From eb5dd08323bb9bcb6ff94ab9bcd560f7918d9653 Mon Sep 17 00:00:00 2001 From: luqiuwen Date: Wed, 19 Dec 2018 10:48:25 +0600 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3redirect=E5=8A=9F=E8=83=BD?= =?UTF-8?q?=E5=A4=84=E7=90=86=E6=B5=81=E7=A8=8B=E7=9A=84=E8=8B=A5=E5=B9=B2?= =?UTF-8?q?=E9=97=AE=E9=A2=98=EF=BC=8C=E5=A2=9E=E5=8A=A0=E6=8B=A6=E6=88=AA?= =?UTF-8?q?=E5=8D=8F=E8=AE=AE=E8=AF=86=E5=88=AB=E8=BF=87=E6=BB=A4=E5=8D=95?= =?UTF-8?q?=E9=A1=B9=E6=B5=81=E7=9A=84=E6=B5=81=E7=A8=8B=20*=20=E5=B0=86?= =?UTF-8?q?=E5=9C=A8pending=E7=8A=B6=E6=80=81=E4=B8=8B=E5=88=A4=E6=96=AD?= =?UTF-8?q?=E6=8A=A5=E6=96=87=E6=98=AF=E5=90=A6=E5=AD=98=E5=9C=A8=E5=9C=A8?= =?UTF-8?q?redirect=E8=A1=A8=E4=B8=AD=E7=9A=84=E9=80=BB=E8=BE=91=E6=8F=90?= =?UTF-8?q?=E5=89=8D=EF=BC=8C=E5=9B=A0=E4=BF=AE=E6=94=B9=E5=90=8E=E7=9A=84?= =?UTF-8?q?SYN-ACK=E4=BC=9A=E5=8D=95=E7=8B=AC=E6=88=90=E4=B8=BA=E4=B8=80?= =?UTF-8?q?=E4=B8=AA=E6=B5=81=EF=BC=8C=E5=86=8D=E6=AC=A1=E8=A7=A6=E5=8F=91?= =?UTF-8?q?pending=E7=8A=B6=E6=80=81=E3=80=82=20*=20=E4=BF=AE=E6=AD=A3?= =?UTF-8?q?=E8=AF=BB=E5=85=A5=E6=8E=A7=E5=88=B6=E5=9F=9F=E6=97=B6=E5=86=85?= =?UTF-8?q?=E5=AD=98=E8=B6=8A=E7=95=8C=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=9B?= =?UTF-8?q?=20*=20=E5=A2=9E=E5=8A=A0=E6=8B=A6=E6=88=AA=E5=8D=8F=E8=AE=AE?= =?UTF-8?q?=E8=AF=86=E5=88=AB=E8=BF=87=E6=BB=A4=E5=8D=95=E9=A1=B9=E6=B5=81?= =?UTF-8?q?=E7=9A=84=E6=B5=81=E7=A8=8B=EF=BC=8C=E5=A6=82=E9=9C=80=E8=A6=81?= =?UTF-8?q?=E6=8B=A6=E6=88=AA=E7=9A=84=E6=B5=81=E9=87=8F=E4=B8=BA=E5=8D=95?= =?UTF-8?q?=E9=A1=B9=E6=B5=81=EF=BC=8C=E5=88=99=E4=B8=8D=E6=89=A7=E8=A1=8C?= =?UTF-8?q?=E6=8B=A6=E6=88=AA=E6=B5=81=E7=A8=8B=E7=9B=B4=E6=8E=A5=E8=BD=AC?= =?UTF-8?q?=E5=8F=91=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kni_entry.c | 26 +++++++------ kni_redirect.c | 100 +++++++++++++++++++++---------------------------- kni_redirect.h | 2 - 3 files changed, 57 insertions(+), 71 deletions(-) diff --git a/kni_entry.c b/kni_entry.c index b5b75a8..c3d5373 100644 --- a/kni_entry.c +++ b/kni_entry.c @@ -563,7 +563,12 @@ char kni_first_tcpdata(const struct streaminfo* pstream,const void* a_packet,str int domain_len=0; char domain[KNI_DEFAULT_MTU]={0}; - + + if(pstream->dir != DIR_DOUBLE) + { + kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),pmeinfo->protocol,domain,(char*)"NOT-DOUBLE",(char*)"BYPASS",pmeinfo); + return ret; + } pmeinfo->protocol=kni_protocol_identify(pstream,a_packet,data,datalen,domain,&domain_len); assert(domain_len<(int)sizeof(domain)); @@ -703,20 +708,21 @@ char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* p kni_filestate2_set(thread_seq,FS_WHITELIST,0,1); return ret; } + //add kni_action_redirect 20181216 start + else if(redirect_search_htable(pstream->addr.addrtype,pmeinfo,thread_seq,a_packet,protocol) == 1) + { + ret = process_redirect_data(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir); + return ret; + } + else if(pmeinfo->action == KNI_ACTION_REDIRECT) { ret = process_redirect_pending(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir); return ret; } - else if(redirect_search_htable(pstream->addr.addrtype,pmeinfo,thread_seq,a_packet,protocol) == 1) - { - ret = process_redirect_data(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir); - return ret; - - } -//end +//end pmeinfo->protocol=KNI_FLAG_UNKNOW; if(protocol == PROTO_TYPE_TCP) @@ -1073,10 +1079,6 @@ extern "C" char kni_http_entry(stSessionInfo* session_info, void **pme, int thr return ret; } - - - - extern "C" char kni_ipv4_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct ip* ipv4_hdr) { if(ipv4_hdr->ip_p !=IPPROTO_ICMP ) diff --git a/kni_redirect.c b/kni_redirect.c index e87be10..846f872 100644 --- a/kni_redirect.c +++ b/kni_redirect.c @@ -311,70 +311,56 @@ int redirect_get_service_define(char* service_defined,int ser_def_len,struct red int redirect_get_service_define(char* service_defined,int ser_def_len,struct redirect_serdef_info* out) { - int ip_pool_len =0; - int nat_type_len = 0; - char* ip_pool = NULL; - char* nat_type = NULL; - char* tmp = NULL; - - ip_pool = kni_memncasemem(service_defined, ser_def_len,(char*)"=", strlen("=")); - if(ip_pool == NULL) - { - return -1; - } - - ip_pool += 1; - ip_pool_len = strlen(ip_pool); - - nat_type = kni_memncasemem(ip_pool,ip_pool_len,(char*)"=", strlen("=")); - if(nat_type == NULL) - { - return -1; - } - - nat_type += 1; - nat_type_len = strlen(nat_type); - - - tmp = kni_memncasemem(ip_pool, ip_pool_len,(char*)";", strlen(";")); - if(ip_pool == NULL) - { - return -1; - } - - - out->ip_pool_len= tmp-ip_pool; - assert((int)sizeof(out->ip_pool)>=out->ip_pool_len); - memcpy(out->ip_pool,ip_pool,out->ip_pool_len); - - out->nat_type_len= nat_type_len-1; - assert((int)sizeof(out->nat_type)>=out->nat_type_len); - memcpy(out->nat_type,nat_type,out->nat_type_len); - + int ret = sscanf(service_defined, "nat_type=%[^;];spoofing_ip_pool=%[^\n]", out->nat_type, out->ip_pool); + assert(ret == 2); return 0; - +} +static int get_column_pos(const char* line, int column_seq, size_t *offset, size_t *len) +{ + const char* seps=" \t"; + char* saveptr=NULL, *subtoken=NULL, *str=NULL; + char* dup_line = (char *)malloc(strlen(line) + 1); + strcpy(dup_line, line); + + int i=0, ret=-1; + for (str = dup_line; ; str = NULL) + { + subtoken = strtok_r(str, seps, &saveptr); + if (subtoken == NULL) + break; + if(i==column_seq-1) + { + *offset=subtoken-dup_line; + *len=strlen(subtoken); + ret=0; + break; + } + i++; + } + free(dup_line); + return ret; } void plugin_EX_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) { struct redirect_plugin_ex_data* add_data = (struct redirect_plugin_ex_data*)calloc(sizeof(struct redirect_plugin_ex_data), 1); - - int policy_group=0; - int id,protocol,direction,location,is_valid,service,ret; - char port[REDIRECT_SERDEF_LEN]; - char user_region[REDIRECT_SERDEF_LEN]; - char effective_range[REDIRECT_SERDEF_LEN]; - char op_time[REDIRECT_SERDEF_LEN]; - - - ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%d\t%s\t%d\t%d\t%d\t%d\t%s\t%s", - &id,&(add_data->addr_type),&protocol,add_data->spoofing_ip,port,&direction,user_region,&location,&is_valid,&service,&policy_group,effective_range,op_time); - if(ret < 0) + int ret = 0; + size_t offset=0, len=0; + *ad=NULL; + ret=get_column_pos(table_line, 2, &offset, &len); + if(ret<0) { - *ad=NULL; - return ; + return; } + sscanf(table_line+offset, "%d", &(add_data->addr_type)); + ret=get_column_pos(table_line, 4, &offset, &len); + if(ret<0) + { + return; + } + assert(len<=sizeof(add_data->spoofing_ip)); + strncpy(add_data->spoofing_ip, table_line+offset, len); *ad=add_data; return; } @@ -567,11 +553,11 @@ char process_redirect_pending(const struct streaminfo* pstream,struct kni_pme_in } //set pmeinfo->redirect_info - if(memcmp(redirect_args.nat_type,"snat",strlen("snat")) == 0) + if(strcasecmp(redirect_args.nat_type,"snat") == 0) { pmeinfo->redirect_info.nat_type=REDIRECT_SNAT_TYPE; } - else if(memcmp(redirect_args.nat_type,"dnat",strlen("dnat")) == 0) + else if(strcasecmp(redirect_args.nat_type,"dnat") == 0) { pmeinfo->redirect_info.nat_type=REDIRECT_DNAT_TYPE; } diff --git a/kni_redirect.h b/kni_redirect.h index d6f3c26..8b9d962 100644 --- a/kni_redirect.h +++ b/kni_redirect.h @@ -35,8 +35,6 @@ struct redirect_htable_data struct redirect_serdef_info { - int ip_pool_len; - int nat_type_len; char ip_pool[REDIRECT_SERDEF_LEN]; char nat_type[REDIRECT_SERDEF_LEN]; };