diff --git a/common/include/kni_cmsg.h b/common/include/kni_cmsg.h index c4b37ba..70f2cb9 100644 --- a/common/include/kni_cmsg.h +++ b/common/include/kni_cmsg.h @@ -26,6 +26,8 @@ enum tfe_cmsg_tlv_type TFE_CMSG_TCP_RESTORE_TS_CLIENT = 0x8, TFE_CMSG_TCP_RESTORE_TS_SERVER = 0x9, TFE_CMSG_TCP_RESTORE_PROTOCOL = 0xa, + TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT = 0xb, + TFE_CMSG_TCP_RESTORE_WINDOW_SERVER = 0xc, TFE_CMSG_POLICY_ID = 0x10, TFE_CMSG_STREAM_TRACE_ID = 0x11, @@ -34,10 +36,10 @@ enum tfe_cmsg_tlv_type TFE_CMSG_SSL_UPSTREAM_LATENCY, //size uint64_t, milisecond TFE_CMSG_SSL_DOWNSTREAM_LATENCY, //size uint64_t, milisecond TFE_CMSG_SSL_UPSTREAM_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown - TFE_CMSG_SSL_DOWNSTREAM_VERSION, + TFE_CMSG_SSL_DOWNSTREAM_VERSION, TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning - TFE_CMSG_SSL_CERT_VERIFY, - TFE_CMSG_SSL_ERROR + TFE_CMSG_SSL_CERT_VERIFY, //uint16_t + TFE_CMSG_SSL_ERROR //string }; struct kni_cmsg* kni_cmsg_init(); diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index 3b76535..b6272eb 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -43,6 +43,8 @@ struct pme_info{ int service; struct kni_tcpopt_info *client_tcpopt; struct kni_tcpopt_info *server_tcpopt; + uint16_t client_window; + uint16_t server_window; int tfe_id; void *logger; char stream_trace_id[STREAM_TRACE_ID_LEN]; @@ -284,10 +286,12 @@ static void pme_info_destroy(struct pme_info *pmeinfo){ } FREE(&pmeinfo); } + /* TODO: segment fault else{ KNI_LOG_DEBUG(logger, "can not free pmeinfo, sapp_release is %d, tfe_release is %d", pmeinfo->sapp_release, pmeinfo->tfe_release); } + */ } static int protocol_identify(const struct streaminfo* stream, char *buf, int len, struct protocol_identify_result *result){ @@ -342,6 +346,8 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st uint32_t ack = pktinfo->tcphdr->ack_seq; uint16_t client_mss = htons(pmeinfo->client_tcpopt->mss); uint16_t server_mss = htons(pmeinfo->server_tcpopt->mss); + uint16_t client_window = htons(pmeinfo->client_window); + uint16_t server_window = htons(pmeinfo->server_window); //seq int ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (const unsigned char*)&seq, 4); if(ret < 0) goto error_out; @@ -375,6 +381,12 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st //protocol ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (const unsigned char*)&protocol_type, 1); if(ret < 0) goto error_out; + //client window + ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT, (const unsigned char*)&client_window, 2); + if(ret < 0) goto error_out; + //server window + ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_SERVER, (const unsigned char*)&server_window, 2); + if(ret < 0) goto error_out; //maat policy id policy_id = pmeinfo->policy_id; ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_POLICY_ID, (const unsigned char*)&policy_id, sizeof(policy_id)); @@ -479,6 +491,7 @@ static char pending_opstate(const struct streaminfo *stream, struct pme_info *pm pmeinfo->tfe_release = 1; return APP_STATE_FAWPKT | APP_STATE_DROPME; } + pmeinfo->client_window = pktinfo->tcphdr->window; pmeinfo->client_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1); return APP_STATE_FAWPKT | APP_STATE_GIVEME; @@ -515,6 +528,7 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein } // syn/ack if(pktinfo->tcphdr->syn && pktinfo->tcphdr->ack){ + pmeinfo->server_window = pktinfo->tcphdr->window; pmeinfo->server_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1); return APP_STATE_FAWPKT | APP_STATE_GIVEME;