gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、增加kni对ssh协议的支持2、增加kni对流方向的识别信息

Browse Source
This commit is contained in:
fumingwei
2020-04-07 11:19:52 +08:00
parent 57bfa41b3c
commit f1601233b7
4 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
entry/src/kni_entry.cpp
View File

@@ -402,7 +402,8 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
void *logger = g_kni_handle->local_logger;
uint16_t bufflen = 0, serialize_len = 0;
unsigned char *buff = NULL;
uint8_t protocol_type = pmeinfo->protocol == PROTO_SSL ? 0x1 : 0x0;
//uint8_t protocol_type = pmeinfo->protocol == PROTO_SSL ? 0x1 : 0x0;
uint8_t protocol_type = 0x0;
struct kni_cmsg *cmsg = kni_cmsg_init();
char *trace_id = NULL;
uint32_t seq = pktinfo->tcphdr->seq;
@@ -411,9 +412,31 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
uint16_t server_mss = htons(pmeinfo->server_tcpopt.mss);
uint16_t client_window = htons(pmeinfo->client_window);
uint16_t server_window = htons(pmeinfo->server_window);
unsigned char stream_curdir = stream->curdir;
if(stream_curdir == DIR_S2C)
{
seq = pktinfo->tcphdr->ack_seq;
ack = pktinfo->tcphdr->seq;
}
char src_mac[6] = {0};
char dst_mac[6] = {0};
int policy_id;
switch(pmeinfo->protocol)
{
case PROTO_SSL:
protocol_type = 0x1;
break;
case PROTO_SSH:
protocol_type = 0x2;
break;
default:
protocol_type = 0x0;
}
//seq
int ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (const unsigned char*)&seq, 4, pmeinfo);
if(ret < 0) goto error_out;
@@ -456,6 +479,9 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
//server window
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_SERVER, (const unsigned char*)&server_window, 2, pmeinfo);
if(ret < 0) goto error_out;
//current packet direction
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR, (const unsigned char*)&stream_curdir, 1, pmeinfo);
if(ret < 0) goto error_out;
//maat policy id
policy_id = pmeinfo->policy_id;
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_POLICY_ID, (const unsigned char*)&policy_id, sizeof(policy_id), pmeinfo);
@@ -998,6 +1024,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
if(pmeinfo->protocol == PROTO_HTTP){
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1);
}
//dup_traffic_stm
if(pmeinfo->has_dup_traffic == 1){
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);