20180710：

1、将IP_ENTRY改为TCPALL_ENTRY 2、将iptables规则在脚本中设置，不再代码中设置；
2018-07-10 09:32:18 +08:00
parent cb19b06b03
commit e7bf4a2001
6 changed files with 978 additions and 805 deletions
--- a/5
+++ b/5
@@ -15,18 +15,15 @@ MODULES	= -lMESA_htable -lMESA_prof_load -lMESA_handle_logger -lrulescan -lmaatf
 .c.o:  
 	$(CC) -c -o $@ $(CFLAGS) $(INCS) $<

-.cc.o:  
-	$(CC) -c -o $@ $(CFLAGS) $(INCS) $<
-
 .PHONY: all clean 
 all: $(TARGET)
 $(TARGET):$(OBJECTS)
 	$(CC) -o $(TARGET)  $(CFLAGS) $(OBJECTS) $(MODULES)  $(LD_DICTATOR)
+#	$(CC) -o $(TARGET)  $(CFLAGS) $(OBJECTS) $(MODULES) -Wl,--whole-archive $(WHOLE_MODULES) -wL,--NO-WHOLE-ARCHIVE $(LD_DICTATOR)

 kni.o:kni.c
 libforge_socket.o:libforge_socket.c

-
 clean:
 	rm -f $(TARGET)	$(OBJECTS) 

--- a/bin/kni/kni.inf
+++ b/bin/kni/kni.inf
@@ -4,14 +4,14 @@ SO_PATH=./plug/business/kni/kni.so
 INIT_FUNC=kni_init
 DESTROY_FUNC=

-[IP]
-FUNC_FLAG=all
-FUNC_NAME=kni_ip_entry
-
-
-#[TCP_ALL]
+#[IP]
 #FUNC_FLAG=all
-#FUNC_NAME=kni_tcpall_entry
+#FUNC_NAME=kni_ip_entry
+
+
+[TCP_ALL]
+FUNC_FLAG=all
+FUNC_NAME=kni_tcpall_entry



--- a/bin/kni/kni.so
+++ b/bin/kni/kni.so
--- a/bin/kni_set_cmd
+++ b/bin/kni_set_cmd
@@ -6,19 +6,6 @@
 #ifconfig tun0 up

 echo 1 > /proc/sys/net/ipv4/ip_forward
-#route add default dev tun0
-
-iptables -t mangle -N DIVERT
-iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
-iptables -t mangle -A DIVERT -j MARK --set-mark 1
-iptables -t mangle -A DIVERT -j ACCEPT
-
-ip rule add fwmark 1 lookup 100
-#ip route add local 0.0.0.0/0 dev tun0 table 100
-ip route add local 0.0.0.0/0 dev lo table 100
-
-#iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080
-

 ethtool -K p7p1 lro off
 ethtool -K p7p1 tso off
@@ -28,3 +15,18 @@ ethtool -K em2 lro off
 ethtool -K em2 tso off
 ethtool -K em2 gro off

+ip tuntap add dev tun0 mode tun multi_queue
+ifconfig tun0 up
+route add default dev tun0
+
+iptables -F -t mangle
+iptables -t mangle -N DIVERT
+iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
+iptables -t mangle -A DIVERT -j MARK --set-mark 1
+iptables -t mangle -A DIVERT -j ACCEPT
+
+ip rule add fwmark 1 lookup 100
+#ip route add local 0.0.0.0/0 dev tun0 table 100
+ip route add local 0.0.0.0/0 dev lo table 100
+
+iptables -t mangle -A PREROUTING -p tcp -i tun0 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080
--- a/kni.c
+++ b/kni.c
--- a/kni.h
+++ b/kni.h
@@ -25,48 +25,25 @@
 #define TH_URG	0x20
 #endif

-#ifndef TCP_REPAIR_WINDOW
-#define TCP_REPAIR_WINDOW       29
-#endif
-
-struct tcp_repair_window {
-        __u32   snd_wl1;
-        __u32   snd_wnd;
-        __u32   max_window;
-
-        __u32   rcv_wnd;
-        __u32   rcv_wup;
-};
-
-
-//#define KNI_DEBUG_SWITCH	0
-
+#define KNI_MAX_THREADNUM			64

+#define KNI_ETHER_LEN				14
 #define TCPHDR_DEFAULT_LEN			20

-
-
-
-#define KNITEST_ETH_LEN		14
-
-
-
 #define LOCAL_IP_ADDR   			"192.168.100.1"

 #define KNI_MAX_BUFLEN				1500

-#define KNI_MAX_PORT		65535
-
-#define PKT_TYPE_REVERSE		1
-
-
+//fds index
+#define KNI_FDS_NUM						3
 #define KNI_FDS_INDEX_CLIENT			0
 #define KNI_FDS_INDEX_SERVER			1
+#define KNI_FDS_INDEX_PROTOCOL			2

+//work module
+#define KNI_MODE_WORK					0
+#define KNI_MODE_BYPASS					1

-#define KNI_MAX_THREADNUM			64
-
-#define KNI_ETHER_LEN				14

 //runtime log
 #define KNI_MODULE_INIT			"kni_init"
@@ -85,11 +62,14 @@ struct tcp_repair_window {


 //maat
+#define KNI_ACTION_IPBMD		1
+
+
 #define PROTO_TYPE_TCP				6
 #define PROTO_TYPE_UDP				17

-#define KNI_DEFAULT_MSS				1460
 #define KNI_DEFAULT_WINSCLE			0
+#define KNI_DEFAULT_MSS				1460


 #define KNI_MAX_CFGNUM				50
@@ -114,14 +94,6 @@ struct tcp_repair_window {
 #define KNI_HTABLE_EXPIRE_TIME	60*60*24


-//pkt_stat flag
-#define STAT_FLAG_NONE			0
-#define STAT_FLAG_IPBMD			1
-#define STAT_FLAG_OUTUSER		2
-#define STAT_FLAG_SNIBMD		3
-#define STAT_FLAG_NOTSSL		4
-#define STAT_FLAG_SSL_NOBMD			5
-
 //ssl info
 #define KNI_SSL_PORT					443
 #define KNI_SNI_MAXLEN					65535	
@@ -139,70 +111,57 @@ struct tcp_repair_window {

 #define KNI_MACADDR_LEN					6

+#define KNI_TLV_TYPE_PRO				0x01
+#define KNI_TLV_VALUE_HTTP				0x01
+#define KNI_TLV_VALUE_SSL				0x02

-#define KNI_TCPREPAIR_OPT_NUM			4
-#define KNI_QUEUE_NUM					2
-#define KNI_INDEX_SRC					0
-#define KNI_INDEX_DST					1
-
-struct kni_state_info 
-{
-	char *addr;
-	unsigned int port;
-	unsigned int seq;
-	unsigned short mss_clamp;
-	unsigned short wscale;
-};
-
-struct kni_tcp_state
-{
-	unsigned int src_ip;
-	unsigned int dst_ip;
-	unsigned short sport;
-	unsigned short dport;
-	unsigned int seq;
-	unsigned int ack;
-	unsigned short win;
-	unsigned short mss_src;
-	unsigned short mss_dst;
-	unsigned short wscale_src;
-	unsigned short wscale_dst;
-};
+//filestate2
+#define FS2_COLUMN_NUM					6
+#define FS2_APPNAME						"KNI"
+#define FS2_COLUME_RECV					0
+#define FS2_COLUME_FWD					1
+#define FS2_COLUME_DROP					2
+#define FS2_COLUME_WRITE				3
+#define FS2_COLUME_READ					4
+#define FS2_COLUME_SEND					5

+//tcp opt type
+#define KNI_TCPOPT_MSS				2
+#define KNI_TCPOPT_WINSCALE			3
+#define KNI_TCPOPT_SACKOK			4
+#define KNI_TCPOPT_TIMESTAMP		8

 #define KNI_DIR_DOUBLE		2
 #define KNI_DIR_C2S			0
 #define KNI_DIR_S2C			1

-//htable_data_info
-struct datainfo_to_tun
+#define KNI_TCPREPAIR_OPT_NUM			4
+
+
+enum kni_flag
 {
-	int pktnum;
-	int state_flag;											
-	int route_dir;
-//test
-	unsigned char ttl[KNI_DIR_DOUBLE];				//host order
-	unsigned short ipid[KNI_DIR_DOUBLE];			//host order
-	int pro_reply[KNI_DIR_DOUBLE];					
-	unsigned int seq[KNI_DIR_DOUBLE];				//host order
-	unsigned int ack[KNI_DIR_DOUBLE];				//host order
-	unsigned int len[KNI_DIR_DOUBLE];				//host order
-//end
-	unsigned short win;								//host order
-	unsigned short mss[KNI_QUEUE_NUM];				//host order
-	unsigned short wnscal[KNI_QUEUE_NUM];			//host order
-	unsigned char smac[KNI_MACADDR_LEN];
-	unsigned char dmac[KNI_MACADDR_LEN];
+	KNI_FLAG_UNKNOW=0,
+	KNI_FLAG_HTTP,
+	KNI_FLAG_SSL,
+	KNI_FLAG_SSL_HALF,
+	KNI_FLAG_IPBMD,
+	KNI_FLAG_OUTUSER,
+	KNI_FLAG_SNIBMD,
+	KNI_FLAG_NOTPROC,
 };

-struct args_read_tun
+
+
+
+
+//htable_data_info ipv6
+struct datainfo_to_tun
 {
-	int thread_seq;
-	int iprevers;								//in
-	int iplen;									//in
-	char* a_packet;								//in
-	unsigned char smac[KNI_MACADDR_LEN];		//out
-	unsigned char dmac[KNI_MACADDR_LEN];		//ouit
+	int state_flag;											
+	int route_dir;
+	unsigned int mss;
+	unsigned char smac[KNI_MACADDR_LEN];
+	unsigned char dmac[KNI_MACADDR_LEN];
 };

 struct args_to_tun
@@ -215,29 +174,18 @@ struct args_to_tun
 	int iprevers;
 };

-struct datainfo_to_tun_v6
-{
-	int state_flag;											
-};
-
-
-struct datainfo_to_io_v4
-{
-	unsigned short	real_port;				
-	unsigned int 	real_ip;				
-};
-

 //global variable
 //comm
 struct kni_var_comm
 {
-	int fd_domain;
-	int thread_num;
+	int kni_mode_cur;			//0:work	1:bypass
 	unsigned int local_ip;
+	int thread_num;
+	int fd_domain;
 	int* fd_tun;
 	void* logger;
-//test
+//sendpkt test
 	int* ipv4_fd;
 };

@@ -247,7 +195,7 @@ struct kni_var_struct
 	MESA_htable_handle htable_to_tun_v4;
 	MESA_htable_handle htable_to_tun_v6;
 	MESA_htable_handle htable_to_io_v6;
-	MESA_lqueue_head* lqueue_to_tun;
+	MESA_lqueue_head lqueue_for_domain;
 };

 //maat
@@ -259,6 +207,21 @@ struct kni_var_maat
 	short tableid_snibmd;
 };

+//field stat2
+struct kni_fs2_info
+{
+	screen_stat_handle_t handler;
+	int column_id[FS2_COLUMN_NUM];
+	unsigned long long column_value[KNI_MAX_THREADNUM][FS2_COLUMN_NUM];
+};
+
+struct kni_tlv_info
+{
+	char type;
+	short len;
+	char value;
+};
+

 struct kni_ipv6_hdr
 {
@@ -291,12 +254,100 @@ struct kni_tcp_hdr
 	unsigned short th_urp;
 };

-struct kni_tcp_opt
+struct kni_tcp_opt_format
 {
 	char type;
 	char len;
 	char content[32];
 };

+struct common_tcp_opt
+{
+	unsigned char sack_ok;
+	unsigned char wnscale;
+	unsigned short mss;				//host order
+	unsigned int timestamp;
+	
+};
+
+struct kni_wndpro_reply_info
+{
+	unsigned int seq;							//host order
+	unsigned int ack;							//host order
+	unsigned int syn_flag;						
+	unsigned int len;							//tcp payload len:host order
+	unsigned short wndsize;	 					//host order
+	unsigned short ipid;						//host order		
+	unsigned char ttl;							//host order
+};
+
+
+struct kni_pme_info
+{
+	unsigned short status_flag;
+	unsigned short mss[KNI_DIR_DOUBLE];							//host order
+	unsigned char wnscal[KNI_DIR_DOUBLE];						//host order
+	struct kni_wndpro_reply_info lastpkt_info[KNI_DIR_DOUBLE]; 			//for add htable
+};
+
+//htable_data_info ipv4
+struct kni_htable_datainfo
+{
+//for sendpkt
+	int route_dir;
+	unsigned char smac[KNI_MACADDR_LEN];
+	unsigned char dmac[KNI_MACADDR_LEN];
+//send wnd pro reply
+	int wndpro_flag[KNI_DIR_DOUBLE];
+	unsigned short wnscal[KNI_DIR_DOUBLE];						//host order
+	unsigned short mss[KNI_DIR_DOUBLE];							//host order
+	struct kni_wndpro_reply_info lastpkt_info[KNI_DIR_DOUBLE]; 
+};
+
+
+
+//set tcp repair info
+struct kni_tcp_state
+{
+	unsigned int src_ip;
+	unsigned int dst_ip;
+	unsigned short sport;
+	unsigned short dport;
+	unsigned int seq;
+	unsigned int ack;
+	unsigned short win;
+	unsigned short mss_src;
+	unsigned short mss_dst;
+	unsigned short wscale_src;
+	unsigned short wscale_dst;
+};
+
+struct args_read_tun
+{
+	int thread_seq;
+	int iprevers;								//in
+	int iplen;									//in
+	char* a_packet;								//in
+	unsigned char smac[KNI_MACADDR_LEN];		//out
+	unsigned char dmac[KNI_MACADDR_LEN];		//ouit
+};
+
+
+/*
+#ifndef TCP_REPAIR_WINDOW
+#define TCP_REPAIR_WINDOW       29
+#endif
+
+struct tcp_repair_window {
+        __u32   snd_wl1;
+        __u32   snd_wnd;
+        __u32   max_window;
+
+        __u32   rcv_wnd;
+        __u32   rcv_wup;
+};
+*/
+

 #endif
+