unsigned char smac[KNI_MACADDR_LEN]; //out
unsigned char dmac[KNI_MACADDR_LEN]; //ouit
};
struct args_to_tun
{
void* a_packet; //[IN] set fs's tcp_state