gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

20180710:

Browse Source 
1、将IP_ENTRY改为TCPALL_ENTRY
2、将iptables规则在脚本中设置,不再代码中设置;
This commit is contained in:
liuyang
2018-07-10 09:32:18 +08:00
parent cb19b06b03
commit e7bf4a2001
6 changed files with 978 additions and 805 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@@ -1,6 +1,6 @@
#CC = gcc #CC = gcc
CC = g++ CC = g++
CFLAGS = -g -Wall -fPIC -shared CFLAGS = -g -Wall -fPIC -shared
OBJECTS = kni.o libforge_socket.o OBJECTS = kni.o libforge_socket.o
TARGET = kni.so TARGET = kni.so
@@ -15,18 +15,15 @@ MODULES = -lMESA_htable -lMESA_prof_load -lMESA_handle_logger -lrulescan -lmaatf
.c.o: .c.o:
$(CC) -c -o $@ $(CFLAGS) $(INCS) $< $(CC) -c -o $@ $(CFLAGS) $(INCS) $<
.cc.o:
$(CC) -c -o $@ $(CFLAGS) $(INCS) $<
.PHONY: all clean .PHONY: all clean
all: $(TARGET) all: $(TARGET)
$(TARGET):$(OBJECTS) $(TARGET):$(OBJECTS)
$(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) $(LD_DICTATOR) $(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) $(LD_DICTATOR)
# $(CC) -o $(TARGET) $(CFLAGS) $(OBJECTS) $(MODULES) -Wl,--whole-archive $(WHOLE_MODULES) -wL,--NO-WHOLE-ARCHIVE $(LD_DICTATOR)
kni.o:kni.c kni.o:kni.c
libforge_socket.o:libforge_socket.c libforge_socket.o:libforge_socket.c
clean: clean:
rm -f $(TARGET) $(OBJECTS) rm -f $(TARGET) $(OBJECTS)

14
bin/kni/kni.inf
View File

@@ -4,14 +4,14 @@ SO_PATH=./plug/business/kni/kni.so
INIT_FUNC=kni_init INIT_FUNC=kni_init
DESTROY_FUNC= DESTROY_FUNC=
[IP] #[IP]
FUNC_FLAG=all
FUNC_NAME=kni_ip_entry
#[TCP_ALL]
#FUNC_FLAG=all #FUNC_FLAG=all
#FUNC_NAME=kni_tcpall_entry #FUNC_NAME=kni_ip_entry
[TCP_ALL]
FUNC_FLAG=all
FUNC_NAME=kni_tcpall_entry

BIN
bin/kni/kni.so
View File

Binary file not shown.

28
bin/kni_set_cmd
View File

@@ -6,19 +6,6 @@
#ifconfig tun0 up #ifconfig tun0 up
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
#route add default dev tun0
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
ip rule add fwmark 1 lookup 100
#ip route add local 0.0.0.0/0 dev tun0 table 100
ip route add local 0.0.0.0/0 dev lo table 100
#iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080
ethtool -K p7p1 lro off ethtool -K p7p1 lro off
ethtool -K p7p1 tso off ethtool -K p7p1 tso off
@@ -28,3 +15,18 @@ ethtool -K em2 lro off
ethtool -K em2 tso off ethtool -K em2 tso off
ethtool -K em2 gro off ethtool -K em2 gro off
ip tuntap add dev tun0 mode tun multi_queue
ifconfig tun0 up
route add default dev tun0
iptables -F -t mangle
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
ip rule add fwmark 1 lookup 100
#ip route add local 0.0.0.0/0 dev tun0 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080

1447
kni.c
View File

File diff suppressed because it is too large Load Diff

287
kni.h
View File

@@ -25,48 +25,25 @@
#define TH_URG 0x20 #define TH_URG 0x20
#endif #endif
#ifndef TCP_REPAIR_WINDOW
#define TCP_REPAIR_WINDOW 29
#endif
struct tcp_repair_window {
__u32 snd_wl1;
__u32 snd_wnd;
__u32 max_window;
__u32 rcv_wnd;
__u32 rcv_wup;
};
//#define KNI_DEBUG_SWITCH 0
#define TCPHDR_DEFAULT_LEN 20
#define KNITEST_ETH_LEN 14
#define LOCAL_IP_ADDR "192.168.100.1"
#define KNI_MAX_BUFLEN 1500
#define KNI_MAX_PORT 65535
#define PKT_TYPE_REVERSE 1
#define KNI_FDS_INDEX_CLIENT 0
#define KNI_FDS_INDEX_SERVER 1
#define KNI_MAX_THREADNUM 64 #define KNI_MAX_THREADNUM 64
#define KNI_ETHER_LEN 14 #define KNI_ETHER_LEN 14
#define TCPHDR_DEFAULT_LEN 20
#define LOCAL_IP_ADDR "192.168.100.1"
#define KNI_MAX_BUFLEN 1500
//fds index
#define KNI_FDS_NUM 3
#define KNI_FDS_INDEX_CLIENT 0
#define KNI_FDS_INDEX_SERVER 1
#define KNI_FDS_INDEX_PROTOCOL 2
//work module
#define KNI_MODE_WORK 0
#define KNI_MODE_BYPASS 1
//runtime log //runtime log
#define KNI_MODULE_INIT "kni_init" #define KNI_MODULE_INIT "kni_init"
@@ -85,11 +62,14 @@ struct tcp_repair_window {
//maat //maat
#define KNI_ACTION_IPBMD 1
#define PROTO_TYPE_TCP 6 #define PROTO_TYPE_TCP 6
#define PROTO_TYPE_UDP 17 #define PROTO_TYPE_UDP 17
#define KNI_DEFAULT_MSS 1460
#define KNI_DEFAULT_WINSCLE 0 #define KNI_DEFAULT_WINSCLE 0
#define KNI_DEFAULT_MSS 1460
#define KNI_MAX_CFGNUM 50 #define KNI_MAX_CFGNUM 50
@@ -114,14 +94,6 @@ struct tcp_repair_window {
#define KNI_HTABLE_EXPIRE_TIME 60*60*24 #define KNI_HTABLE_EXPIRE_TIME 60*60*24
//pkt_stat flag
#define STAT_FLAG_NONE 0
#define STAT_FLAG_IPBMD 1
#define STAT_FLAG_OUTUSER 2
#define STAT_FLAG_SNIBMD 3
#define STAT_FLAG_NOTSSL 4
#define STAT_FLAG_SSL_NOBMD 5
//ssl info //ssl info
#define KNI_SSL_PORT 443 #define KNI_SSL_PORT 443
#define KNI_SNI_MAXLEN 65535 #define KNI_SNI_MAXLEN 65535
@@ -139,70 +111,57 @@ struct tcp_repair_window {
#define KNI_MACADDR_LEN 6 #define KNI_MACADDR_LEN 6
#define KNI_TLV_TYPE_PRO 0x01
#define KNI_TLV_VALUE_HTTP 0x01
#define KNI_TLV_VALUE_SSL 0x02
#define KNI_TCPREPAIR_OPT_NUM 4 //filestate2
#define KNI_QUEUE_NUM 2 #define FS2_COLUMN_NUM 6
#define KNI_INDEX_SRC 0 #define FS2_APPNAME "KNI"
#define KNI_INDEX_DST 1 #define FS2_COLUME_RECV 0
#define FS2_COLUME_FWD 1
struct kni_state_info #define FS2_COLUME_DROP 2
{ #define FS2_COLUME_WRITE 3
char *addr; #define FS2_COLUME_READ 4
unsigned int port; #define FS2_COLUME_SEND 5
unsigned int seq;
unsigned short mss_clamp;
unsigned short wscale;
};
struct kni_tcp_state
{
unsigned int src_ip;
unsigned int dst_ip;
unsigned short sport;
unsigned short dport;
unsigned int seq;
unsigned int ack;
unsigned short win;
unsigned short mss_src;
unsigned short mss_dst;
unsigned short wscale_src;
unsigned short wscale_dst;
};
//tcp opt type
#define KNI_TCPOPT_MSS 2
#define KNI_TCPOPT_WINSCALE 3
#define KNI_TCPOPT_SACKOK 4
#define KNI_TCPOPT_TIMESTAMP 8
#define KNI_DIR_DOUBLE 2 #define KNI_DIR_DOUBLE 2
#define KNI_DIR_C2S 0 #define KNI_DIR_C2S 0
#define KNI_DIR_S2C 1 #define KNI_DIR_S2C 1
//htable_data_info #define KNI_TCPREPAIR_OPT_NUM 4
struct datainfo_to_tun
enum kni_flag
{ {
int pktnum; KNI_FLAG_UNKNOW=0,
int state_flag; KNI_FLAG_HTTP,
int route_dir; KNI_FLAG_SSL,
//test KNI_FLAG_SSL_HALF,
unsigned char ttl[KNI_DIR_DOUBLE]; //host order KNI_FLAG_IPBMD,
unsigned short ipid[KNI_DIR_DOUBLE]; //host order KNI_FLAG_OUTUSER,
int pro_reply[KNI_DIR_DOUBLE]; KNI_FLAG_SNIBMD,
unsigned int seq[KNI_DIR_DOUBLE]; //host order KNI_FLAG_NOTPROC,
unsigned int ack[KNI_DIR_DOUBLE]; //host order
unsigned int len[KNI_DIR_DOUBLE]; //host order
//end
unsigned short win; //host order
unsigned short mss[KNI_QUEUE_NUM]; //host order
unsigned short wnscal[KNI_QUEUE_NUM]; //host order
unsigned char smac[KNI_MACADDR_LEN];
unsigned char dmac[KNI_MACADDR_LEN];
}; };
struct args_read_tun
//htable_data_info ipv6
struct datainfo_to_tun
{ {
int thread_seq; int state_flag;
int iprevers; //in int route_dir;
int iplen; //in unsigned int mss;
char* a_packet; //in unsigned char smac[KNI_MACADDR_LEN];
unsigned char smac[KNI_MACADDR_LEN]; //out unsigned char dmac[KNI_MACADDR_LEN];
unsigned char dmac[KNI_MACADDR_LEN]; //ouit
}; };
struct args_to_tun struct args_to_tun
@@ -215,29 +174,18 @@ struct args_to_tun
int iprevers; int iprevers;
}; };
struct datainfo_to_tun_v6
{
int state_flag;
};
struct datainfo_to_io_v4
{
unsigned short real_port;
unsigned int real_ip;
};
//global variable //global variable
//comm //comm
struct kni_var_comm struct kni_var_comm
{ {
int fd_domain; int kni_mode_cur; //0:work 1:bypass
int thread_num;
unsigned int local_ip; unsigned int local_ip;
int thread_num;
int fd_domain;
int* fd_tun; int* fd_tun;
void* logger; void* logger;
//test //sendpkt test
int* ipv4_fd; int* ipv4_fd;
}; };
@@ -247,7 +195,7 @@ struct kni_var_struct
MESA_htable_handle htable_to_tun_v4; MESA_htable_handle htable_to_tun_v4;
MESA_htable_handle htable_to_tun_v6; MESA_htable_handle htable_to_tun_v6;
MESA_htable_handle htable_to_io_v6; MESA_htable_handle htable_to_io_v6;
MESA_lqueue_head* lqueue_to_tun; MESA_lqueue_head lqueue_for_domain;
}; };
//maat //maat
@@ -259,6 +207,21 @@ struct kni_var_maat
short tableid_snibmd; short tableid_snibmd;
}; };
//field stat2
struct kni_fs2_info
{
screen_stat_handle_t handler;
int column_id[FS2_COLUMN_NUM];
unsigned long long column_value[KNI_MAX_THREADNUM][FS2_COLUMN_NUM];
};
struct kni_tlv_info
{
char type;
short len;
char value;
};
struct kni_ipv6_hdr struct kni_ipv6_hdr
{ {
@@ -291,12 +254,100 @@ struct kni_tcp_hdr
unsigned short th_urp; unsigned short th_urp;
}; };
struct kni_tcp_opt struct kni_tcp_opt_format
{ {
char type; char type;
char len; char len;
char content[32]; char content[32];
}; };
struct common_tcp_opt
{
unsigned char sack_ok;
unsigned char wnscale;
unsigned short mss; //host order
unsigned int timestamp;
};
struct kni_wndpro_reply_info
{
unsigned int seq; //host order
unsigned int ack; //host order
unsigned int syn_flag;
unsigned int len; //tcp payload len:host order
unsigned short wndsize; //host order
unsigned short ipid; //host order
unsigned char ttl; //host order
};
struct kni_pme_info
{
unsigned short status_flag;
unsigned short mss[KNI_DIR_DOUBLE]; //host order
unsigned char wnscal[KNI_DIR_DOUBLE]; //host order
struct kni_wndpro_reply_info lastpkt_info[KNI_DIR_DOUBLE]; //for add htable
};
//htable_data_info ipv4
struct kni_htable_datainfo
{
//for sendpkt
int route_dir;
unsigned char smac[KNI_MACADDR_LEN];
unsigned char dmac[KNI_MACADDR_LEN];
//send wnd pro reply
int wndpro_flag[KNI_DIR_DOUBLE];
unsigned short wnscal[KNI_DIR_DOUBLE]; //host order
unsigned short mss[KNI_DIR_DOUBLE]; //host order
struct kni_wndpro_reply_info lastpkt_info[KNI_DIR_DOUBLE];
};
//set tcp repair info
struct kni_tcp_state
{
unsigned int src_ip;
unsigned int dst_ip;
unsigned short sport;
unsigned short dport;
unsigned int seq;
unsigned int ack;
unsigned short win;
unsigned short mss_src;
unsigned short mss_dst;
unsigned short wscale_src;
unsigned short wscale_dst;
};
struct args_read_tun
{
int thread_seq;
int iprevers; //in
int iplen; //in
char* a_packet; //in
unsigned char smac[KNI_MACADDR_LEN]; //out
unsigned char dmac[KNI_MACADDR_LEN]; //ouit
};
/*
#ifndef TCP_REPAIR_WINDOW
#define TCP_REPAIR_WINDOW 29
#endif
struct tcp_repair_window {
__u32 snd_wl1;
__u32 snd_wnd;
__u32 max_window;
__u32 rcv_wnd;
__u32 rcv_wup;
};
*/
#endif #endif