gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-1484:1、增加使用htable的配置2、修改debug 日志写入错误问题

Browse Source
This commit is contained in:
fumingwei
2020-06-17 19:33:32 +08:00
parent 717f066b55
commit d14a65545e
2 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
conf/kni/kni.conf
View File

@@ -75,3 +75,22 @@ print_mode = 1
#self test Shunt rules security policy id #self test Shunt rules security policy id
[self_test] [self_test]
sec_policy_id = -1 sec_policy_id = -1
#kni dynamic bypass
[traceid2sslinfo_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 300
mho_eliminate_type = FIFO
[sslinfo2bypass_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 300
mho_eliminate_type = FIFO

11
entry/src/kni_entry.cpp
View File

@@ -1184,7 +1184,7 @@ static int first_data_ssl_dynamic_bypass(struct streaminfo *stream, struct pme_i
ssl_chello_free(chello); ssl_chello_free(chello);
if(sslinfo2bypass_htable_search(g_kni_handle->sslinfo2bypass_htable,ssl_feature->value, ssl_feature->vlen,pmeinfo) == 0) if(sslinfo2bypass_htable_search(g_kni_handle->sslinfo2bypass_htable,ssl_feature->value, ssl_feature->vlen,pmeinfo) == 0)
{ {
KNI_LOG_DEBUG(logger, "Dynamic bypass: passthrough ok, stream traceid = %s", pmeinfo->stream_traceid); KNI_LOG_DEBUG(logger, "Dynamic bypass: passthrough ok, stream traceid = %s,ssl_pinningst=%d", pmeinfo->stream_traceid, pmeinfo->ssl_pinningst);
ret = 0; ret = 0;
} }
else else
@@ -1947,7 +1947,7 @@ static long traceid2sslinfo_htable_search_cb(void *data, const uchar *key, uint
{ {
value = ALLOC(uint64_t, 1); value = ALLOC(uint64_t, 1);
*value = *p_ssl_pinningst; *value = *p_ssl_pinningst;
if(sslinfo2bypass_htable_add(ssl_feature->value, ssl_feature->vlen, (void *)value, logger) >= 0) if(sslinfo2bypass_htable_add(ssl_feature->value, ssl_feature->vlen, (void *)value, logger) < 0)
{ {
KNI_LOG_ERROR(logger, "Dynamic bypass, fail add to table = sslinfo2bypass_htable, key = %s, key_size = %d", KNI_LOG_ERROR(logger, "Dynamic bypass, fail add to table = sslinfo2bypass_htable, key = %s, key_size = %d",
ssl_feature->value, ssl_feature->vlen); ssl_feature->value, ssl_feature->vlen);
@@ -1977,10 +1977,11 @@ static int traceid2sslinfo_htable_search(MESA_htable_handle htable,char *key, in
return cb_ret; return cb_ret;
} }
static int ssl_dynamic_bypass_htable_add(struct pme_info *pmeinfo,void *logger) static int ssl_dynamic_bypass_htable_add(struct pme_info *pmeinfo)
{ {
void *logger = g_kni_handle->local_logger;
long cb_ret; long cb_ret;
long ret = -1; int ret = -1;
MESA_htable_handle traceid2sslinfo_htable = g_kni_handle->threads_handle[pmeinfo->thread_seq].traceid2sslinfo_htable; MESA_htable_handle traceid2sslinfo_htable = g_kni_handle->threads_handle[pmeinfo->thread_seq].traceid2sslinfo_htable;
if(pmeinfo->ssl_intercept_state == 0) if(pmeinfo->ssl_intercept_state == 0)
{ {
@@ -2020,7 +2021,7 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger); wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger);
KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d", pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state); KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d", pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state);
ssl_dynamic_bypass_htable_add(pmeinfo,logger); ssl_dynamic_bypass_htable_add(pmeinfo);
can_destroy = judge_stream_can_destroy(pmeinfo, CALLER_TFE); can_destroy = judge_stream_can_destroy(pmeinfo, CALLER_TFE);
if(can_destroy == 1){ if(can_destroy == 1){