From e7bf4a200191256fd184d14a3efa1abde4d8081f Mon Sep 17 00:00:00 2001 From: liuyang Date: Tue, 10 Jul 2018 09:32:18 +0800 Subject: [PATCH] =?UTF-8?q?20180710=EF=BC=9A=201=E3=80=81=E5=B0=86IP=5FENT?= =?UTF-8?q?RY=E6=94=B9=E4=B8=BATCPALL=5FENTRY=202=E3=80=81=E5=B0=86iptable?= =?UTF-8?q?s=E8=A7=84=E5=88=99=E5=9C=A8=E8=84=9A=E6=9C=AC=E4=B8=AD?= =?UTF-8?q?=E8=AE=BE=E7=BD=AE=EF=BC=8C=E4=B8=8D=E5=86=8D=E4=BB=A3=E7=A0=81?= =?UTF-8?q?=E4=B8=AD=E8=AE=BE=E7=BD=AE=EF=BC=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 7 +- bin/kni/kni.inf | 14 +- bin/kni/kni.so | Bin 74710 -> 0 bytes bin/kni_set_cmd | 28 +- kni.c | 1447 +++++++++++++++++++++++++---------------------- kni.h | 287 ++++++---- 6 files changed, 978 insertions(+), 805 deletions(-) delete mode 100644 bin/kni/kni.so diff --git a/Makefile b/Makefile index 928e735..422db9f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ #CC = gcc CC = g++ -CFLAGS = -g -Wall -fPIC -shared +CFLAGS = -g -Wall -fPIC -shared OBJECTS = kni.o libforge_socket.o TARGET = kni.so @@ -15,18 +15,15 @@ MODULES = -lMESA_htable -lMESA_prof_load -lMESA_handle_logger -lrulescan -lmaatf .c.o: $(CC) -c -o $@ $(CFLAGS) $(INCS) $< -.cc.o: - $(CC) -c -o $@ $(CFLAGS) $(INCS) $< - .PHONY: all clean all: $(TARGET) $(TARGET):$(OBJECTS) $(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) $(LD_DICTATOR) +# $(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) -Wl,--whole-archive $(WHOLE_MODULES) -wL,--NO-WHOLE-ARCHIVE $(LD_DICTATOR) kni.o:kni.c libforge_socket.o:libforge_socket.c - clean: rm -f $(TARGET) $(OBJECTS) diff --git a/bin/kni/kni.inf b/bin/kni/kni.inf index f57a18a..69947f6 100644 --- a/bin/kni/kni.inf +++ b/bin/kni/kni.inf @@ -4,14 +4,14 @@ SO_PATH=./plug/business/kni/kni.so INIT_FUNC=kni_init DESTROY_FUNC= -[IP] -FUNC_FLAG=all -FUNC_NAME=kni_ip_entry - - -#[TCP_ALL] +#[IP] #FUNC_FLAG=all -#FUNC_NAME=kni_tcpall_entry +#FUNC_NAME=kni_ip_entry + + +[TCP_ALL] +FUNC_FLAG=all +FUNC_NAME=kni_tcpall_entry diff --git a/bin/kni/kni.so b/bin/kni/kni.so deleted file mode 100644 index d252dc62eb6a2863cca382a90422bfe08a9fab17..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 74710 zcmeFa33yaR+CO?ucLzG%A*X?Wp+iEm2ZfLzAghF>p+UgNqKu=4kOd+kiCGXFmS9Bb zX`{puWfZ@`WfYfDMiCJe10uma?kFx%8K(oNagUCg`}6{M4?|bfj{`a}}dA;1E*+jLzsFS~ZGMriXOiOEz2%>rxU#%P_jOs%h$BCs*4&gqh( zRT68an&uM-^5}#=&sqT@^@)s`Rw<$ZRuY#_eA@6yRJv-HuG*RDVphOqrcMcJ4y61$ ztW<5E4p8;Xly!M!{i`C6`GzY5cuG23(KA!C-34eD5nVR@-A|7you~M9WS3^8pP4H5 zLbn9au;XvW+=bfHTUI9h^jT=wBKM_VfAjU1)$UczPmskx{GE$G+9ei$+JGusCrvNV zuFYWBTVo8hF zB>YVlIZc~}bO!zc3ZAV}CUfvN7k}sD?*jaRx;7twycWtN@_8Y0f56`#BN&;v3`sWr zmMDB4(tP|a#a|)*&MU~?|HhAR{b#KA+0P5+y>R#D9%rq}a9=s|wilOsj=%X;{F~3e zHuvo=kM#YsxAm6WZn-^Bp7;KwM`!OE)&Il0 zAAIx0wdo1Yci#5Le41a{uy^inn~n6`zfAt*#{1T!UbMCHy(<>=UQ=@LwmswR1D^Wq zrZq1$yDFym-#)qO)wDnS=^rT%zMOa7wr`If`}>_E*3ax&GwhQdtEaqt@p(Uvc(Uf} z`1jBKp|tA24cF`#{8j9@huu@2+*N!lRQTP?j-FfAH@Zq^I6}8*lz>7V;BSI+p057A z@UPS1bvVrF@P|66{~a9hboIwLPLKC?K0W@=9mv_Y1HO|Xr#Y6a=9tj|U;1W0Yekj+ zTL<(#9q9FG2X=nC1HIOCQ2)&i>JI?l)9H0D>~lK&@eb&3=zxAo2YOX^K&P?;yuX9~ z+Sq~pzvzJPxDNcSwFAD*=(p4PTYd-nj>P6`JEl;+q(n*e4qoq^&RN@a|iOT>Y)DB9mwAkbbLx?Yw~Fa^^c*_>Fo9p z^g5kCKLWi@hlhDi%lA(m_}hpM>W4b8+w>0T9O|H7k~{F*8bQacO`0yPvmW;4)kn~A zYuXSA2dEIPqhcJnwJR=>@FIm@sPJ!IB=LJ>qWx9jOE_WT`b^bdApFFwB~fu)U&%y! zLe-zACRfVAi#G12#c2&o1sM70r06`KE>UY#$;)WhO>=7#(j?*`Mduf#?=*-4q&;z?|R`!>r(oVFePubI_3NjU) z@5V^PzZHIwqO(ZVS7@zP$$z$z->VAzqJGa)`0j>W^sAqS$%<1|{fCiKo=ipGj0xwc zetF?iS@9C3*MmwXLXiD>{a+#if`adi5REoe5LT=;S&F$s-Lgu9~~pJRvO672kT~ zX}48_1zOvr@LG2E(iJ7e+2s{EWfj@kT6RHUaiNwybHSYKy!^8KrG@1c`DF{{Of4!Y z&R>wTq$ppOoxUVHcU2AvN2IIb+>#Y53X2O$6j)wSR+(F2L9EEhv4RD8et$ZeiAl!cwicqGVaQ_$<;2i}Ne8fhg6M=2uh{uE;Mb$je!+&GFBloV_fk zIIk!_yR5R91=&Rh8A<9_mK9dyM=Et>iRhZyD@O~8pfQTwM3qaIS7hf`EGtC8X^0eN zEt@|go7{^a_OgnS;&NfA(wyAoFvpV0!lFDj&o4uVijs;Fh&Uph{X}32v&L5BmdZS&uP86cU0zaJp_R&>TvAw^ z$2MaXwG}0Kg$1i+bxX_n>DgH;FK0!ep(%VpIk6;3!&e|mlxYRRDJbFDU<{+@6qdD# zlf5Kod102MBIFYTR1U>b^sJU!Qe2#$TOnjRO?$LGo3@DPlyMHTip`bKrsT?YZD}OI zs(n+TR8|Fii|j^Zkglm&gf&KO1u6=G1n0{u^OojkmlxBC5gpNP4q{MtL1j@={?D;Z84$N@cjM+1%OwAsVmN7Dt9g#LlF2Hb<%6~jk zZA(qa#K@|$hE1H|nt8V5W!5zD#K=pQ$U5?qCHnvIe>QErSi4IpZmzurI~Tilslruy z3z4&F%kas|Jl8k(W0`7wnz+^{%1ykc@Tu+aCcJsQtPf^U=fztsctcQ>AKNYX$rk($ z3*LIZywif8WvRc%f*)wX*IDp67W`og{t^qm!Gc#?3{iT-f>&F0fp4_ni!5})7QEWx ziPB~Z{v1pF77Jc&RYYlGl~1Id@o9P#5k3nZTaCz-YQd|msVGag;IXxeTw^SF_L+HQ zTJYp;UI7c9_X*4^%Ys)&9HMBE1t0Mtlq|O3111rq%Pe^1nxeGSf_GW!ud?8AN)x%N zEcmzxR?{|F@LeqU%@%yT1;5pTkMdg!-rVD|*$xZ7tA)-^3qIe1-($gdv*7D2_&f{# zum#`Uf^V?kd7sI=j#%(LOeE4q3!Z0#<`uT!&oGfln=SauEcg}+KGA~LHuwZY-{~cC z^252oCo;sJD{}I~v%x1a#G7XiL?mwTG2wBomLziW!?(dFGQ{^5Ir)*g!6!1rCySi? zNZ;TS8RAn!PJWEp;1e0*`-q(U$lTx)8RBJ5fLdUKgosy1C88k9g6}IZ@?((&f1w4x z*n;n8!7sDm7hCY97W`5Rew78UjvPg4l?C75Qh$>Lf4&93*@7Qn!Ed$T2U+mjE%+H0 z{0<9#um!))aqXn;ydIUaf z!KVp~{Ajk|)e)j7XtCgz$g1*Fod?lRGA($g1wY(^_gL`h7JQ-wuZ}=Psn3GXu+&er z;MI|%C{4HEM_THSvEZj#@R=68xl&?rz=F5VUs)EsI&u`$7FqBsEc6#!@Z&7_Wfr_T zIuoU(7W@QD{Z$rxt_5FZ!B4l~H(BuNh*gvZs!uutp_sLo`Lw{sx{8=^wFAmlA9Oxv zX^d>^s4`S(9aw=+qfaJsgqN{WQ)4TxftM532{#CM31Lp%O?3jkn6RDjP65v&3}#x> zb^*^K%qhBQvw)`%=G5F&CE#&{=~hjp0vB4JKdO`8RLfH0@1rYZsNCCsU*sZ_v^66Vy? zv{=9o5ayKAlqKN12y;ql$`tTzggKQor3?5b!o3Om1pH^hoI0930=}9sr;H{|z*iCO zL%8`@>R(3KN4QbImlNg`(9|H{C4?E`o9YC7G2#A%cM5nO;Q@rV3wRb`E@7KC3wR1) zhTf(s0gofh(Arcg;1PrwQkxbF_)NkKrA=7^?njtQ*``bZdkHgiHl+)=8)1gbCZB*^ zgc%Z>JOZ{6W+-gZ1pMI|V$C@HE2P1w4zepYUb@Pa(_@)>I|nafD|OE*0h`q!kGg066RFWlrG?Igl7}>3D`w=4q=agZG`6%)&K`;Vl*HEH50%2 zqfc8H7}635{wq-35`U%b(&rFB2mC<>&~GknZDf2z{TEOX^$%F;?{BdOf(HWok53Bd z4T0BNDn;WSokim}D!#ci5IofSDce^~{43gNm4gG-6R%r@+(PiHhyy*>g+49379xe0 zp&Kqe6jO?d`nS)qRY983=NgEtA%ssnvJlNG20^%`Ai(JET}XL=2CdeHOPekN0i#b9 z>o=Vz@`6oZ!^xdM1%hjL1S{_e1Q%`%g#25LCo*lu6LrD*FyjYv{$B)sw^rR~7`yBC zH`)TZ4Mb77puZW}=1`^sExv>Y1^p)_!U@EO0ue5#_kXTw_&f%7_5M0ag7mOTDFxv@ zA_X<$2~CRd4-CnIp#O7HY!mEOi9IG{s40cD{B=(+NXL;gnNlwN6+y#ihQ zMI1>YOOXV(tP()u%;3R5&Er)7gxl`r@+=ViF%W$H+rWdNjiT1p z00TpH9b7-FHBes%_N{@w2lgbgZcU&Kb(nUqSp+7Rh6BMPXrj*y9+>0@9ZmN!zgHCg_(NcMohLBlU?A8CGH8uK0*Yt>t2IW3_kBM=l$wooLK%!? zMjq(Oun`Du+)Q-+#;r)$rECf8c2QYK2WSVOkW8vuJY}%}SmQ*DFbEin@m8PdR3whn zXT~wB)VEqB%3k^b@Pk`=BG{UQjY2u1YXa!IjqD0c7=hqx;k81O8umnJBYR33BKRu2 z?E;qV4^O(LuHu~Vg6~iRjbqN6=YvX_iIamcdY7lhQSBZtBiWZiWzCS3fchu&&9j5Y z0yX)~f1G?tWJqNO*S;LAJPczs?By~nV$}=2Z*8q!dl-)nAXqhOwiBI1>VQQYTA<5& z3$)BYaDSj?VMECOa)2TVTZLnPY;BcphXLyeuKfk$wYhr5FZzkTaL52+cEkeB=2w)vkKx%Dz5)74PUyN9`jsdXE zvX7v4(BD$MwneMBEPR0}L!eEDFUFWMoF!#QI7J2*oB22r;z4ETKk^b z5zr5?m8}|q5ryOZyNv7KfP+T&RhHRTH8Bez3VNmm=4^>JXW(0^@mmeAN<=?4qkko11B_vZ9WX0!Cwjt{>&OOu!|a3*4y@R@wVO40Yuo?JZdRBK&w#_~B+ypnvCo%^{9h5Oe!n zpKzF&V!S?sjQ~959VF47lE;>2_~yjd#yb$4b42mSTq2fgLJBEB5;$Q+Cj^)r9%c$~ z3>hhaH%fp)DZo{y2=Lig2pE$@Plwl@1HnI?BLxr535OQ`GCBBy^!53Yz}Qm=+yw$K zW+S-ngL$Cl!~|3dyI>)!W~W;9G+Ox~ew$VofwVAdd_=2hN;+xQzhJ)wv)+Rw+N@pL zYZZ5Tt=38cxu+0#`AcdQ^Y(0I3|fMLw?Z};!3I%l!Q0UwqAq9QtxnFu*CR*iT zZJ{{=xo-sae`*s`LZD^~>Fql^2xF;v<)7&6>XugH=DKU@jBBc(`iW72P|PezBoUp^ z58G~Z`#DIWyS?WZDzG)ZfB+vp1E82Z<0EZr$Zn?T)Vd_}CARg^gkCvm65?VCR^1FS zm~LfS@88Y@Cg0puJLJE;6BZF58}#4&EWZ#Feip3}%5H)Y8xd9gP2-7$`(|TN1OY5KW#OvSuL_Q?x@{hy#u4u@dbIgnU*-{dC~z+q{V5d1!Z338| zfP721n~-&XV6R@KiGP9M;lPi_12qm;V1J9j;0eV3mPvsj$TeU!jFo9aV95SJ@Wq1Q z!XIGM?HCcXZTQq(TbPSt>mCm)6WT6>A+(j9@ECj&6%G@@j+nC@gfI%lcqyQ4ZG-a2 zsr1!m2Mzt@LQV z+$^$O$Tat=!G%~J&*8SDga~rUan0Xk6$FUDxhM)_rD(aZ z5!q&cBuMm^+M61*C^h8~Q}CH0tYL$X^CS!N84vQ!6;i!FES26!tkSz#IB@fXOk?A# zR2O>)jC5H+EWLVwn;5JL8R?aWaFQFY7v5tM+=%Krfqps# z7|aQS$@V}^Wdnjd7YU&rLs%AkeQz8kfN$u6Dh=MES6&#X@o%496G#kU|57st^@Ua; zp`zq~L!<38tLsu`2OR?tNkO5c2{Eg8pk_-cRgF^U;J<}J!oMS?<2OwM!DpO5N6clq zNX-@xkfQdJ+&Bku+z790*IPd}ROMNy>5Mm7;k(a6xa0bF5)!PB5=C=)}2 zgWodA)1-5_JeHDzIAuD#vfakMOt@9>n?1)-fVrM6h4Z5%?IWI z66)V|%;d)UKMqCx^CR^$F~G5HhoH181?3$s5opo0a}=xnY?=^hDo;e(EQKf+=B^0a z^CQ7IZ^0~#W@6jd;WX8ZS}k&73X9`J9R7NM3uBUDC_&#wBNB0{+Z#cO7E&URp+t>s5+Q3!)F>qq-XCS>Bf-kI5WpMJRq}*vUo3L+ zMEuQ9IdmKMvdn^hTA+`C)yBG2okRX(8|zk&g+J(Lp;ITpMKCZ^F)A1&gZuaPV{5uA zs(gJWs;n{ly{QV=a1G7N)zURG(;Q-tFT_rvvY8fS9PI^`;0JWGJmg4(1;7~yl=IZ1 zvoJ}_=1B+$;54UE3=;2zJ z6*v|jY8#7UG;u8fk^>+@WYx@VgdM{091YuuBq)v`Hv&m?kbAAs9IZ>Rqm`r8Lf<;p z55lxj^zS}5Lce*4p#KJvX!<1)`ZmxPp+~U6$hNQ%iyx)NrC_tM&e(!2Q3bV_*v91n z$))HNF0m0V+YqJLX;^P!M%3%LM%~{iZf%A9+qn_L4FaC6EsU0+2W)7@ild)JOYqdh zh@Ok31jkd`>v`SBrX9VI0D7wKisoX~v$7qRg>78=NiNr%!liG7%P!myz(LOcBR#)` zS6eOp=7flztH2umVmn2GzkOutIfAz&c*4qa$H+AH6(r;lrR~4#1*cr7uLnI$J#YMO zpNZuT)>Bv}U|T7J!?h4z&OCII#5U2N!Hsx`J_AX#D<1pM6#YuLHCI6JLCfqi4Wd}h zad5oP96p7T=C^~|)7%`P*ThuJXA@b9w5AajLJraN?g$IDNIDtq~a>(^;vJ_>;DWV*E-|X-o5Tc;u zX*fYm>iHh}Ug|k1{0y22HoL}1btRjRKpz@6_HVE8+6bE)PsheOqm+S-MWOj7r&&>) z?vb2Up2DengwsH9!c0lp(5ofNg4UR;TYP#___OzvX78V4)hti)<2zlV1IXQ|FITpY z!=te_*eNEHmQz?-CzBg6qRpr>DO_r@TpGnPL$dr!zxFKCBP^$YB~(nqjbhKTQ*Bi~6{2DPf_s0wQ}DDUj;{g1HgSG?SBdleD60j| zlH&9|MVx)8zo!*fQv+;$syOlO#c?5COL6c#$?4?Th8At|6r1woN6GUjx&l2?>uYbG zw1_;JkjD(Eb?^q!J+Oxt0gdKBwl^kK2FQlC0C~_FAnRaZvsq6|9Bix9E)LdlD4iMy zpTx+M@nJ&vj(3!SZyxCbZS%J6Z?G&Bs_WBUp-WL;82Ch4WS`$|$XZvmbHU2A-h^S46dso0!v4@D>?_Cl> za(5NRq4z=T$+)*_Xxmculwf2NnF#oBTd`Mykzzh>p?0AE_xFO&!4)BG^j`4c2$Iq^ z!wKW%%I@z{4eTeUDA^;MPbEAXaJ#8wj}$B6&EnqHebR=L&2-`5GXV@yJoAw$k}YG9 zu=6(J)B`eZl%*YP*=1?uK`=ZbV?H$VHI$K~sm0vr9~Rt)9LD)=O`J`rxH~hhF6=ON zTaI?IB*8sXNG7+Ma*5jgE$&~#?a{xyN%XPmwP9^lr|PxGwAEa}UYH?A4>oH)xG{## z#@_9RPCvBV0|i@~_-+L}@uk##hUy1GHNqI7EkgO4$Hj?V&BiR0;mmWUyfN}D1_YIm z55Ij4DCplD-Ek)|#)J_zlB{~nX#bm^1{-kKC*;35$OrBO=b(RE8?C>WZX@Rx^y>ohC=vq$HxxFD=hZ@Uwg&hB8*VTl@yHGN zJFpe%QhTvcpR-fd-J|N(wbgw9bwLofBDp!oO_)$j{cxY$$TwIv^4DO+1?LjhuCBu) zhqxnkSRn+^06=ttS=yoyqO=)wOF)-FlJW) z34ER>o$L6x87C>sSW5EX+LmA?s4PUqIgNWLta@T+!^teE(_!*|{2)G~k3XOdhdl(3 zIT!Ln8>iGJU1}4kd8Pr4pa&_0YDj?=hS<#%d-9W10z=?QF61fal@YN~p+39^U_@+; zEsNOl3B7Qz@)(Z;IaR`L^fMo!t=Uoste|qb+XEO!k`l-LMnOP5 zz$T9Q#IrOFX3TDT-WNwe4KO(dDQZ-Q2Kj5|j#>tXcpSw%6@=?u1)qlN{@ zRJX*4XOlU6#B+@s85QIc0~IfwuJ&;11g%F(4WQmCHMUAQw!jvLI=IV7eq}ET&!@b2 zLSe%}hN!6LM%&-sW_x+#rw%DXGG?~Q^)hO_P2tsDq3Eb_La>QhGuRvkEg{@4$8-9W zVI8$NWs|!HO%7p?%Z>q2hN5N}K^kQQx$Xs_e2aYgphaj9SrPET9Xx;a8!11|XM;r; zjeg`=@JvLPM1tEiidnOYb3U@pnC16Srxv54QoGrO0P%+ z*qBw(6<{O4SYw~Rwdqruxa}Jhn;_kGaKQS>ze6lKa7?*5=--9YnL6N6E}k@a5FLx? ziLiyKAlBH;CHtNeT}7roycU*6j1kN5m?HyxFe3VqkF$w~3F;yb6Wqfx%fke_gj-`o zaFC`4aQ-P8^B(->=zH*U>Udu)RJjR8C>EaGszSiRO~McUhFi1Yw@^YgJMLohP*kXf z;TKucivDv>=!A#E=$uVQgfB)JVNgAdfCn8gU;9uTar-$akjC3b4uB2frysvIy4iq zov^p<_^MB4LCT$b16C&WQ8;C zog`FHUr$0w!&hcWm9-?I_2UiSp0)y;{@7s&z7r!A96wAw0LQ3Mq26Q}hk{{-c%PJ04eVpcC~tB#_5kU;qJ zqpXhaL#a}L+uSRN}rE0A)Ydt1wVdoOF16eF_oCSC!hofn$gyR6O zUIKWNg5{~rRjRh}>|vB$0!a8oO%I(qh-0y@dDo$)OI;igH9h*CqRkl*ZEm%}g_hBh z$}Z}G@%6xi`fo{aAns4r&ji#=h)-a}e2$z7y&>3J-qgHVvU?PWXyfg8#x!24BzvDE zi){qILI~R(VqXd4T~Es5+2oiFky?>2h{ddsj6M6%$-?SSLlp?LP~iEHSj;Ro<1{W} zh1~s&K2^gz5Iix4esRM97r`-*H=scHJeeQB{3PVV4+uZ%@vYaVAuNVsjw2J&&^5e^ z{UHEph?uMC7&TqalU8^LP_z~9dRj>OAe)OVl+yi0G8DRRCNX>^R0X}J+o)qGX0_zu z3oSfpt`uu}d*n9=)`BS4%Ll|Lc@{Ia7Jd)7pdAe}Pi@Gr*Fp42DD5Xp@hs;_jPir% z8QF~wz#{OP6F@{O@X1rE8&Bj_Wefrr)r4H_sm#cE5nzAjvH7$bYR|4`6*xTSx}U- zbR2Ma^CsTA%UpT>72^h04#jJCnN+OAYh8244J;DbN|hIH$i=%mQ-_Eb%nrq8aS0lW zw_NgFzj!}pxi&m6f8}tzt#>%q1zP^9!iu!CG>z}fHQ!g9I%FJQQtY!3@fDU+h#b8C zxdh^rx4k!$u7|5#`$E1R`F9D(W}+S6qbXiwtQtTA^79QWcL_eCoWhE?+oleY)%wb6 zs3j`N*CDf(xXLT}f=H+g^MRO8SP%wSQdtneu%c+@t0?iIr4KK>##^K-^7Dqm-0dru zo>Q8k<*yilH-+L=+yyzg`MzSj!ji-*N=kfqG51m_u6n65Uu^9wEb!sAxcRH3$TVSY zPFWres4iBnC^2=4^w>}+hgyBb+gPLCql_0&m&+F|N1^$8Ws+n+MC@t$0bl8={K)be zV&DApv*-C2&i7BAHf^32KQk+P!Mw?H=Vwix=byVk6R#<5dwa2O!PKnm`3oj5@N4tW zpL$;Q^z-M<@cYzzh_%#dg?YZ!C6!RS9PcysS>G?3w!CE05SN7$)F!cc{;bI}=SdT3 zk(d9ry|K&@$?5u0^$%XJi#OZPZ%^ygepme>-r(N8wsdYV77>x=*YJ|&?D8^1 z;5-b~^6b3w3TCe?##?UjhGSJ?g0j?nv$9DiqOc4bc$qF=O0KE*_!i^E!gJ1FIBm9H zOB;?i8AJO5rfJM*^6k19(<}3f@RD@AhjQ_6z?Y% z;#+8n*7C)|d@-}6-v(!kHu9u`tP7V8FD%Z*AEFvUVQzMA!P0EJ5?YI@!Z&iOI^yNr zW+k-1i=ZPfYsO3?ZELl-3fFCO4JAIMo$`kNuA$}4#p>0_ruqA}F~}H;cLR?ela`U5 zj&~4?>-S#*9id@PpPG0*vwF#Mq_mwCInTE-ZR=Ip0|@JB>_o+%ecJw2&=JCIR1hkr z%$cUmpF2~eQjX}?L`Pa-F(FC{F#%yg!8f_{CHWF;BiZJFtk#AXf)y4>C*XXU?u#;< zud-AtE2*r=_hC`vQ?JHHx>D4YYH5X~f@isJScPvzPVv&BeBZFizN~rvdFL-&Fmvt< z->_02rU2itLdjv+<-P@3^Uh!N2j8$^6&NC`Ru5Z|Q?}ffzA9rl{(vnh9#&dXR^c0! zo<1i16hDz`m^LNwqVkd1WjR->*J3O8DU8z;3+CnH_m4H2Eyq$ z_1%Ot3uogykTxPcjMRl&8)2knxZ~!;?z9TG>{5~Paf<-bFW*CZq&tqHJ<|I>LVKjS zAEQ0ewMfHAy^Uy(&Gej4&>pEBUqi`4`V`Vqq<{N2^hSDh6ZA%U=keCo2BbfoXl-pq zx)29e9vq&`|FX3;9ckWot*wiYzJ-*(FT{(d%e?ff=4tvWkDe6Q*-2Xt0IoOwvL1#F zKue4FOpi~TWw@_&R%w&G140gK}yic19}zu zC}1u3SKIC9iYh3TbgoCbb$4s4_)VG!oly}w525@~^l>lrO@z;^>+RJJyURvqxG3{m z_`4f@e;E-b9orv74VHh0zfVv;)mpwz5@0zWhj(Bn^N>|u`+Y(VmX8E}GkoepYkS*~ z2>k^pp93FT6IFg?q`U&<_oMv%sPeZXMU@{HKA}L zv+SY{n^DdWP;V)GSo}7USmrE_h3w&2{|I=_JI-l+feT1Sc@vp zjg&u)@+BC9;6)8U+Lji>TDDTtI+A4mlEK+_|q`WuA@H#xm zCLW)Pls_J!KLO>5@8YdaNZaK9C1T%8fd2_&eQ%WhkGJWM^1tATS+BKxp(qyeZ9{nt z%I~n2+qOp9KaFx1Vu<*ytcZMRLO%M*2PjYeptV)}#+F$w$IE>V$wu&TI5h1+#2Rr7 zV%D=g7U44h%Zjz!7wain}2$~%AB+A4mN&1`S~C}O8Pl)v~{YpeJTwn(`*Qhp7} zUpR)?6xGl3Bjxv?Tu02iB&z(PNclmOPed&IElR$hgnR>lJBIS4aBHjhEjE)s$BUzr zvV!#2IK(*zVr6L*o#hcdhoXD|%1`I7Z1TU?|61UGE%3h<`2Vs6%-|Q*1Sp z-*2r_{xJ%HyCy;()9%d*zC00P5%EsP1D!BAcI$EXEReGUH3skyNrPr$T7M0$s(%mXOq|$d(`ngJfP$|FQ$g8JH2dQ+l zN~f#zLX{S%lwZW;b*)NoQR%%Z-L29?Dt$+#pR4o-m3HDn3Rh2+4pQl8l}=abg(@vj z=}MJetI}Ikdap`%tMrgc-%;u3D*ZvFodzoYDjlTK(JGy;(hF5upwg8py;h~SsPtZy z?pEm`mA<3W&sF+^N;?fw{8c(grK43kU8NVQv_PdRReG&TXH1cI)^GJufRGTOtZ=Z;b)k?(BRX^s(#CY{Wa; zECgYDp9@%E>ug7$u{%0viSkZ4D7V{UCZ&P6BL;VV&^Bh!nP{}!j*{yu(8%@*o76BH zvjQJ?;;$1wbTZnFz-05{!+x`$K}S1;rNaDMAy5_w=(Z@ zcLghlrV~hY4~2~!x&YGMFQfpl31E!7kWK6Y$aFu9`{Rxn0R-HSlVK+TWVws+MRiAK z0W5OAjWOcvj?i&YiR34JsZH)?*E|Y9li7&pjPdEj_N1tdjM>5e@Fs@^lMRVv%9`8fZ_T+ z09)N3<1V-(T>#tNud*aV06W}o6Br?Yo$e0^oUIQ-n?3HsRC|<=tHXck25XvQEwRSB#O)6UG35KXRZ8&H=O$^7PTV{0N1d-Si`<67Mi( z{)*vh8gu&L_oNIy=-@SWpl6bd?TB!_jS--kY~&{5*PV=Y80dYBVc_dC z)`EUtqYwD@GrmdCwEjjeN(UId5SIrU-$1HC#(3}=Y&Yr&`1?|o< zy26x0jqRX3%s2*2nsE%;4L9Ba$8_U8Xpv$31(Zh^Ga&!j#yE_VkwyskQO2j>GTNws zgy$I7VK9v`7DA)3#%A=$ID>1l@kSW-oL~e{I>ERt6(<44Ukv;UGWdD{8)>8Slab zZ)(P+D0>UPdV`Vhwr2RC$vbcmK<{eC7F0Q+8I2I)Jj zGxmV(zcs@F0rADE4G_LbGd_Slk3%HTJfRsGsB%&>ZbAorp&7Tr1Yc^#E9jiBG@}ST z*sK}nL+YKSeW%Y&8URb-)qJsx2F97rO}Z;!q({X7R_jZ1%HC` zg5S@Yv2K{A{Rakt$??s!M?mve%{ULf`I}}0fo#KF-RO$W zsnLzUAavcJ8|iS_8+BtfgxIVbuL4=C8$~d|O=ylG^%vc6LHC<=;|+A<7TrjN+uWiX zyWwoN>INT$-U^XG`mee%83Nv>8+=*d?YeO-ns3vMTVTOEbi;?9{x99Q1N!|&7-1@*dr&M)G&vxEhk(s~i1LcAsv1i{?9Y<3i|uzix!V z_5t1a5>+15jm{A8A>EjY;r$QYI2Vrjux|VY;U9sVu+mQ5h=pYT)Q$TQksj5J>tUD2 zbmMPmw+oVi%Hz863Xr>XqW}Z?3Ej8|{<23ma^Xu)!dU3dy}EG^xId*EZ^A>K){S4` z4A1CBB{bTn8%qH_i++G(*6D`s!}!yUg)sR6-IxwW&p}Su<)Cixr8m#(#@n4S{&Zsr z9J*dNLJ;tTZhQyJoP?U_oG)}^0ZjKLdK$@Bx-kQN+l+2RAAOB7F!~1VV4iPv!wYS{ zg9Rb(_qtJwVgG|}^oN{3>P7&P;kJaqPx8K?^hu17fv)Uiyb24sjQImFuBv=SPn1`AwAk^G z!V`bXaDcAw;Un=|r3H?mP5fVpRu-6qtgt{AOm*@9co(2yM`QFH`om@{hD$k&Gtk2h zqZSya@d(0@$JhsPea7d&ARKQ%zf|eQRhaCmY{nl6IgEFpZI#m)NXTPc2=O6bA|bTc zhK5yWl0g`4zJw=Lq0tnWq6(MI*bE(+b7---P;pHBCu1-wTssgC;y;siOQK@OIB`2& zgCJ-8=d9v!mEtr0-?V3<>l=7Zd=u;YT<^l1@yCfzbsdNE#DBE{`E;y5*h{fXz{V5* z?VrfzBwQ^1dsfw4mtz#i|IDgR*Bp}m5A$)Z2jI-{zp}bV_VrE3cD)m2*p-V*>*k0b zrtbjSC`UlSFsDtm*bNXo(Npp(3S7^iM?6=IK`YI*9-KU7%sX9s`XOIVNAq+qEW1MU zRL~W>bz>1CO7M89laclqhGFNqhA1r|(X;6R z;+!z7CrJP5@iR64v&_aROvOTIO*G**G<9^cpi^#r&uJhbnhh~~9hFWiorC=^T)$7?pd11%bfq4^I;gg2u zxf2>Vx;3`|Wo$&Jz;!@IHy*_>u^E}2X;0fpQ0SgPTiLFIY~9aZ#O%j?pmiU67j$jW zAW%v0jX>UY7d#@NUp%ttK1aft?;~e~Q9(0q1~c8*3Z-pEA{^FX{BtPBSYIgNG=lKe zIOBWp>S_#!HF_Gg5GC2T3}W>)`l9cK7`&H|W*k3D!;0uU#MlwWU>{dOH^cQX=N|+c zO!gx&P%y7ALD0wC{R6rJ^K$@=F#Sy(AZEHwec?vBaTCg_py5C`dBRFsA@(lBIZwhH ze0o2@lkj#D(jN1HOL&K<9!cPraAXX#sr`_BFMzD(S`Hx-j(#n)7J-R1l#yd-IaU*J zXDx>2TV%p^EjFG#lsiO;`VV;ZsG?MHuKnmmnMZ)U z1miKGXF+!)E;|VIT*fDsHCGTG)w7U!TX#HTs`b452jm^D_t7mqmox7?<5Do|xkA)& z#KoP_9Ua%RSc1;D#Dc_A%OvQC zOT^=>TF-I`+T#){%a&?ADoke+BKkx#oEQRF%nai|xEa>5 zW2BsM*6plt0R|Wr#Bg2RI0Aueh8@-H#w>U~R+k7ux^WUC#b#UvPtlCGAQ=bR8Izx8 z^PzBI&3GTpHRG#(th@(O>8!BsLsobM6i@+?NjLa)ADi(Rh5~juVU&7B;CDJ%GxmLY zSz^!gA*<_djK@SVEo-itROEZnr){o%utlPG1@aEpVTAm|B;uVezCJIpHzTLZ^(DGC zF`0R{s}Be#rqFZawAi08Xvg%5&BVxdr9t9eu4_=Bx!wY^UT)?cu1}ytuP&>Rce*}; zVSB|h?-IV#%iuB~t~-0Rmxppm7%!i!B9ORP6B#=YHXDccR`8gEZw zf+;|utnn54bjhXng8P|fX-FODR;V`zNFvj>3 z23{v)C@`Ik2YfK65de!=V*tjk%NT|}bsINAp*Z7Se0DL$qE)=H2eH90_QGi~rZeH1 zao*b|z?818AmqJ$B^kTyu(@{|^A0iAy>~1}-YLeq_rI8TX|cb7#sKfVt0RqfFr2E! z_cQO2jUQkGpKSaf^Zno{FoDgx^CmXV#X#^r$^wXAiLSAE_dLjgorn|Oy{e!E1rG0X zU!oup-*VKv;&@Ah#rx7wuRanM9~%Pj6&hW4osYrceN|Xpi~SB3j`P0V9h$nX?23YS zZ-f|{>lnJ%dxZH;TI^2vPn`E?7Apyxd}y)BM;4nLqhQJ=|6(3C*@M|571oZ`N0P#x zGg0Kyg&nk{VQ3ZS?V_(kQE#WWtIpMC@{jO3Z#SKCB|FHmyWp<5ha=c|4V|MxbI&9D z1bs4EIJBffxS7M-Tfdh~y29?>6eVUhU80W^Q%kDCDDrsw>33qm1deCve?TUA2AtPB zR3MXM5Ldm!^!tc^iiFbie=z?Xl^U);#(Wi2@}}!gBA>D%Cs*@k=+830v@Boqj?kZH z9#0Nx-m~?Wn6J!3ex&|7^2ra=0;BYInIA)|jn+S8zJdeg9Q`xq_tFAm#NnXk{tX!K z0HyV6YCTW@x;sqq1_{9CE~Rk>3&8H4NCAiFjGm4@kHIEREVLO8oKB8Vr<0EBbkZ}O zPL3R>lcT}u2yvfy~pX~@NqiXc}^$$Dd|ZF=kZR`FUJso31{g2kV#oNQu79c z1yfdz*1R*N0fi#7tcpywDl)~Y$W*H$)2xd4l_EdD5>72C0X9hYp09razV7K*Sa>f` z93Det^Uf3A<#Z=<$j=u*oO@ghfCU2ZxCbzlE)+n5yFcxAp#T!y>)~16iv-Zy{UV~G zcagpUX7jmMklG&vkg6qZL0m}pUZV4)N{VoqRfKFo!Raf_$Cz!YJIk0KQ6b725=(84Dq{7wcT}~&v z*y*H|ZTBG(B=y~g4zkUK{7GY1LgKzF0N+dv#K$5)Z8@~O4MqJJzHJ9EB9hL1fNfao zIks6G)ld@SeG0MC5epZs?+L*Ciy}*ky>t#(QAC1T|3FfH7-RdtfOd7mN+78~;9Z|X z*QBKs)Zyxxi2O3*ovx#(oK(nsoa<72CSA@t9@iOg;-uxwC%6W zDq=P2cQUSnx}6QaX4Gl?irF;QcnW!!(bNY+MYA2jKuk^(-B=Itlhc`v{b3l63X?}Z z09LNc5oD4_Q-96%BU~f-9OfOau3(Zp=5^$qt_lR~4p1`(oE;sC$JdxzpHg_+wVx_fS^Zbf%;7Hyy7opiPr9bmdv8GHJ$b6iuKkE--9)x(t zl9+PylO)6eopQ@dpreU%iIiJ~i;0DB%2w%OTzIDZ^#WA!xF(@DQ*L7(yOdX9OJB+z zv%plWv{U}Z26CmHvYmOk(oVUP4dhBYl>%kLT~ceY|vW@`ZV(c zy5kFYTFNub50yecOCd&f#}{d|lseKG?efs<`XOkZI>MT>0`UDv?7rn12s`_MphO{3;-va!?EOa^a}s7Eq>oB0G+E83>K!+fGk z2=OlSF#j4fPEBb_!FYAugb1E;f(6JUJfxgt-r?#4FHZS_eeHD3q%2>uy2rH~lB9e^ zArf7m!}(LbCf6>nkQ>3S4~O8JR-k83F^ru@w6 zi6BuA0b<=4?Vgn1b^zy2plX^v0%KWokMIG|^#bIb?jFMd*aYBmr(o_&u?rwhOFHUC zU#E1|9jNavrx3AXd7-%<9tOar3y*g{L=D~gBtdR{R{(JWh;>h=i*?ce)dl|MUS$Ii zFM!@!QhyA_gp{uOZKVAXDRkHAPn!EE>m>-l=AJ<(>Y*6f5F=B13cxuanIa?#M!Lfh zH{d49*Gs`*$5ZYUpMbl#lOaJ$UqLh8y%2Uu=_de>`ziwc1<*}P3c;27r3}(vqg0&X zQ&RQUDV0xn{}2J_?&Fl|OnnSk+O&bcBGE_js}L(t(|m|Qd@TX6zHJvgW6-zgC4ChA z%wD^7{U8odeH824Yj0jZh%T&;VnuuHruBnwfKa?jb(y9fM1ShzcwS|z%}k~9>mpp+ zYKu~N9->d&i?+7f#Y1=)q)%eU*lI5s!Y#d?DWOHFJOt3E(8{*j3sZRvpih<1g4Dlv z1vHHZp!V9G>r-cU2I!aI_Vw@+Cr{O!PM(hq?9IZ93n2v+(2(*H-?KofZ@UD1q)Hdl zzwNbq)(_%RSihKi3DO_jRW(XCHQdr4<(H5ihDTlVQ)n-ZU zmq_gckS&d}1&={k(h6WM;w8S@fmGkdC!3^fLCR*U4M@>~+{M7SgBPhLsZo-Jq+~@> zvKlGNHGW3Ac$$@z0CG5$aSD!_xurfj)@Y1(!hyH{3 zUVeQiS=nn(t~rZe`_^|dEZA!s*PK-xDGRR|e7B;&xBT)Ng0CKH`lGxtVy|splR6hJ zsy{}mP;m&pKdtGz?geD8&FVBH58wIHcReYEBsY62S*+_Qf0 z{i@Ae)n-UxL7Aq%##;{P4D{y`L?r#_-{3AJ@sp}PHNv8ZEDBMD#TX9KXh&%@bb>Z; zDq84YEQD9E!UPOyUgA48NcC+!VDhu@Z8ubU2?%@bj`f3nR(IX5~)b=@hA#E@jF~ z7vh@W;tU~^S5UXrE`v}9x`O-!eE__QO`cDeWY;L_`nD9z&uOGNLD9Tq_+_vUK&e^Q z@L7WeC^;?~{H`Ja>f*|{Jq6|Gs@6r|c|W>N&(a5D0%W7f8M5O0GJzrPGrU@#26NKrhXC}vEFNBKO92%WK!*Du%a!#ai{B#n?Yzlw;^ z14;?CFOL@C@@Nsv(nW)ZDH2DccotcBCev)|^uJ?#kf-ZxSyO!53R!*Il^6-bxgJ6- z*09(9QaoHt1t#25oQAs?D3+ewTr4$TCp5R$hKq+U#%PH&KUO@PYc#;zn%QfQ6c6V* zO~JNWZSc8Dh(7Q#Ug>4|6`Ee9q@I?M$>tjrn3*o3Otnry;o>D3E6D8{CC#4o8MEoE z8x_2Bea1{w)UOqDuf6u+^%*abTu?}3t6h}QOkw`4z^sg6oI$Tw1`bHazD+rHRY^u? zL?Qil@nD#}cKiAaF7)+(=wD)XwAWT4tclx6o4|4e1KMkywP7=9@&>+dMAAVW-!M|3$m zF3J#VgZFef31wx>?SjfjRcRn&5myc$sM5>~J3^EGVWhh_5pbt7>>}bj+Zv!?11Mabs z*sF?YMu78Vtc?s2iZa9ycG=_*UYzlEf0VjyWK2&HUC_nGF2I_Af^$DHY%EkMSyS>)XbjWe%xKn;cRftQ#(z+Juj+OA}t5X_I5BVcp=L6qzJN=4>%2rU(KV z!a1gjJf;Jw#WbbGA}RI^8-=55$leOrWN$5&O3t+L@DVo4;7>{Evur$t#QeVw3Ju4i zSzlp0iB%fy+;hCNmMfyr!%!$K2e;!;i#6=EE#-q#RkapbTT91;RT2?V#NSc{F3S+n z`wANgVc5X@Fi@KT4*y^e>{PA9m)%&jtqKi>52XA2QwcdcjimmmNM#OwR<-G+ z%#dEr5%ZXhw}vsdW)x#4(VtR{F9FZF95Y94|3WMv&-W+d1J|;M8M_Yy&tCMNql(L- z;UB>S5im=R@}m)V=O!4X^lw}3w8391lIJUuvZp^%J-tkh%a3hxTrP%4V_{6)W{-u} zQ=}=A@PSKw#}ui)?N*8;LW|ALp2b9#CYajnCesU4qhHw)7v_2h<*?Txk71D^6f*3p z2Qq|09tAFj3|C>6*ZbKIgA--Q%ESjQ@jX_g`nErym?H`O2->GG<~3|yeu7W;L!9z z3e3y6kzO#^o-KHpAwJbE`#F=to@Yfdyjfm?I%1V-*M{Nb2Gfi^4`G#JPnu4-G);W} z7OB3i-*BbZwMwstlwQ}`S;XliO+?{q?L7J7%s5vODUMQeQ$%v1rU~XrHBGQcDiTzR zU?LQA)t{9jB7X6#YM29x=&_C$p$i4ycOJ#&BXBa+w;hFa(obU@loYX0`l$&jKaF)n zxlF8s4H=fhpac#Cxl5B;#yTzl+FrYB{oqd&%PmoU9OsY`OZjmZN5qevPBtBOVJDCs z>fpDvDEO*5_`t>et4Ozfmu`CVP$3$auaoXPR0*?lofOW5cdV1b4OPP3vu^O6itIaT z;*|cL=8*oLnekur=iv@Yz)7Mr*N7&#K#qoV2Muknty?FDLxzGI*U1rkcC@A=O-(bV zbA>oc(Y_?3k>F?ty+bTMwsQ(UN5Nct44d8um=%s!)Bsh%N;zmrh%qHHod|@K`6$VRdo@}!Dp=_0A&bq={-%NjggkyOJ<8?`(h#A<}dqedko z|9`diHPCHc_kE852|o#zY#EgNozP#A99twoQM8=IwjdB9VS)exfRac%eWpl|fCUl^ z0Z>x5e3^36C0lDcA9Y$Kmh5Dw?TKu!TX)*ZNu0DNjhy5p+cGQ3(w#Jm+%)U9BzC%X zS)2WS|9kJl!`HEMx+f9uz5DLx|Nig)>;CV(zabg#y_~Y;Z+4U9?Y;FjJU=FgvG>b; zc-~OYf5Kk*s7m`85`mAYv^P@D{J2W{U$^1;x4KC~_f9jPCsf*F!1%6Ds5l{XYu9h9 z@PB<7o_|M$pC-}%l*%96!RmTa<$nyd?>eL6e{u_+&#LE1*5@gC21XoXPTPB4!XPJX zCUwg{iDzD2r%w}@LK?RB@EL5`wN8DuAZlWeyrP%bs@6kU+T7Z7pil~t5XYT`du*?CZB`+mp|ycB4Et%pUDpVAcE^^nxqzwz1khGnoG)$hOi-a#46 zb3ICwdae@wI?*EELja5PCsONTkCIxC42sxR=wa2t+!g&f)}tuxekC!K1lFX~;p>CQ zY^jHH=@g&|8XC-Zmmv~&z0`AFgXTXSma3~A_3_ws+8QySc}YM+K|+M}mjp883L>n( zqyb}ubroBL^&jg@pHz8Us%77nmJu-0ui99%QH)_f)!_WU|9t0Z9qm8pXoF($dZkC1yx#Zju$a7F?NK(bg3?BR-ow05 zsX?)M{k%sRyB}j)|n**$1d0G|u-!!gvo&JNn zP{C&qiWr;@rqyv_j+? z0t%7GmELhTNZ?z2mc`m-9>5PS*;)hluG1&>5v$1c zB255^GyxNva0C`wv+oJ&zE|PeS>PD5qVqYB#XalQiMO?Syh^qDdZmpI2 zG!anh6GzDI)4P$~N?^+y72dt`L1}~~8-PeF{+_LPnr&SPD2`MZ01M=+g7ZTI@4eIW z^~k``7SGr8z|$mwCi3{e%j_fby5HLU7!$uQaN8BC0vFz)D)69gZ`bLSyP-LKO9#8k z!#9FRw(f#KSi-4*4b+9H_dVgiAtQM-z}X1@#y8&+KHiJ>59sIxw7bAcelqayp!N`* zZ*x?!|EO;0y+3BLyLIrZIyn3+8}nq~d9Zg1HJIPK2N==yc|p)y9#YX{cN08zo&Mlk zkja1!{sm|qFY1~v=&C%Z5d4e!^+0{R!t=f$u9`>W=?9G1TLnt4ASe)Bab?Hd6ux&zJABc7RyV*5)>L=v@s&kgWf zcYOrw#nbOu47(6 zmv`O9NxDt`{U)%&Ja=v&r%nE}4!r9>?nL12EXevxRJ9xPaUkw$q3jXJ>0Bt=yuy}F z1wOSp)~8p;swJ^LwItTpB}-y`YDuhLEs6E%C9!(3t6syZS2L;=huvJP;=kdos7sG5 z)$o1%-{3jGr5e5`-p@J)eh3)&KEYt0by*3wFXGS6<7bQ2&BZC*+lTSe&BZC*S5sc? z=His@YnW>{7pHVze}Io%oYHgcMLu$IO3(E_z+;a%w+1%7iXjr9b8BGp-yzrv(781b zc8U^bU;;!IfJN2&zQ_LA6LAs1^wX z)gpnQS|kuuiv)sdkw7qT6Bh{t^&)|8E)uZU*rPq-v2XuRqIiHF`}R-X&!zouv2XuuJD#zQnMwanMuc@4(W;*TM7GPU%c%i(ZP~yt=c>&ZSz(5_x=u56%i9*z ztG-!VX=1p7pTsJ4h3!YZu8c6Nn;*t6MV(LU$aSOCHZe%u%#Xf}#8u4WW|hbOE&o=> zHs+|UVvf4?FWH!lheBeF8dfREfV#GI-L^Fp^l!a>>$a||F1zw-MB8Ecx4tF#)?ge6 z>A%$q2Jgjpv|m30P(58;@lY4>^(HGG8UUTT>`Vn7Xf9me4XK}?YWO2h5fTz15>upj6Frlk->>d^vLJ78N1WV|> z+LP1vdSzh6L`Cg-DOcCO1%q3Hmj{{pntEpSz-za6v7qaE009h5x4lyQ4Z1ve!SufX zRNC|gotM14aSIZ&guZ$xUvJv3;d}F&B==iFy86poSth)_O@{UQ+}7W9-?ggambb=3 z?9KhxeEh(*On^C3)1^L8mYqR#`&9thuHlC8+wrP_#%OQu2cQYVhP>`TUYnpJuT(;>ojOIGak^@(XWHLSp6E-mC~<6QUGYzo_aKluXd&VmTE0DLIWO14fTjk zK)Fjt1HRsO?b|@}_jvw^aCFL&D!Yys~U)1O;4h>#QOk7)}v8n5h-81%OhGq7~n+qt1SLKge`XGEbbrQj~mE+bsqcH_7@0->dBRS1&@FbU{NgN z5wzWef}vK6OL_HuMQxdDz99w9a6(=x33oW=HvcMaZ5el@#$F=3OQn%vykS6?qyZ$A zqL7E$8Cj*`rn}47ZC%|pyhrwMv z=<2Ij3U+t~<80Wxy}-SpG}MmHR#+m2fM|e8M_KSAN?p<7b$&@fn(GD&HeU3?Zh*P^^AS|dEYI)n2fVSXHbU%o}RQr z$Ngpd5gp$j`jhFQA3f{4CG-J%X6>AP!WRxb`G7r$7WLaVt=a2E-+kNf9kHj^?2Upi z(tFBx*LHjDUV;T*-5_7M_ujB?I8=My-Z*!zwEp<|xu@3GpL+!v*iZOkTYYzgp7z}r zI%_X3PHbGXpY`3>`)OZ)ukRr0G_k{e>fWdAZ=XAV9t8l*>+9$X!u#SyH2Tsd3WdD`@_*1?;A^(k!ObpvE);{o@eKX2Eb8cht zaRi_7z2zGFIqAupYBl>u&)4iz2rl^c?C@7@LY;u~Z?pUT!6T+9=}uAe%0 z?(77>@bcou^WUlYc7@KL<>W!!j~@APWbNV1%%G3+fz06HeYWE>8F;Er|juP zUw_E=Hi>9|o6*|@UGNC)j^Xuf9aJ=uNv6c8?Rh?<>l!i z-|g3&vtRKgcDNu~2o$8{clX*MJS;v5DBbhqA|Cyl?W=ruhJ1H!Uo6d(`)K2@l(ajT4Kfqz91w+4G5+XD(u3-i+UneY1pr zHt@{E$%}mS7k}oz;ZrlHTId77m2=OYvoCxOF)^%OvZp7WvCsJ)=zRt__cdhkSH4?z ztbOF=Gxp;MxMTwdeDCN5?m3d_4+GEG8~$y+2e7ygDE7m^%gFS3-_4=V`3A1t_`H2= z{nQ#Vwx377r|jo8hESc4;2i|w+%rIY`=gSsnLs2E>YpC6Ym*oX7wn6`0pQ!T#H|MG z!bd-_zP`9Xm49e!rbcW-FT{yE475zhX$eFl%m?+HI@&(!3?KsjYUX_H>Dg+KQV zg^te*pRcX?Zrfo$Ub8pw?_>7EzM<{*#aGWig+cr>ayWYmpYiM)*kMl;kmf9~2>&IQ zp9Nk8);_&nc>3F<82oZ)FCd4WJOBBMFZzbAM$q%VyF>PizI`G8yQ-2312|~++s~sV z)4t7+FsSzU#NDI4%+XPZcr7tOb9%}xI*;~(0y%jDQ&U_Y3_4FHiRyWnHQqc-8VuPm zY4Fm9OoX4ioEF?%I4xK?d79B4{ad;~$JWp}xXwL0F$5C!IUsObBIfe}T240VA9Gxewvd?F z@mM0^DJGIhTMLeo4J5*3Y%-OZcCc}OE*9kh94c9KJd$xHBS)+S9G;P{A_Xd7=~FT+ zRRGV|F7>fo@Bl7qR+3J%@?T^LV| zrY)E|oOk6{%S4B2xgr$;630>3Y&sT=AB;ya)Es7nlpbVJ-K~m3+Cs_VsY?#drjS^P z*r8Zrj}whV$B|QfCWc0o7Z#8Qo4$afw<<0DlpKv6!O<*?=Pe0%7mcA&SzvZ-RKDDw zI^aZ8$y_Ftu$&S|i&c;#FVF;sr!!&ErXey;se~eNAO-whC$nSD;Yd7(8Qi2^)6EX}S!A6c&M8PWhwr!erfzMz8+jX3c{8ZlA_5AGR~ zim%PCk{Z8>2B@(>*+I&_zlNFRugv5vS|7!C9$BFxjV z*aS{N1ML(F0EnU}_+T+vB%X2-@hk|KU@fCZa~TjJNtsM#<6}us5}=swh`U<4ja@MW zUs@`FPI2Yv5{S**EUF9AS3|2Mr%|8_``*e%C!Ht|3CC{5BZ({!rM5b!2+P5E0?0a@ z&BZ3AZfeXTK&s}TiV6X6o>(1uV+Rj{oM2>wX&j0qoXM>8k3MS1L4T~`OdtT6t<5TW z8dt2rqM{zYWIY!tdqol1zu3^nt8{Q5u~{r{Xw@Y!0Wa<>|T39C5xHAS!?b zayN&JxHNhUG*gr){{BUi4F|WI*PU*%nF>9VDuDLvcN1r*;8|g@H z+~S#WtD1c*<*S9VVj&u8>X@WCm>Q~i+6$yvLVt!e{Q*f#MGeOCcqSrmaSk<^m&h3M zAR60Q3REpTu9NpL^sV$}Z}j8&!lNJ3X05rP2a1m+=4` zH4wZ-jHW(R0%KTsQ|08+QH(v8F4Uzo=jiM)7xP4fn|G9iC@q?NJLIKUQVQ`@AIxn; zizQ>32h+<(-ce#|G>wC;CSz8STpn5iSIQ7$2pgxM$)}=p zNW^0mS%Q{xkarCdfRc?Eo{2f5Q>rtiUc!O0?yyu6E=W`&0da%_isCc|u#zYxYcNBX zVUrnhWRDDkCst>Hf#qX3r)~*oDLjpbgb^TcTCI!!X(Pq~`(%8R5~HlNdSh3jUBz@Y zT`&bE(j&uUz9@&)PHMR+l>vEA!3CCNnLrUdM$e?zEF5vlb4?}w5kama(J7ZzVC2$~ zwocn9Fe*7q1SUDPjzvKgk&#ltd7i};!rRcesboBw8b!zONIDtA;K>>#q*US)xaO4N zgTxnC$Pir+9iy}^N)Aex;7MhW2ZSv$fv_2G6VhXfjOZ4n$M!US9kxnC)fF}P*M__= zi0Cr;m8#;pz_|pG3sNj4k*qsHW65X)!>2aq9)e0KMe$7`T#cwt{gD(DWQV*y2EUB7p*9glXO6R+#01tN2*&7t#t!4at-`9Mb|=mZ5#lJJBHw zkeRT^OkQ3-0`AZvy^bhBSpd5*do1q~A4tEAX9KE68kR$ZqD*WVO5rS^TdKhEN|--G zgv*NJ?iw+g5d@<>8jm}%Y*e}`jc1IQSSATRIjYE-BjiQOQKK?B25C(rxz@ON%AaUl zjbb?T%Tz{09O0N8;*rA+PgafPvK~rI2q~6RDZUF@yH$beD&P<-2lI}*1=gV-Pahig z3=+JKSR4r$qlWZAPo#h@w2ks-CO$Tfl9_8J2fUIG7#^4*ab=)%ECUT#35o#2;Z$bA zFzB&ZZY<+uM6Z&hV*A%8BNA~m!}N$-=@B(ziuD5GNl5w!$DGl4MzE)TSg2G?>+@vR zJc>3t!4}IG5rDv7MYmJ(4_gvX9de1clANIfCUbRFoqgvltmdHtVd{chn7Ux0tT>Ce z&)qQ=A0vm7Q2_42!C8T<07hBi2&h0lU*?qOk^k$xO4&!1H6rf}Tt z%^_zh9rN^k-Bv;*ax^gO6=AOemvI;qp?I}S`0dFvyU9e?rkLeMF_4)Qn3Vk z)mfq-s*a-c)ZnR1G?7a^8X^f$9IzNt4rzmT%=7F-S0Lxw5*ZYtyEvnfTtpN?2Pccd z5CyA5ZM9N_kOiESULXZ3%vK5j56>7S5bL_F1A&6ML8;MQs_YqT2Q4^S{Bwo|!~1Y7 z!60*Gh8oHWt27=M zpeVI)8HKVMWQr03ibFHPf|8$vkLezOkSYgLvbI%GElT+lIOqAKL#I>0HEXVrr%eHr zwgSNoq7;Ri`iP%QQ*T7a>7%Y`w4nPEOF-_m5g{7;>WVfBGF=R5U@znpL1_X_fmUhq zuCZu{CqCyKsKIEy%1s~>89fxw(&`sa9!z;F6p4yxTj8K;qfk+DbE)dPHIX@ zn2-!|cC`rM&!aiVlb|a}SemHTs)~t`%++#TT6l0Ok#K1hG@ikB^2C~wg3};XvAXWn zUWw8c8PFji2yQ{yXe0@_Fc*m@^dZ4CZ)m9%CPNC!gkW?$o*0$3FO+M*gB6(0+)R|& zQLLh*M6^8c4=(dQ~+FcH*-_NMGPE>;7LsY{cYkP;{pc_wvW3fM%w(Y0iHK99yQW~ZXL zRK}sI8j(|>l~snNATJk0(aBLKG6i#Ta%%DbETYgnDIIbI!<9hF%+hM;A}P58Y(X$h zfp3yKOTA}7-^2}pj2gZZ9Hy+0R?$a2=12CS(nCF35r>PIf%{xd4T^xGjFnOu(f~>l zQ=$c=cO_>4=V%_hhea7OCFiuO7p?xlo-gzOk(+4N%EirR0UzRk%u&flD~I4pqRd!kXE7&Q8bl0Ajm0dEYKu6wC*qGkIN*0Zaxj@pz~r!Un;{(hDl+tQ3Fl!Gigl2@z{t7Ckd6|(be*- zn5_t+VPc?>X%{N#wTD%PdF3k6ijBXLFiL|lMmP%CM?HR`aaJ7f~%bsnT! zS*a?C=U^N}oOSllSMSl}{3L>uh?BMDS&7^zW1v3Z?J`!`hCM7)iG5HjVW%iczw$U| zbS5)YS}+ufEO1i%YiOkv@Cqr^CsS8u7Zf}dGj^3A!z_TQV%}wz*>pS!OS4hNnN8;mp3lmX$5ML+ z^)z!_lth(ig6yTS#u(|gRRpp8iIw7N9`Xr92UW$lejOS4Gi+#Hn(wO-nY+xJ(vgZgY@ObF= zB6=xJRw5))W9WaEHhD0e+k+ZgQ#wBBR$p0A+-4c2OfcKa;ZS-u9XSjg2r6ugj4Eb0 z*3j^VN!YATP}G|*A8#s4TWd^7G6-DSIh8xOPg^4c<~d2By$OR{ zo3o2TG(OFhU{aD%PWmeJu5Qhw{?A?`qhnjNXg#jXmg+5*9Cza3eG1AVSb+#~f*Jz* zLOBgEWA1HG|Cd~}I4}{@Gb0T|ha{N-BAO*bg|bdb8IaZNoMbU2GgGGBoJfZ_rDn8K z2kys&iqej$UO{w%lHQ=9ctqcHTC+*j7#N%|q)|34&78RuLAx$~Ph}Dg3^%YzIc~Q% z=(8?tT{#}S&LDAQT-m=M3#fS}&|c1;shJ2@eAn<1t=XC6WDi7E0_j*DQ$ZytV#4cY zPqx}%hB2$Smz05-=?S~^8pwEE`+&ni3f3rC&&w-{g;SM5Q_YyvtW1ob5cyY8%wWBS zg(3`pdSHWiu?tM|WFi7p)p9&6!L#6MN={H|l&u#nVr%NW(u);dA(1WvGS?2&Yk;y4 z`=;^atZ@buqUd~?woxH7uET}UQkl~tyz8hO%}l3rV9d~S!|Jw2-GfE;yw0V%X7V;kKh(yVYHLoS41t9IT+vx z#^RC-3r&DUoR?}FO-}iVV6IlUlFX(Fe}!gjBu#D7b&}Bx*DjGlpazM(AhFo{nftWBFR}&H~sJe%m5wXr~H;m&6s69$N z!3?^HFWUU0bU1O40AhPGTPw{jtGRhstN?mxGrdwE6kf5lf=zWthay}SMrd?2nEc!_?KUQB z(aTaG(!~{*1$q)G^BXZ+y46jl?5|4ngft@IqT)93U(9<6wvbYJ>P@E(nY6;R_kt^G zc@2+X0pO(4YRn~ya_AXhM$gm;X{L~j{0q=wc7&57%7o$4qadxh3fj80LC$OS<)!l z4_1I9^La2}%+Yer7`z^;6rD=yWGXQPp#vg`nq=XWG3KOIa!Q7n`Q_BO%#TrU!E|KV zOh`fl21gdF2w}xW3h@P`Xv6?dt(Jit^1*8o*M+E2JKTq&7AQri-eZIa;He6~z$DFWwnY z#WY(cp@!Q{LJeChP#bgyI5T&<@S_h2waz(e`i*_5MGoZ+A!yI(K7ch#+qhcneaeoM ziH*T;(kP*#k1KN(u|hjpxTM-Bnwa8~ZV7#B`qwDk%52K1>ct&e0)2gKpO}lp>>%bWXb#fux-n5*C|ZRX)m^tE-X|6HX4W z;xIFwUNVoEjU`9*JhW@?g(?ItlcY~iafK5&uBjFb63$RU*41E_yy#)mqKblbjew}0 zEWv0e44=$H`3ge8+5@`XEMtQ|9D|%KBteZk(a|Oeb}p3y_M?$tCDI}Y9}P|$92g#- zBT6dJ@9Bk%GqfBs8)Z8tWoW0}DHWbm2JI9o%UM&t6oyKpH)ZbFba6b2xlhQLU_dUk zgi4Ty!%<*K7)BA^I-J5Ik*`C*oyl%iGKA8@F^sB~D?uwK4Uy=_>4K}--YoE>!3$qz zcN(<9#?SRR)YdfsobK>?^aHY5vuvg-9C!aP4bha#Aix;k#qIG%76r(6FAu?qk%bN`-t zl`{Bf$}#sTg#Du@{XShWb05^{S$~#o>aT;Xc|4f5F|44|oBIJ4~d9`yYuxU>Ahrf`#fcT+gy@-p|o z_dLr7{qs3p{zKkCJezbT*hWBe7{A@Pu3~Jx&%{*s=D58b(%{mmWH zPk&h@c&cgqHmC2`>6_vAi*Km(e~6uEyq8ID?$}$&?K^M0=YFZ)?luwi$EH_-T@#8( z%)w16<~KRGarNPE2!94|4E<*F4DR5ueqE!|zeMKhxth!Od}?|0qjp9P@P71zS{nY| z81AkoPgNa>!));@YyEtcUEjp17@L;oAYuW;#lWB8Sz*L~g~dG=e|EJKgIAN|-@+0fa> z@Q`KbXJdG;W$0pK_;%2_K5vjb`>h?8OUFE4{npi%p--M*z{g;tH`e$r525fGH8*Aum)9;jP8UBKnLrhK)9d7M3 zA?nU;rMf)uG2?7O!dv_CUm=|N?{CWI6B54_AN~m8?b`Kuolo<*Hsp)#;&+12%Tn$Y zR)GSc=Xw>-?cl~J?ea%t{BOm>EfU^}hdU&EhxM4|d!}eb*IV&$AL3(=w3aK~A$++* z_#+Y?w3?63`M3^m-e{9sf43|5>m9=Xx z@9=#b;a6h(HpBBh9rAg+L-?~D!vCy8_;)2d*s>$=KOp?d*6LfAgK4#cCl5TixlR1H zc8H&n@Lyq!WuGqU4?4vEQ^`MQHSZ+;Jqd5+cR!Hu*80ENAv}n7 z6AsOL{*Os`Yd$kN{w)uwZ)SJXxeoD9bO`@&hw$I&5dK_;@IUJi&Z9xuuI8;=f7T&> zAfVzmZ{&Tugtx+BzmDI0-d0+NHy@?4q{Gd&87n%=4ISQmn$edeyj3px3c`s$W;4}Y zI-iRYzqOt}*7-Ldjd0^-s=dwUXzY>j)_jg5ystIb`f!K%pF}w8X|{4TW8t$BKWH_d zGxntp`TS=czxhm^|I;CUFGS3C^lF!c2V1t%ev1xoKHBKr2&c}_d~G27O0?_9dSAn* zk4rucLGto@9m3B`c+hG-#q6s(y!n`yA0eFOHuH;D5l%S2@QA7phPhlJC>-tJa9fA) zcStytklR)IaqvH0zplfZcVgz*%p70ud{D(RTSR|R!c~~}_rG)q=XqMpClXe%zpE3y z0Y%AS~b8A-Cv-w1!&*<>x6VSeZ zaD($YYq@==L-@-G@AF2~&p(&^TR&Wmu3~-6)^fkD`|Eaux63Cg@mupb+97h#suSY_tT5gW7HWz5SR`PXwP8`J~Tyws!xi3Rr=8lx_ zNn>J}te0s{1no&LhmaLj+%EXyFfpweM z$*P3aFpb|(EZhVd!(Qi1A11Ld(cPT%buU#$$;)#qCtK3DTLJMpR!aR!^T$AoA;B@d zO0<}sm;-uYH75|bxkf{S5|yZJR_MZwCA}8jBeUbi|0+GP#!YpW=hccP5(`;{$a&tD zHG+a4aD=V<)OGYpm3hkYN^>WPPv$I!Pjhv>v&fz)+SlQ$%E4G_%uZZO#6unpYr$E- ztDy(O!wn1F;iEvG%;o%C6HHgyU^+Ivt>#;>snbG1AWuWdq)X`3*V<@7fVNyMuQax@ z*-HrnK)k)%x?8-S32s#7SKRP~#7?6LCySMrgJ;tKJ-SKHenlq%Bx$!W3cJpz5m1AB zl6ZXrrl3&pRma%i-fr5v07C;F7%H-Ixd3~@I#Rf`-oNH#G&7CDHwZ4M7S{(g0$1Vw z5NSSy_cZxSNAByK2;Rbko0Xjz#7Y(^9Q>3;ocx00rU zxMreQo~t&siGDjxF`Im5SjCPj{jlzio0Z6paj&tWd!<%w<*S;Iag~d>DT+HQI^66n zP;KmI-OFuupXlKDM^qCb$8~_hq5~wCFvAFm1DyG{aYjARJ8iK1dob{ql?C5H#e zZ|phM0bCkL /proc/sys/net/ipv4/ip_forward -#route add default dev tun0 - -iptables -t mangle -N DIVERT -iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT -iptables -t mangle -A DIVERT -j MARK --set-mark 1 -iptables -t mangle -A DIVERT -j ACCEPT - -ip rule add fwmark 1 lookup 100 -#ip route add local 0.0.0.0/0 dev tun0 table 100 -ip route add local 0.0.0.0/0 dev lo table 100 - -#iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080 - ethtool -K p7p1 lro off ethtool -K p7p1 tso off @@ -28,3 +15,18 @@ ethtool -K em2 lro off ethtool -K em2 tso off ethtool -K em2 gro off +ip tuntap add dev tun0 mode tun multi_queue +ifconfig tun0 up +route add default dev tun0 + +iptables -F -t mangle +iptables -t mangle -N DIVERT +iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT +iptables -t mangle -A DIVERT -j MARK --set-mark 1 +iptables -t mangle -A DIVERT -j ACCEPT + +ip rule add fwmark 1 lookup 100 +#ip route add local 0.0.0.0/0 dev tun0 table 100 +ip route add local 0.0.0.0/0 dev lo table 100 + +iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080 diff --git a/kni.c b/kni.c index ff03f50..6f53c3b 100644 --- a/kni.c +++ b/kni.c @@ -28,15 +28,19 @@ #include "MESA_htable.h" #include "MESA_list_queue.h" #include "Maat_rule.h" +#include "field_stat2.h" #include "kni.h" -int g_kni_version_VERSION_20180620; + +int g_kni_version_VERSION_20180710; struct kni_var_comm g_kni_comminfo; struct kni_var_struct g_kni_structinfo; struct kni_var_maat g_kni_maatinfo; +struct kni_fs2_info g_kni_fs2_info; -int g_kni_fds[2]; +int g_kni_threadseq[KNI_MAX_THREADNUM]; +const char *g_kni_fs2_name[FS2_COLUMN_NUM] ={"RECV_PKTS","FWD_PKTS","DROP_PKTS","WRITE_PKTS","READ_PKTS","SEND_PKTS"}; extern int g_iThreadNum; @@ -52,16 +56,10 @@ return: *********************************************************************************************************************/ int kni_debug_info_v4(char* module,int state_flag,struct ip* a_packet) { - -// return 0; - - struct timeval cur_time; - int iplen=ntohs(a_packet->ip_len); struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(a_packet->ip_hl)); unsigned int seq=ntohl(tcphdr->seq); - unsigned int ack=ntohl(tcphdr->ack_seq); unsigned short sport=0; unsigned short dport=0; @@ -73,14 +71,77 @@ int kni_debug_info_v4(char* module,int state_flag,struct ip* a_packet) inet_ntop(AF_INET, (void *)&((a_packet->ip_src).s_addr), saddr_v4, INET_ADDRSTRLEN); inet_ntop(AF_INET, (void *)&((a_packet->ip_dst).s_addr), daddr_v4, INET_ADDRSTRLEN); - gettimeofday(&cur_time,NULL); - - MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_DEBUG,module,"addr:%s,%d,%s,%d,state_flag:%d,ip_len:%d,seq:%u,ack:%u,tv_sec:%lu,tv_usec:%lu",saddr_v4,sport,daddr_v4,dport,state_flag,iplen,seq,ack,cur_time.tv_sec,cur_time.tv_usec); + MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_DEBUG,module,"addr:%s,%d,%s,%d,state_flag:%d,ip_len:%d,seq:%u",saddr_v4,sport,daddr_v4,dport,state_flag,iplen,seq); return 0; } +/* +int kni_filestate2_init() +{ + int i=0; + int j=0; + int value=1; + unsigned int fs2_sport; + char fs2_filename[KNI_MAX_BUFLEN]={0}; + char fs2_sip[KNI_MAX_BUFLEN]={0}; + + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_filename",fs2_filename,KNI_MAX_BUFLEN,(char*)"./log/kni_fs2.log"); + MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_sip",fs2_sip,KNI_MAX_BUFLEN,(char*)"10.127.208.15"); + MESA_load_profile_uint_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"filestat2_sport",(unsigned int*)&fs2_sport,8125); + + g_kni_fs2_info.handler=FS_create_handle(); + + FS_set_para(g_kni_comminfo.fs2_handler, OUTPUT_DEVICE,fs2_filename, strlen(fs2_filename)+1); + FS_set_para(g_kni_comminfo.fs2_handler, PRINT_MODE, &value, sizeof(value)); + FS_set_para(g_kni_comminfo.fs2_handler, STAT_CYCLE, &value, sizeof(value)); + FS_set_para(g_kni_comminfo.fs2_handler, CREATE_THREAD, &value, sizeof(value)); + FS_set_para(g_kni_comminfo.fs2_handler, APP_NAME, STEWARD_FS2_APPNAME, strlen(STEWARD_FS2_APPNAME)+1); + FS_set_para(g_kni_comminfo.fs2_handler, STATS_SERVER_IP, fs2_sip, strlen(fs2_sip)+1); + FS_set_para(g_kni_comminfo.fs2_handler, STATS_SERVER_PORT,&fs2_sport,sizeof(int)); + + for(i=0;iwin; - unsigned short win_scale=datainfo->wnscal[1]; - unsigned short ipid=random()%65535; +// unsigned short ipid=random()%65535; struct ip* iphdr=(struct ip*)a_packet; struct tcphdr* tcphdr=(struct tcphdr*)((char*)iphdr+4*(iphdr->ip_hl)); + struct kni_wndpro_reply_info* tcpinfo=&(datainfo->lastpkt_info[index]); struct ip* snd_iphdr=NULL; struct tcphdr* snd_tcphdr=NULL; @@ -482,12 +582,20 @@ int kni_keepalive_replay(struct stream_tuple4_v4* ipv4_addr,int iprever_flag,str (snd_iphdr->ip_src).s_addr=(iphdr->ip_dst).s_addr; (snd_iphdr->ip_dst).s_addr=(iphdr->ip_src).s_addr; - snd_iphdr->ip_id=htons(datainfo->ipid[index]+1); -// snd_iphdr->ip_ttl=datainfo->ttl[index]; +// snd_iphdr->ip_id=ipid; +// snd_iphdr->ip_id=htons(datainfo->lastpkt_info[index].ipid+1); +// snd_iphdr->ip_ttl=datainfo->lastpkt_info[index].ttl; + snd_tcphdr->source=tcphdr->dest; snd_tcphdr->dest=tcphdr->source; - snd_tcphdr->seq=htonl(datainfo->seq[index]+datainfo->len[index]); - snd_tcphdr->ack_seq=htonl(datainfo->ack[index]); + snd_tcphdr->seq=htonl(tcpinfo->seq+tcpinfo->len); + snd_tcphdr->ack_seq=htonl(tcpinfo->ack); + + + if(tcpinfo->syn_flag==1) + { + snd_tcphdr->seq=htonl(ntohl(snd_tcphdr->seq)+1); + } /* if(iprever_flag==0) { @@ -498,16 +606,15 @@ int kni_keepalive_replay(struct stream_tuple4_v4* ipv4_addr,int iprever_flag,str sendpacket_do_checksum((unsigned char*)sendbuf,IPPROTO_TCP,(iplen-4*(iphdr->ip_hl))); sendpacket_do_checksum((unsigned char*)sendbuf,IPPROTO_IP,sizeof(struct ip)); - tun_write_data(g_kni_comminfo.fd_tun[thread_seq],sendbuf,iplen,ipv4_addr); + tun_write_data(g_kni_comminfo.fd_tun[thread_seq],sendbuf,iplen,NULL); - kni_debug_info_v4((char*)"recv_keepalive_request",STAT_FLAG_SSL_NOBMD,(struct ip*)a_packet); - kni_debug_info_v4((char*)"send_keepalive_replay",STAT_FLAG_SSL_NOBMD,(struct ip*)sendbuf); + kni_debug_info_v4((char*)"recv_keepalive_request",5,(struct ip*)a_packet); + kni_debug_info_v4((char*)"send_keepalive_replay",5,(struct ip*)sendbuf); free(sendbuf); sendbuf=NULL; - - datainfo->pro_reply[iprever_flag]=1; + datainfo->wndpro_flag[index]=1; return 1; @@ -521,74 +628,76 @@ long kni_readtun_htable_cb_v4(void* data,const unsigned char* key,unsigned int s long result=0; struct stream_tuple4_v4* ipv4_addr=(struct stream_tuple4_v4*)key; struct args_read_tun* args=(struct args_read_tun*)user_arg; -// struct datainfo_to_tun* ret_data=(struct datainfo_to_tun*)user_arg; - struct datainfo_to_tun* datainfo=(struct datainfo_to_tun*)data; + struct kni_htable_datainfo* datainfo=(struct kni_htable_datainfo*)data; if(datainfo!=NULL) { -// memcpy(ret_data,datainfo,sizeof(struct datainfo_to_tun)); memcpy(args->smac,datainfo->smac,KNI_MACADDR_LEN); memcpy(args->dmac,datainfo->dmac,KNI_MACADDR_LEN); - - if(datainfo->pro_reply[args->iprevers]>0) + if(datainfo->wndpro_flag[1-args->iprevers]>0) { result=1; } else { kni_keepalive_replay(ipv4_addr,args->iprevers,datainfo,args->a_packet,args->iplen,args->thread_seq); - result=0; + result=1; } } -/* -#ifdef KNI_DEBUG_SWITCH - else if(ipv4_addr->saddr==1698867392) - { - printf("sip is 192.168.66.101\n"); - ret_data->route_dir=0; - ret_data->smac[0]=0x18; - ret_data->smac[1]=0x66; - ret_data->smac[2]=0xda; - ret_data->smac[3]=0xe5; - ret_data->smac[4]=0xfa; - ret_data->smac[5]=0xa1; - - ret_data->dmac[0]=0xe8; - ret_data->dmac[1]=0x61; - ret_data->dmac[2]=0x1f; - ret_data->dmac[3]=0x13; - ret_data->dmac[4]=0x70; - ret_data->dmac[5]=0x7a; - result=0; - } -#endif -*/ return result; } +int init_domain_fd() +{ + + int i_fd = 0; + struct sockaddr_un addr; + char serverpath[32] = "/home/server_unixsocket_file"; + int i_addr_len = sizeof( struct sockaddr_un ); + + if ( ( i_fd = socket( AF_UNIX, SOCK_STREAM, 0 ) ) < 0 ) +// if ( ( i_fd = socket( AF_UNIX, SOCK_DGRAM, 0 ) ) < 0 ) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():socket error,errno is %d,action:%s",errno,KNI_ACTION_EXIT); + return -1; + } + + //fill socket adress structure with server's address + memset( &addr, 0, sizeof( addr ) ); + addr.sun_family = AF_UNIX; + strncpy( addr.sun_path, serverpath, sizeof( addr.sun_path ) - 1 ); + + if ( connect( i_fd, ( struct sockaddr * )&addr, i_addr_len ) < 0 ) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():connect error,errno is %d,action:%s",errno,KNI_ACTION_EXIT); + return -1; + } + + return i_fd; +} + + int kni_process_readdata(int thread_seq,int buflen,char* buf) { - int ret; int iprever_flag=0; long result=0; -// struct datainfo_to_tun datainfo; - struct args_read_tun args; struct ip* iphdr=(struct ip*)buf; struct stream_tuple4_v4 ipv4_addr; - struct stream_tuple4_v6 ipv6_addr; + + struct args_read_tun args; if(iphdr->ip_v==4) { iprever_flag=kni_get_ipaddr_v4((void*)buf,&ipv4_addr); - kni_debug_info_v4((char*)KNI_MODULE_READTUN,STAT_FLAG_SSL_NOBMD,(struct ip*)buf); + kni_debug_info_v4((char*)KNI_MODULE_READTUN,KNI_FLAG_SSL,(struct ip*)buf); args.a_packet=buf; args.iplen=buflen; @@ -598,15 +707,11 @@ int kni_process_readdata(int thread_seq,int buflen,char* buf) MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),kni_readtun_htable_cb_v4,(void*)&args,&result); if(result==1) { + kni_sendpkt_eth(thread_seq,buflen,buf,&ipv4_addr,iprever_flag,args.smac,args.dmac); } } - else - { - iprever_flag=kni_get_ipaddr_v6((void*)buf,&ipv6_addr); - } - return 0; @@ -620,26 +725,111 @@ return: *********************************************************************************************************************/ void* kni_read_tun(void* arg) { - int i=0; + int thread_seq=*(int*)arg; + int recv_len=0; char recv_buf[KNI_MAX_BUFLEN] = {0}; while(1) { - for(i=0;itstamp_ok = 0; - st->sack_ok = 0; - st->wscale_ok = 0; - st->ecn_ok = 0; -// st->snd_wscale = 0; -// st->rcv_wscale = 0; - st->snd_wscale = 128; - st->rcv_wscale = 128; - - st->snd_wnd = 0x1000; - st->rcv_wnd = 0x1000; - st->inet_ttl=-1; - //make sure you set snd_una = seq (TODO: fix this in module) - - return st; -} - -/******************************************************************************************************************** -name: -function: -return: -*********************************************************************************************************************/ -int fs_set_state(int sock, struct tcp_state *st) -{ - struct sockaddr_in sin; - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = st->src_ip; - sin.sin_port = st->sport; - - st->snd_una = st->seq; - - - int value = 1; - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &value, sizeof(value)) < 0) { - perror("setsockopt SO_REUSEADDR"); - return -1; - } - - if (setsockopt(sock, SOL_IP, IP_TRANSPARENT, &value, sizeof(value)) < 0) { - perror("setsockopt IP_TRANSPARENT"); - return -1; - } - - if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) { - perror("bind"); - return -1; - } - - if (setsockopt(sock, IPPROTO_TCP, TCP_STATE, st, sizeof(struct tcp_state)) < 0) { - perror("setsockopt TCP_STATE"); - return -1; - } - - return 0; -} - - - -//default:a_packet is c2s; -/******************************************************************************************************************** -name: -function: -return: -*********************************************************************************************************************/ -int fs_get_modify_state(struct tcp_state* fake_client,struct tcp_state* fake_server,void* a_packet,unsigned int mss) +int tcprepair_get_state(struct kni_tcp_state* fake_client,struct kni_tcp_state* fake_server,void* a_packet,struct kni_pme_info* pmeinfo) { struct ip* iphdr=(struct ip*)a_packet; @@ -740,10 +852,9 @@ int fs_get_modify_state(struct tcp_state* fake_client,struct tcp_state* fake_ser fake_client->dport =tcphdr->dest; fake_client->seq=ntohl(tcphdr->seq); fake_client->ack=ntohl(tcphdr->ack_seq); - fake_client->snd_una = fake_client->seq; - fake_client->snd_wnd = 0x1000; - fake_client->rcv_wnd = 0x1000; - fake_client->mss_clamp=mss; + fake_client->mss_src=pmeinfo->mss[KNI_DIR_C2S]; + fake_client->wscale_src=pmeinfo->wnscal[KNI_DIR_C2S]; + fake_client->wscale_dst=pmeinfo->wnscal[KNI_DIR_S2C]; fake_server->src_ip=(iphdr->ip_dst).s_addr; fake_server->sport=tcphdr->dest; @@ -751,155 +862,15 @@ int fs_get_modify_state(struct tcp_state* fake_client,struct tcp_state* fake_ser fake_server->dport =tcphdr->source; fake_server->seq=ntohl(tcphdr->ack_seq); fake_server->ack=ntohl(tcphdr->seq); - fake_server->snd_una = fake_server->seq; - fake_server->snd_wnd = 0x1000; - fake_server->rcv_wnd = 0x1000; - fake_server->mss_clamp=mss; + fake_server->mss_src=pmeinfo->mss[KNI_DIR_S2C]; + fake_server->wscale_src=pmeinfo->wnscal[KNI_DIR_S2C]; + fake_server->wscale_dst=pmeinfo->wnscal[KNI_DIR_C2S]; return 0; } -/******************************************************************************************************************** -name:kni_process_fs() -function: -return: - 0:succ - -1:error -*********************************************************************************************************************/ -int kni_process_fs(void* a_packet,unsigned int mss) -{ - int fds[2]={0}; - - fds[KNI_FDS_INDEX_CLIENT]=socket(AF_INET, SOCK_FORGE, 0); - fds[KNI_FDS_INDEX_SERVER]=socket(AF_INET, SOCK_FORGE, 0); - if (fds[KNI_FDS_INDEX_CLIENT] < 0 || fds[KNI_FDS_INDEX_SERVER]< 0) - { - perror("SOCK_FORGE socket"); - fprintf(stderr, "(Did you insmod forge_socket.ko?)\n"); - return -1; - } - - struct tcp_state* fake_client=fs_get_default_state(); - struct tcp_state* fake_server=fs_get_default_state(); - - fs_get_modify_state(fake_client,fake_server,a_packet,mss); - - fs_set_state(fds[KNI_FDS_INDEX_CLIENT],fake_server); - fs_set_state(fds[KNI_FDS_INDEX_SERVER],fake_client); - - kni_send_fds(g_kni_comminfo.fd_domain,fds,2); - - -// kni_debug_info_v4((char*)KNI_MODULE_SENDFD,STAT_FLAG_SSL_NOBMD,(struct ip*)a_packet); - close(fds[KNI_FDS_INDEX_CLIENT]); - close(fds[KNI_FDS_INDEX_SERVER]); - - return 0; - -} - -int tcprepair_set_state_bak(int sk,struct kni_state_info* tcp) -{ - int val,yes=1, onr = 0; - int src=KNI_INDEX_SRC; - int dst=KNI_INDEX_DST; - struct tcp_repair_opt opts[KNI_TCPREPAIR_OPT_NUM]; - struct sockaddr_in addr; - - if (setsockopt(sk, SOL_TCP, TCP_REPAIR, &yes, sizeof(yes))==-1) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR error"); - return -1; - } - - if (setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() SO_REUSEADDR error"); - return -1; - } - - /* ============= Restore TCP properties ==================*/ - val = TCP_SEND_QUEUE; - if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_SEND_QUEUE error"); - return -1; - } - - val = tcp[src].seq; - if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error"); - return -1; - } - - val = TCP_RECV_QUEUE; - if (setsockopt(sk, SOL_TCP, TCP_REPAIR_QUEUE, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_QUEUE,TCP_RECV_QUEUE error"); - return -1; - } - - val = tcp[dst].seq; - if (setsockopt(sk, SOL_TCP, TCP_QUEUE_SEQ, &val, sizeof(val))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error"); - return -1; - } - - /* ============= Bind and connect ================ */ - memset(&addr,0,sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_port = htons(tcp[src].port); - if (inet_pton(AF_INET, tcp[src].addr, &(addr.sin_addr)) < 0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error"); - return -1; - } - - if (bind(sk, (struct sockaddr *) &addr, sizeof(addr))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error"); - return -1; - } - - memset(&addr,0,sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_port = htons(tcp[dst].port); - if (inet_pton(AF_INET, tcp[dst].addr, &(addr.sin_addr)) < 0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error"); - return -1; - } - - if (connect(sk, (struct sockaddr *) &addr, sizeof(addr))) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error"); - return -1; - } - - opts[onr].opt_code = TCPOPT_WINDOW; - opts[onr].opt_val = tcp[src].wscale + (tcp[dst].wscale << 16); - onr++; - - opts[onr].opt_code = TCPOPT_MAXSEG; - opts[onr].opt_val = tcp[src].mss_clamp; - onr++; - - if (setsockopt(sk, SOL_TCP, TCP_REPAIR_OPTIONS,opts, onr * sizeof(struct tcp_repair_opt)) < 0) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_QUEUE_SEQ error"); - return -1; - } - - return 0; - - -} - - -int tcprepair_set_state(int sk,struct kni_tcp_state* tcp,struct tcp_repair_window win) +int tcprepair_set_state(int sk,struct kni_tcp_state* tcp) { int val,yes=1, onr = 0; struct tcp_repair_opt opts[KNI_TCPREPAIR_OPT_NUM]; @@ -954,37 +925,27 @@ int tcprepair_set_state(int sk,struct kni_tcp_state* tcp,struct tcp_repair_windo return -1; } - -/* if (setsockopt(sk, SOL_TCP, TCP_REPAIR_WINDOW, &win, sizeof(win))) +/* + struct tcp_repair_window win; + + win.snd_wl1=tcp->seq; + win.snd_wnd=tcp->wnscale[KNI_DIR_C2S]<wnscale[KNI_DIR_S2C]; + win.max_window=win.snd_wnd; + win.rcv_wnd=win.snd_wnd; + win.rcv_wup=win.snd_wl1; + + if (setsockopt(sk, SOL_TCP, TCP_REPAIR_WINDOW, &win, sizeof(win))) { MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","setsockopt() TCP_REPAIR_WINDOW error,errno:%d",errno); return -1; } - -//test - -// MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","snd_wl1:%u,snd_wnd:%u,max_wnd:%u,rcv_wnd:%u,rcv_wup:%u",win.snd_wl1,win.snd_wnd,win.max_window,win.rcv_wnd,win.rcv_wup); - - struct tcp_repair_window win_tmp; - socklen_t opt_len=sizeof(win_tmp); - - if (getsockopt(sk, SOL_TCP, TCP_REPAIR_WINDOW, &win_tmp,&opt_len)) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","getsockopt() TCP_REPAIR_WINDOW error,errno:%d",errno); - return -1; - } - - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","snd_wl1:%u,snd_wnd:%u,max_wnd:%u,rcv_wnd:%u,rcv_wup:%u",win_tmp.snd_wl1,win_tmp.snd_wnd,win_tmp.max_window,win_tmp.rcv_wnd,win_tmp.rcv_wup); - -//end -*/ + */ /* ============= Bind and connect ================ */ memset(&addr,0,sizeof(addr)); addr.sin_family = AF_INET; addr.sin_port = tcp->sport; addr.sin_addr.s_addr=tcp->src_ip; -// addr.sin_addr.s_addr= g_kni_comminfo.local_ip; if (bind(sk, (struct sockaddr *) &addr, sizeof(addr))) { @@ -1030,43 +991,9 @@ int tcprepair_set_state(int sk,struct kni_tcp_state* tcp,struct tcp_repair_windo } -int tcprepair_get_state(struct kni_tcp_state* fake_client,struct kni_tcp_state* fake_server,void* a_packet,unsigned short* mss,unsigned short* wnscale,unsigned short win) - { - - struct ip* iphdr=(struct ip*)a_packet; - struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl)); - - fake_client->src_ip=(iphdr->ip_src).s_addr; - fake_client->sport=tcphdr->source; - fake_client->dst_ip=(iphdr->ip_dst).s_addr; - fake_client->dport =tcphdr->dest; - fake_client->seq=ntohl(tcphdr->seq); - fake_client->ack=ntohl(tcphdr->ack_seq); -// fake_client->win=ntohs(tcphdr->window); - fake_client->win=win; - fake_client->mss_src=mss[KNI_INDEX_SRC]; - fake_client->mss_dst=mss[KNI_INDEX_DST]; - fake_client->wscale_src=wnscale[KNI_INDEX_SRC]; - fake_client->wscale_dst=wnscale[KNI_INDEX_DST]; - - fake_server->src_ip=(iphdr->ip_dst).s_addr; - fake_server->sport=tcphdr->dest; - fake_server->dst_ip=(iphdr->ip_src).s_addr; - fake_server->dport =tcphdr->source; - fake_server->seq=ntohl(tcphdr->ack_seq); - fake_server->ack=ntohl(tcphdr->seq); - fake_server->win=ntohs(tcphdr->window); - fake_server->mss_src=mss[KNI_INDEX_DST]; - fake_server->mss_dst=mss[KNI_INDEX_SRC]; - fake_server->wscale_src=wnscale[KNI_INDEX_DST]; - fake_server->wscale_dst=wnscale[KNI_INDEX_SRC]; - - return 0; - } - - -int kni_process_tcprepair(void* a_packet,unsigned short* mss,unsigned short* wnscale,unsigned short win) +int tcp_repair_process(const struct streaminfo* pstream,const struct ip* a_packet,struct kni_pme_info* pmeinfo,int protocol) { + int ret=0; int fds[2]; int fd_client,fd_server; struct kni_tcp_state fake_client; @@ -1074,9 +1001,7 @@ int kni_process_tcprepair(void* a_packet,unsigned short* mss,unsigned short* wns struct ip* iphdr=(struct ip*)a_packet; struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl)); - int tcplen=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->doff; - struct tcp_repair_window fclient_win; - struct tcp_repair_window fserver_win; +// int tcplen=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->doff; fd_client = socket(AF_INET, SOCK_STREAM, 0); fd_server = socket(AF_INET, SOCK_STREAM, 0); @@ -1086,38 +1011,28 @@ int kni_process_tcprepair(void* a_packet,unsigned short* mss,unsigned short* wns return -1; } - tcprepair_get_state(&fake_client,&fake_server,a_packet,mss,wnscale,win); + tcprepair_get_state(&fake_client,&fake_server,(void*)a_packet,pmeinfo); - fserver_win.snd_wl1=ntohl(tcphdr->seq); - fserver_win.snd_wnd=ntohs(tcphdr->window)<seq); - - fclient_win.snd_wl1=ntohl(tcphdr->ack_seq)-1; - fclient_win.snd_wnd=win; - fclient_win.max_window=fclient_win.snd_wnd; - fclient_win.rcv_wnd=ntohs(tcphdr->window)<ack_seq); + ret=tcprepair_set_state(fd_client,&fake_server); + if(ret<0) + { + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"tcprepair_set_state","fd_client tcprepair_set_state() error,dropme and fwdpkt"); + return -1; + } -/* -//c has get - fclient_win.snd_wl1=ntohl(tcphdr->ack_seq); - fclient_win.snd_wnd=ntohs(tcphdr->window)<0) { - state_flag=STAT_FLAG_SNIBMD; + state_flag=KNI_FLAG_SNIBMD; } return state_flag; @@ -1156,10 +1071,11 @@ return :state_flag ssl:STAT_FLAG_SSL_NOBMD not ssl:STAT_FLAG_NOTSSL ***************************************************************************************/ -int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len) +/* +int kni_judge_ssl_bak(char* tcp_data,int tcp_datalen,char* sni,int* sni_len) { -// int state_flag=STAT_FLAG_NONE; - return STAT_FLAG_SSL_NOBMD; +// int state_flag=KNI_FLAG_SSL_HALF; +// return STAT_FLAG_SSL_NOBMD; int ssl_header_len=0; @@ -1291,75 +1207,91 @@ int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len) return STAT_FLAG_NOTSSL; } - +*/ /*************************************************************************************** return :state_flag ipbmd:STAT_FLAG_IPBMD not ipbmd:STAT_FLAG_NONE ***************************************************************************************/ -int kni_judge_ipbmd(struct ipaddr* addr,int thread_seq) +int kni_judge_ipbmd(struct ipaddr* addr,int thread_seq,int protocol) { - int state_flag=STAT_FLAG_NONE; + int state_flag=KNI_FLAG_UNKNOW; int ipscan_num=0; scan_status_t mid=NULL; struct Maat_rule_t maat_result[KNI_MAX_CFGNUM]; - ipscan_num=Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ipbmd,addr,PROTO_TYPE_TCP,maat_result,KNI_MAX_CFGNUM,&mid,thread_seq); + ipscan_num=Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ipbmd,addr,protocol,maat_result,KNI_MAX_CFGNUM,&mid,thread_seq); Maat_clean_status(&mid); if(ipscan_num>0) { - state_flag=STAT_FLAG_IPBMD; + state_flag=KNI_FLAG_IPBMD; } return state_flag; } -int kni_get_mss(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len,unsigned short* mss,unsigned char* winscale) +int kni_get_tcpinfo(struct kni_wndpro_reply_info* lastpkt_info,struct kni_tcp_hdr* tcphdr,int tcplen,struct ip* ip_hdr) { -// unsigned short mss=KNI_DEFAULT_MSS; + lastpkt_info->seq=ntohl(tcphdr->th_seq); + lastpkt_info->ack=ntohl(tcphdr->th_ack); + lastpkt_info->ipid=ntohs(ip_hdr->ip_id); + lastpkt_info->ttl=ip_hdr->ip_ttl; + lastpkt_info->len=tcplen; + lastpkt_info->wndsize=ntohs(tcphdr->th_win); + + if(tcphdr->th_flags&TH_SYN) + { + lastpkt_info->syn_flag=1; + } + + return 0; +} + +int kni_get_tcpopt(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len,unsigned short* mss,unsigned char* winscale) +{ + *mss=KNI_DEFAULT_MSS; *winscale=KNI_DEFAULT_WINSCLE; -// return 0; int remain_len=tcp_hdr_len; - struct kni_tcp_opt* tcp_opt=NULL; + struct kni_tcp_opt_format* tcp_opt=NULL; if((tcp_hdr_len<=20)||(tcp_hdr_len>64)) { return 0; } - tcp_opt=(struct kni_tcp_opt*)((char*)tcphdr+TCPHDR_DEFAULT_LEN); + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcphdr+TCPHDR_DEFAULT_LEN); remain_len-=TCPHDR_DEFAULT_LEN; while(remain_len) { - if(tcp_opt->type==2) //MSS + if(tcp_opt->type==KNI_TCPOPT_MSS) //MSS { remain_len-=tcp_opt->len; *mss=htons(*(unsigned short*)(tcp_opt->content)); - tcp_opt=(struct kni_tcp_opt*)((char*)tcp_opt+tcp_opt->len); + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); } - else if(tcp_opt->type==3) //winscale + else if(tcp_opt->type==KNI_TCPOPT_WINSCALE) //winscale { remain_len-=tcp_opt->len; *winscale=*(unsigned char*)(tcp_opt->content); - tcp_opt=(struct kni_tcp_opt*)((char*)tcp_opt+tcp_opt->len); + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); } else if((tcp_opt->type==0)||(tcp_opt->type==1)) { remain_len-=1; - tcp_opt=(struct kni_tcp_opt*)((char*)tcp_opt+1); + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+1); } else { remain_len-=tcp_opt->len; - tcp_opt=(struct kni_tcp_opt*)((char*)tcp_opt+tcp_opt->len); + tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len); } } @@ -1368,137 +1300,419 @@ int kni_get_mss(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len,unsigned short* mss,u } - -long kni_state_htable_cb_v4(void* data,const unsigned char* key,unsigned int size,void* user_arg) +int kni_get_data(const struct streaminfo* pstream,char* data,int* datalen) { - long state_flag=STAT_FLAG_NONE; - - int iprevers; - - int sni_len=0; - char sni[KNI_MAX_BUFLEN]={0}; - - struct ipaddr addr_ipbmd; - - struct datainfo_to_tun* datainfo=(struct datainfo_to_tun*)data; - struct args_to_tun* arg=(struct args_to_tun*)user_arg; - - - struct ip* iphdr=(struct ip*)(arg->a_packet); - struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)iphdr+4*(iphdr->ip_hl)); - struct layer_addr_mac* mac_addr=(struct layer_addr_mac*)((char*)iphdr-KNI_ETHER_LEN); - -// if((datainfo==NULL)&&(tcphdr->th_flags&TH_SYN)&&!(tcphdr->th_flags&TH_ACK)) - if(datainfo==NULL) + if(pstream->type==STREAM_TYPE_TCP) { - datainfo=(struct datainfo_to_tun*)malloc(sizeof(struct datainfo_to_tun)); - memset(datainfo,0,sizeof(struct datainfo_to_tun)); - datainfo->route_dir=arg->routdir; + data=(char*)(pstream->ptcpdetail->pdata); + *datalen=pstream->ptcpdetail->datalen; + } + else if(pstream->type==STREAM_TYPE_UDP) + { + data=(char*)(pstream->pudpdetail->pdata); + *datalen=pstream->pudpdetail->datalen; + } + else + { + data=NULL; + *datalen=0; + } + + return 0; + + +} + +int kni_htable_add(const struct streaminfo* pstream,const struct ip* ip_hdr,struct kni_pme_info* pmeinfo) +{ + int iprevers=0; + struct stream_tuple4_v4 ipv4_addr; + struct layer_addr_mac* mac_addr=(struct layer_addr_mac*)((char*)ip_hdr-KNI_ETHER_LEN); + struct kni_htable_datainfo* datainfo=(struct kni_htable_datainfo*)malloc(sizeof(struct kni_htable_datainfo)); + memset(datainfo,0,sizeof(struct kni_htable_datainfo)); + + iprevers=kni_get_ipaddr_v4((void*)ip_hdr,&ipv4_addr); + +//send pkt info + if(iprevers==0) + { + datainfo->route_dir=pstream->routedir; + memcpy(datainfo->smac,mac_addr->src_mac,MAC_ADDR_LEN); + memcpy(datainfo->dmac,mac_addr->dst_mac,MAC_ADDR_LEN); + } + else + { + datainfo->route_dir=MESA_dir_reverse(pstream->routedir); + memcpy(datainfo->smac,mac_addr->dst_mac,MAC_ADDR_LEN); + memcpy(datainfo->dmac,mac_addr->src_mac,MAC_ADDR_LEN); + } + +//send wnd_pro_reply info + memcpy(datainfo->wnscal,pmeinfo->wnscal,KNI_DIR_DOUBLE*sizeof(unsigned char)); + memcpy(datainfo->mss,pmeinfo->mss,KNI_DIR_DOUBLE*sizeof(unsigned short)); + memcpy(&(datainfo->lastpkt_info),&(pmeinfo->lastpkt_info),KNI_DIR_DOUBLE*sizeof(struct kni_wndpro_reply_info)); + + MESA_htable_add(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),(void*)datainfo); + + return 0; +} + + + + + +/*************************************************************************************** +return :state_flag +ssl:STAT_FLAG_SSL_NOBMD +not ssl:STAT_FLAG_NOTSSL +***************************************************************************************/ +int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len) +{ +// int state_flag=KNI_FLAG_SSL_HALF; + return KNI_FLAG_SSL; + + + int ssl_header_len=0; + char* ssl_header=NULL; + unsigned char content_type=0; + unsigned short version_in_header=0; + unsigned short len_in_header=0; + + + int ssl_body_len=0; + char* ssl_body=NULL; + unsigned char handshark_type=0; + unsigned int len_in_body=0; + unsigned short version_in_body=0; + unsigned char session_id_len=0; + unsigned short ciphersuite_len=0; + unsigned char compression_method_len=0; + + + int ssl_extention_len=0; + char* ssl_extention=NULL; + unsigned short extension_len_less=0; + unsigned short type_in_extension=0; + unsigned short len_in_extension=0; + +//ssl header + ssl_header=tcp_data; + + content_type=*(unsigned char*)&ssl_header[ssl_header_len]; + if(content_type!=SSL_CONTENTTYPE_HANDSHAKE) + { + return KNI_FLAG_SSL_HALF; + } + ssl_header_len+=1; + + version_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len])); + if((version_in_header!=SSL_VERSION_TLS1_0)&&(version_in_header!=SSL_VERSION_TLS1_1)&&(version_in_header!=SSL_VERSION_TLS1_2)) + { + return KNI_FLAG_SSL_HALF; + } + ssl_header_len+=2; + + len_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len])); + if(len_in_header!=tcp_datalen-SSL_HEADER_LEN) + { + return KNI_FLAG_SSL_HALF; + } + ssl_header_len+=2; + +//ssl body + ssl_body=ssl_header+ssl_header_len; + + handshark_type=*(unsigned char*)&(ssl_body[ssl_body_len]); + if(handshark_type!=SSL_HANDSHAR_TYPE_CLIENTHELLO) + { + return KNI_FLAG_SSL_HALF; + } + ssl_body_len+=1; + +// memcpy(&len_in_body,&ssl_body[ssl_body_len],3); + len_in_body=*(unsigned char*)&ssl_body[ssl_body_len+2]+256*(*(unsigned char*)&ssl_body[ssl_body_len+1])+65536*(*(unsigned char*)&ssl_body[ssl_body_len]); + if(len_in_body!=(len_in_header-SSL_BODY_LEN)) + { + return KNI_FLAG_SSL_HALF; + } + + ssl_body_len+=3; + + version_in_body=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len])); + if((version_in_body!=SSL_VERSION_TLS1_0)&&(version_in_body!=SSL_VERSION_TLS1_1)&&(version_in_body!=SSL_VERSION_TLS1_2)) + { + return KNI_FLAG_SSL_HALF; + } + ssl_body_len+=2; + + ssl_body_len+=32; //4byte time,28bytes random + + session_id_len=*(unsigned char*)&(ssl_body[ssl_body_len]); + ssl_body_len+=1; + ssl_body_len+=session_id_len; + + ciphersuite_len=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len])); + ssl_body_len+=2; + ssl_body_len+=ciphersuite_len; + + compression_method_len=*(unsigned char*)&(ssl_body[ssl_body_len]); + ssl_body_len+=1; + ssl_body_len+=compression_method_len; + +//ssl extention + ssl_extention=ssl_body+ssl_body_len; + + extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]); + if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2) + { + return KNI_FLAG_SSL_HALF; + } + ssl_extention_len+=2; + + while(ssl_extention_lenmss[0]=KNI_DEFAULT_MSS; - datainfo->mss[1]=KNI_DEFAULT_MSS; - datainfo->wnscal[0]=KNI_DEFAULT_WINSCLE; - datainfo->wnscal[1]=KNI_DEFAULT_WINSCLE; - -*/ - - memset(&addr_ipbmd,0,sizeof(struct ipaddr)); - addr_ipbmd.addrtype=ADDR_TYPE_IPV4; - addr_ipbmd.v4=(struct stream_tuple4_v4*)key; - - datainfo->state_flag=kni_judge_ipbmd(&addr_ipbmd,arg->thread_seq); - kni_get_mss(tcphdr,ntohs(iphdr->ip_len)-4*(iphdr->ip_hl)-arg->tcpdata_len,&(datainfo->mss[KNI_INDEX_SRC]),(unsigned char*)&(datainfo->wnscal[KNI_INDEX_SRC])); -//for sendpkt - if(arg->iprevers==0) + if(type_in_extension==SSL_EXTENSION_TYPE_SNI) { - memcpy(datainfo->smac,mac_addr->src_mac,MAC_ADDR_LEN); - memcpy(datainfo->dmac,mac_addr->dst_mac,MAC_ADDR_LEN); + if(len_in_extension>KNI_SNI_MAXLEN) + { + //error + return KNI_FLAG_SSL_HALF; + } + + memcpy(sni,&ssl_extention[ssl_extention_len],len_in_extension); + *sni_len=len_in_extension; + + return KNI_FLAG_SSL; } else { - memcpy(datainfo->smac,mac_addr->dst_mac,MAC_ADDR_LEN); - memcpy(datainfo->dmac,mac_addr->src_mac,MAC_ADDR_LEN); - } -//end - MESA_htable_add(g_kni_structinfo.htable_to_tun_v4, key,size,(void*)datainfo); + ssl_extention_len+=len_in_extension; - } - - if(datainfo==NULL) - { - return state_flag; - } - - datainfo->pktnum++; - - iprevers=arg->iprevers; - - if(datainfo->pro_reply[iprevers]==0) - { - datainfo->seq[iprevers]=ntohl(tcphdr->th_seq); - datainfo->ack[iprevers]=ntohl(tcphdr->th_ack); - datainfo->ipid[iprevers]=ntohs(iphdr->ip_id); - datainfo->ttl[iprevers]=iphdr->ip_ttl; - datainfo->len[iprevers]=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->th_off; - - if(tcphdr->th_flags&TH_SYN) - { - datainfo->len[iprevers]=1; - } - - } - - -// if((datainfo->state_flag==STAT_FLAG_NONE)&&(arg->iprevers==1)) - if((datainfo->state_flag==STAT_FLAG_NONE)&&(datainfo->pktnum==2)) - { - datainfo->win=ntohs(tcphdr->th_win); - kni_get_mss(tcphdr,ntohs(iphdr->ip_len)-4*(iphdr->ip_hl)-arg->tcpdata_len,&(datainfo->mss[KNI_INDEX_DST]),(unsigned char*)&(datainfo->wnscal[KNI_INDEX_DST])); - } - - /* - - if((datainfo->state_flag==STAT_FLAG_NONE)&&(tcphdr->th_flags&TH_SYN)&&(tcphdr->th_flags&TH_ACK)) - { - mss=kni_get_mss(tcphdr,ntohs(iphdr->ip_len)-4*(iphdr->ip_hl)-arg->tcpdata_len); - datainfo->mss=(datainfo->mssmss:mss; - } -*/ - -#ifdef KNI_DEBUG_SWITCH - return STAT_FLAG_SSL_NOBMD; -#endif - -//only process full stream pkt,star from syn,double dir; - if((datainfo->state_flag==STAT_FLAG_NONE)&&(arg->tcpdata_len>0)) - { - datainfo->state_flag=kni_judge_ssl(arg->tcpdata,arg->tcpdata_len,sni,&sni_len); - if(datainfo->state_flag==STAT_FLAG_SSL_NOBMD) - { - datainfo->state_flag=kni_judge_sni(sni,sni_len,arg->thread_seq); - if(datainfo->state_flag==STAT_FLAG_SSL_NOBMD) - { -// kni_process_fs(arg->a_packet,datainfo->mss); - kni_process_tcprepair(arg->a_packet,datainfo->mss,datainfo->wnscal,datainfo->win); - - } + continue; } } - - - return datainfo->state_flag; + + return KNI_FLAG_SSL_HALF; } +int kni_protocol_identify(const struct streaminfo* pstream,const struct ip* ip_hdr) +{ + int pro_flag=KNI_FLAG_NOTPROC; + + unsigned short sport=ntohs(pstream->addr.tuple4_v4->source); + unsigned short dport=ntohs(pstream->addr.tuple4_v4->dest); + + if((sport==80)||(dport==80)) + { + pro_flag=KNI_FLAG_HTTP; + } + else if((sport==443)||(dport==443)) + { + pro_flag=KNI_FLAG_SSL_HALF; + } + + + return pro_flag; +} + + +char kni_first_tcpdata(const struct streaminfo* pstream,const struct ip* ip_hdr,struct kni_pme_info* pmeinfo,char* data,int datalen) +{ + char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; + + int sni_len=0; + char sni[KNI_MAX_BUFLEN]={0}; + + pmeinfo->status_flag=kni_protocol_identify(pstream,ip_hdr); + + if(pmeinfo->status_flag==KNI_FLAG_SSL_HALF) + { + pmeinfo->status_flag=kni_judge_ssl(data,datalen,sni,&sni_len); //has kni:SSL_HALF;no kni:NOT_PROC + if(pmeinfo->status_flag==KNI_FLAG_SSL_HALF) + { + pmeinfo->status_flag=kni_judge_sni(sni,sni_len,pstream->threadnum); //SNI_BMD:NOT_PROC;or SSL + } + } + + if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL)) + { + + if(tcp_repair_process(pstream,ip_hdr,pmeinfo,pmeinfo->status_flag)<0) + { + return ret; + } + + kni_htable_add(pstream,ip_hdr,pmeinfo); + + ret=APP_STATE_DROPPKT|APP_STATE_GIVEME; + } + + return ret; + + +} + +char kni_pending_opstate(const struct streaminfo* pstream,void** pme,int thread_seq,const struct ip* ip_hdr,int protocol) +{ + char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; + + char* data=NULL; + int datalen=0; + + int ipscan_action=0; + int iplen=ntohs(ip_hdr->ip_len); + struct kni_pme_info* pmeinfo=NULL; + struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl)); + + ipscan_action=kni_judge_ipbmd((struct ipaddr*)&(pstream->addr),thread_seq,protocol); + if(ipscan_action==KNI_ACTION_IPBMD) + { + return ret; + } + + + pmeinfo=(struct kni_pme_info*)malloc(sizeof(struct kni_pme_info)); + memset(pmeinfo,0,sizeof(struct kni_pme_info)); + *pme=pmeinfo; + + pmeinfo->status_flag=KNI_FLAG_UNKNOW; +// pmeinfo->wndsize[pstream->curdir-1]=ntohs(tcphdr->th_win); +// if((tcphdr->th_flags&TH_SYN)&&!(tcphdr->th_flags&TH_ACK)) //get wndscale and mss from tcpopt only in syn and syn/ack + { + kni_get_data(pstream,data,&datalen); + kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1])); + + } + + kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr); + + if(datalen>0) + { + ret=kni_first_tcpdata(pstream,ip_hdr,pmeinfo,data,datalen); + if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL)) + { + ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ip_hdr,iplen,(struct streaminfo*)pstream); + } + } + else + { + ret=APP_STATE_FAWPKT|APP_STATE_GIVEME; + } + + return ret; + +} + + +char kni_data_opstate(const struct streaminfo* pstream,void** pme,int thread_seq,const struct ip* ip_hdr) +{ + char ret=APP_STATE_DROPPKT|APP_STATE_GIVEME; + + char* data=NULL; + int datalen=0; + + int iplen=ntohs(ip_hdr->ip_len); + struct kni_pme_info* pmeinfo=(struct kni_pme_info*)*pme; + struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl)); + + kni_get_data(pstream,data,&datalen); + + if(pmeinfo->status_flag==KNI_FLAG_UNKNOW) + { + if((tcphdr->th_flags&TH_SYN)&&(tcphdr->th_flags&TH_ACK)) + { + + kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1])); + } + + kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr); + + if(datalen>0) + { + ret=kni_first_tcpdata(pstream,ip_hdr,pmeinfo,data,datalen); + } + else + { + ret=APP_STATE_FAWPKT|APP_STATE_GIVEME; + } + } + + if((pmeinfo->status_flag==KNI_FLAG_HTTP)||(pmeinfo->status_flag==KNI_FLAG_SSL)) + { + ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ip_hdr,iplen,(struct streaminfo*)pstream); + } + + return ret; + +} + +char kni_close_opstate(const struct streaminfo* pstream,void** pme,int thread_seq,const struct ip* ip_hdr) +{ + + char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; + + if(ip_hdr==NULL) + { + return ret; + } + + ret=kni_data_opstate(pstream,pme,thread_seq,ip_hdr); + + return ret|APP_STATE_DROPME; +} + + +extern "C" char kni_tcpall_entry(const struct streaminfo* pstream,void** pme,int thread_seq,const void* ip_hdr) +{ + char ret=APP_STATE_FAWPKT|APP_STATE_DROPME; + if((g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS)||(pstream->addr.addrtype==ADDR_TYPE_IPV6)) + { + return ret; + } + + switch(pstream->pktstate) + { + case OP_STATE_PENDING: + ret=kni_pending_opstate(pstream,pme,thread_seq,(struct ip*)ip_hdr,PROTO_TYPE_TCP); + break; + + case OP_STATE_DATA: + ret=kni_data_opstate(pstream,pme,thread_seq,(struct ip*)ip_hdr); + break; + + case OP_STATE_CLOSE: + ret=kni_close_opstate(pstream,pme,thread_seq,(struct ip*)ip_hdr); + break; + + default: + break; + } + + if((ret&APP_STATE_DROPME)&&(*pme!=NULL)) + { + free(*pme); + *pme=NULL; + } + + + return ret; + +} + long kni_state_htable_cb_v6(void* data,const unsigned char* key,unsigned int size,void* user_arg) { struct ipaddr addr_ipbmd; -// struct stream_tuple4_v6* ipv4_addr=(struct stream_tuple4_v6*)key; - struct datainfo_to_tun* datainfo=(struct datainfo_to_tun*)data; struct args_to_tun* arg=(struct args_to_tun*)user_arg; + struct kni_ipv6_hdr* ipv6_hdr=(struct kni_ipv6_hdr*)(arg->a_packet); if(datainfo==NULL) { @@ -1510,7 +1724,7 @@ long kni_state_htable_cb_v6(void* data,const unsigned char* key,unsigned int siz addr_ipbmd.addrtype=ADDR_TYPE_IPV6; addr_ipbmd.v4=(struct stream_tuple4_v4*)key; - datainfo->state_flag=kni_judge_ipbmd(&addr_ipbmd,arg->thread_seq); + datainfo->state_flag=kni_judge_ipbmd(&addr_ipbmd,arg->thread_seq,ipv6_hdr->ip6_nex_hdr); } @@ -1518,89 +1732,8 @@ long kni_state_htable_cb_v6(void* data,const unsigned char* key,unsigned int siz } -int kni_recv_msg(int socket) -{ - struct msghdr msg = {0}; - struct cmsghdr *cmsg; - char buf[CMSG_SPACE(sizeof(int))], dup[256]; - memset(buf, 0, sizeof(buf)); - struct iovec io = { .iov_base = &dup, .iov_len = sizeof(dup) }; - - msg.msg_iov = &io; - msg.msg_iovlen = 1; - msg.msg_control = buf; - msg.msg_controllen = sizeof(buf); - - if (recvmsg (socket, &msg, 0) < 0) - { - printf("recvmsg() error,errno:%d\n",errno); - } - // handle_error ("Failed to receive message"); - - cmsg = CMSG_FIRSTHDR(&msg); - - return 0; -} - - -extern "C" int kni_ip_entry(struct streaminfo* f_stream,unsigned char routedir,int thread_seq,struct ip* a_packet) -{ - char ret=APP_STATE_FAWPKT; - -//ip/tcp info - int iplen=ntohs(a_packet->ip_len); - struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(a_packet->ip_hl)); - char* tcpdata=(char*)tcphdr+4*tcphdr->doff; - int tcplen=iplen-4*a_packet->ip_hl-4*tcphdr->doff; - - unsigned short sport=ntohs(tcphdr->source); - unsigned short dport=ntohs(tcphdr->dest); - if((sport!=80)&&(sport!=443)&&(dport!=80)&&(dport!=443)) - { - return ret; - } - -//htable info - long state_flag=0; - struct stream_tuple4_v4 ipv4_addr; - struct args_to_tun usr_arg; - - usr_arg.a_packet=(void*)a_packet; - usr_arg.tcpdata=tcpdata; - usr_arg.tcpdata_len=tcplen; - usr_arg.thread_seq=thread_seq; - usr_arg.iprevers=kni_get_ipaddr_v4(a_packet,&ipv4_addr); - - - if(usr_arg.iprevers==0) - { - usr_arg.routdir=routedir; - } - else - { - usr_arg.routdir=MESA_dir_reverse(routedir); - } - - MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),kni_state_htable_cb_v4,(void*)&usr_arg,&state_flag); - - - if(state_flag==STAT_FLAG_SSL_NOBMD) - { - tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)a_packet,iplen,&ipv4_addr); - - ret= APP_STATE_DROPPKT; - } - - kni_debug_info_v4((char*)KNI_MODULE_IPENTRY,state_flag,a_packet); - - return ret; -} - - - char kni_ipv6_entry(struct streaminfo *pstream,unsigned char routedir,int thread_seq,void *a_packet) { -// int ret; int ip_reverse=0; @@ -1631,7 +1764,7 @@ char kni_ipv6_entry(struct streaminfo *pstream,unsigned char routedir,int thread } MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v6,(unsigned char*)&ipv6_addr,sizeof(struct stream_tuple4_v6),kni_state_htable_cb_v6,&usr_arg,&state_flag); - if(state_flag==STAT_FLAG_IPBMD) + if(state_flag==KNI_FLAG_IPBMD) { return APP_STATE_DROPPKT; } @@ -1661,35 +1794,6 @@ int init_profile_info(int* logger_level,char* logger_filepath,int* maat_json_swi return 0; } -int init_domain_fd() -{ - - int i_fd = 0; - struct sockaddr_un addr; - char serverpath[32] = "/home/server_unixsocket_file"; - int i_addr_len = sizeof( struct sockaddr_un ); - - if ( ( i_fd = socket( AF_UNIX, SOCK_STREAM, 0 ) ) < 0 ) -// if ( ( i_fd = socket( AF_UNIX, SOCK_DGRAM, 0 ) ) < 0 ) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():socket error,errno is %d,action:%s",errno,KNI_ACTION_EXIT); - return -1; - } - - //fill socket adress structure with server's address - memset( &addr, 0, sizeof( addr ) ); - addr.sun_family = AF_UNIX; - strncpy( addr.sun_path, serverpath, sizeof( addr.sun_path ) - 1 ); - - if ( connect( i_fd, ( struct sockaddr * )&addr, i_addr_len ) < 0 ) - { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():connect error,errno is %d,action:%s",errno,KNI_ACTION_EXIT); - return -1; - } - - return i_fd; -} - int init_kni_stat_htable() { MESA_htable_create_args_t hash_frags; @@ -1739,8 +1843,10 @@ extern "C" char kni_init() char full_cfg_dir[KNI_CONF_MAXLEN]={0}; char inc_cfg_dir[KNI_CONF_MAXLEN]={0}; -// pthread_t pid_write_tun; pthread_t pid_read_tun; + pthread_t pid_pro_domain; +// pthread_t pid_kni_filestat2; + inet_aton((const char *)&LOCAL_IP_ADDR,(struct in_addr*)&g_kni_comminfo.local_ip); @@ -1756,6 +1862,7 @@ extern "C" char kni_init() return -1; } + //maat g_kni_maatinfo.maat_feather=Maat_feather(g_iThreadNum,table_info_path,g_kni_comminfo.logger); if(g_kni_maatinfo.maat_feather==NULL) @@ -1798,6 +1905,15 @@ extern "C" char kni_init() return -1; } +//init lqueue for send fds + g_kni_structinfo.lqueue_for_domain=MESA_lqueue_create(KNI_THREAD_SAFE,KNI_LQUEUE_MAXNUM); + if(g_kni_structinfo.lqueue_for_domain==NULL) + { + printf("MESA_lqueue_create() error!\n"); + return -1; + } + + //init tun if(g_kni_comminfo.thread_num<=0) @@ -1807,7 +1923,7 @@ extern "C" char kni_init() } g_kni_comminfo.fd_tun=(int*)malloc(g_kni_comminfo.thread_num*sizeof(int)); - memset(g_kni_comminfo.fd_tun,0,g_kni_comminfo.thread_num*sizeof(int)); + memset(g_kni_comminfo.fd_tun,0,sizeof(g_kni_comminfo.thread_num*sizeof(int))); ret=tun_alloc_mq(__tun_symbol,g_kni_comminfo.thread_num,g_kni_comminfo.fd_tun); if(ret<0) @@ -1815,19 +1931,25 @@ extern "C" char kni_init() return -1; } - system("ifconfig tun0 192.168.100.1 up"); - system("route add default dev tun0"); - system("iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080"); +// system("ifconfig tun0 192.168.100.1 up"); +// system("route add default dev tun0"); +// system("iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080"); //init domain g_kni_comminfo.fd_domain=init_domain_fd(); if(g_kni_comminfo.fd_domain<0) { - MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd()error,action:%s",KNI_ACTION_EXIT); -// return -1; + g_kni_comminfo.kni_mode_cur=KNI_MODE_BYPASS; + MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd()error"); } + + pthread_create(&pid_pro_domain,NULL,kni_process_domain,NULL); +// pthread_create(&pid_kni_filestat2,NULL,kni_filestat2,NULL); + + + //test init raw_socket g_kni_comminfo.ipv4_fd=(int*)malloc(g_kni_comminfo.thread_num*sizeof(int)); for(i=0;i