gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cmsg中增加窗口大小

Browse Source
This commit is contained in:
崔一鸣
2019-06-05 15:42:46 +08:00
parent 0ccc62fe08
commit d1524eb81b
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
common/include/kni_cmsg.h
View File

@@ -26,6 +26,8 @@ enum tfe_cmsg_tlv_type
TFE_CMSG_TCP_RESTORE_TS_CLIENT = 0x8, TFE_CMSG_TCP_RESTORE_TS_CLIENT = 0x8,
TFE_CMSG_TCP_RESTORE_TS_SERVER = 0x9, TFE_CMSG_TCP_RESTORE_TS_SERVER = 0x9,
TFE_CMSG_TCP_RESTORE_PROTOCOL = 0xa, TFE_CMSG_TCP_RESTORE_PROTOCOL = 0xa,
TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT = 0xb,
TFE_CMSG_TCP_RESTORE_WINDOW_SERVER = 0xc,
TFE_CMSG_POLICY_ID = 0x10, TFE_CMSG_POLICY_ID = 0x10,
TFE_CMSG_STREAM_TRACE_ID = 0x11, TFE_CMSG_STREAM_TRACE_ID = 0x11,
@@ -36,8 +38,8 @@ enum tfe_cmsg_tlv_type
TFE_CMSG_SSL_UPSTREAM_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown TFE_CMSG_SSL_UPSTREAM_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
TFE_CMSG_SSL_DOWNSTREAM_VERSION, TFE_CMSG_SSL_DOWNSTREAM_VERSION,
TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning
TFE_CMSG_SSL_CERT_VERIFY, TFE_CMSG_SSL_CERT_VERIFY, //uint16_t
TFE_CMSG_SSL_ERROR TFE_CMSG_SSL_ERROR //string
}; };
struct kni_cmsg* kni_cmsg_init(); struct kni_cmsg* kni_cmsg_init();

14
entry/src/kni_entry.cpp
View File

@@ -43,6 +43,8 @@ struct pme_info{
int service; int service;
struct kni_tcpopt_info *client_tcpopt; struct kni_tcpopt_info *client_tcpopt;
struct kni_tcpopt_info *server_tcpopt; struct kni_tcpopt_info *server_tcpopt;
uint16_t client_window;
uint16_t server_window;
int tfe_id; int tfe_id;
void *logger; void *logger;
char stream_trace_id[STREAM_TRACE_ID_LEN]; char stream_trace_id[STREAM_TRACE_ID_LEN];
@@ -284,10 +286,12 @@ static void pme_info_destroy(struct pme_info *pmeinfo){
} }
FREE(&pmeinfo); FREE(&pmeinfo);
} }
/* TODO: segment fault
else{ else{
KNI_LOG_DEBUG(logger, "can not free pmeinfo, sapp_release is %d, tfe_release is %d", KNI_LOG_DEBUG(logger, "can not free pmeinfo, sapp_release is %d, tfe_release is %d",
pmeinfo->sapp_release, pmeinfo->tfe_release); pmeinfo->sapp_release, pmeinfo->tfe_release);
} }
*/
} }
static int protocol_identify(const struct streaminfo* stream, char *buf, int len, struct protocol_identify_result *result){ static int protocol_identify(const struct streaminfo* stream, char *buf, int len, struct protocol_identify_result *result){
@@ -342,6 +346,8 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
uint32_t ack = pktinfo->tcphdr->ack_seq; uint32_t ack = pktinfo->tcphdr->ack_seq;
uint16_t client_mss = htons(pmeinfo->client_tcpopt->mss); uint16_t client_mss = htons(pmeinfo->client_tcpopt->mss);
uint16_t server_mss = htons(pmeinfo->server_tcpopt->mss); uint16_t server_mss = htons(pmeinfo->server_tcpopt->mss);
uint16_t client_window = htons(pmeinfo->client_window);
uint16_t server_window = htons(pmeinfo->server_window);
//seq //seq
int ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (const unsigned char*)&seq, 4); int ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (const unsigned char*)&seq, 4);
if(ret < 0) goto error_out; if(ret < 0) goto error_out;
@@ -375,6 +381,12 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
//protocol //protocol
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (const unsigned char*)&protocol_type, 1); ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (const unsigned char*)&protocol_type, 1);
if(ret < 0) goto error_out; if(ret < 0) goto error_out;
//client window
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT, (const unsigned char*)&client_window, 2);
if(ret < 0) goto error_out;
//server window
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_SERVER, (const unsigned char*)&server_window, 2);
if(ret < 0) goto error_out;
//maat policy id //maat policy id
policy_id = pmeinfo->policy_id; policy_id = pmeinfo->policy_id;
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_POLICY_ID, (const unsigned char*)&policy_id, sizeof(policy_id)); ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_POLICY_ID, (const unsigned char*)&policy_id, sizeof(policy_id));
@@ -479,6 +491,7 @@ static char pending_opstate(const struct streaminfo *stream, struct pme_info *pm
pmeinfo->tfe_release = 1; pmeinfo->tfe_release = 1;
return APP_STATE_FAWPKT | APP_STATE_DROPME; return APP_STATE_FAWPKT | APP_STATE_DROPME;
} }
pmeinfo->client_window = pktinfo->tcphdr->window;
pmeinfo->client_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len); pmeinfo->client_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
return APP_STATE_FAWPKT | APP_STATE_GIVEME; return APP_STATE_FAWPKT | APP_STATE_GIVEME;
@@ -515,6 +528,7 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein
} }
// syn/ack // syn/ack
if(pktinfo->tcphdr->syn && pktinfo->tcphdr->ack){ if(pktinfo->tcphdr->syn && pktinfo->tcphdr->ack){
pmeinfo->server_window = pktinfo->tcphdr->window;
pmeinfo->server_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len); pmeinfo->server_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
return APP_STATE_FAWPKT | APP_STATE_GIVEME; return APP_STATE_FAWPKT | APP_STATE_GIVEME;