修改action判断逻辑

2019-06-04 13:25:44 +08:00
parent 1fa7a0673f
commit f89c0cf902
3 changed files with 89 additions and 42 deletions
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -171,6 +171,7 @@ static struct pme_info* pme_info_new(const struct streaminfo *stream, int thread
 	pmeinfo->stream = (struct streaminfo*)stream;
 	pmeinfo->start_time = time(NULL);
 	pmeinfo->logger = logger;
+	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TOT_STM], 0, FS_OP_ADD, 1);
 	return pmeinfo;
 }

@@ -467,7 +468,6 @@ static char* add_cmsg_to_packet(struct pme_info *pmeinfo, struct pkt_info *pktin

 static int send_to_tfe(struct kni_marsio_handle *handle, char *raw_data, int raw_len, int thread_seq, int tfe_id){
 	void *logger = g_kni_handle->local_logger;
-	KNI_LOG_DEBUG(logger, "send packet to tfe%d", tfe_id);
 	marsio_buff_t *tx_buffs[BURST_MAX];
 	unsigned int ret = 1;
 	//TODO: marsio配置文件: 2500
@@ -498,6 +498,7 @@ static char pending_opstate(const struct streaminfo *stream, struct pme_info *pm
 		//pending_opstate 不是syn, bypass这个流
 		KNI_LOG_ERROR(logger, "pending opstate: not syn");
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NO_SYN_EXP], 0, FS_OP_ADD, 1);
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
 		//异常情况，不需要等tfe release, 直接释放
 		pmeinfo->tfe_release = 1;
@@ -525,14 +526,28 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein
 	void *logger = g_kni_handle->local_logger;
 	char *buf = (char*)pktinfo->iphdr;
 	int len = pktinfo->ip_totlen;
-	if(pmeinfo->action == KNI_ACTION_INTERCEPT){
-		send_to_tfe(g_kni_handle->marsio_handle, buf, len, thread_seq, pmeinfo->tfe_id);
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_PKT], 0, FS_OP_ADD, 1);
-		return APP_STATE_DROPPKT | APP_STATE_GIVEME;
-	}
-	if(pmeinfo->action == KNI_ACTION_BYPASS){
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
-		return APP_STATE_FAWPKT | APP_STATE_GIVEME;
+	char stream_addr[KNI_SYMBOL_MAX] = "";
+	int ret;
+	kni_stream_addr_trans((struct ipaddr*)(&stream->addr), stream_addr, sizeof(stream_addr));
+	//保证pmeinfo->action只有KNI_ACTION_NONE， KNI_ACTION_INTERCEPT， KNI_ACTION_BYPASS三种情况
+	switch (pmeinfo->action){
+		case KNI_ACTION_NONE:
+			break;
+		case KNI_ACTION_INTERCEPT:
+			ret = send_to_tfe(g_kni_handle->marsio_handle, buf, len, thread_seq, pmeinfo->tfe_id);
+			if(ret < 0){
+				KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream_addr is %s", pmeinfo->tfe_id, stream_addr);
+			}
+			else{
+				KNI_LOG_DEBUG(logger, "Succeed at send continue packet to tfe%d, stream_addr is %s", pmeinfo->tfe_id, stream_addr);
+			}
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_PKT], 0, FS_OP_ADD, 1);
+			return APP_STATE_DROPPKT | APP_STATE_GIVEME;
+		case KNI_ACTION_BYPASS:
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
+			return APP_STATE_FAWPKT | APP_STATE_GIVEME;
+		default:
+			break;
 	}
 	//TODO: client hello如果跨包怎么办？client hello后面一个包先到，这个包该丢掉还是bypass
 	//此时 action = KNI_ACTION_UNKNOWN, 说明还没收到第一个数据包
@@ -546,21 +561,21 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
 		return APP_STATE_FAWPKT | APP_STATE_GIVEME;
 	}
-	//第一个数据包: 如果从第一个数据包判断不出协议，直接返回，后续包也不要了
-	//单向流, 直接bypass
+	//单向流, bypass and dropme
 	if(stream->dir != DIR_DOUBLE){
-		KNI_LOG_INFO(logger, "stream dir is %d, bypass", stream->dir);
+		KNI_LOG_INFO(logger, "dir is %d, bypass, stream addr is %s", stream->dir, stream_addr);
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
 		pmeinfo->tfe_release = 1;
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
-	//三次握手成功才算一个流
-	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TOT_STM], 0, FS_OP_ADD, 1);
 	struct protocol_identify_result *result = ALLOC(struct protocol_identify_result, 1);
 	protocol_identify(stream, pktinfo->data, pktinfo->data_len, result);
 	pmeinfo->protocol = result->protocol;
+	//第一个数据包: 如果从第一个数据包判断不出协议, bypass and dropme
 	if(pmeinfo->protocol == KNI_PROTOCOL_UNKNOWN){
-		KNI_LOG_INFO(logger, "Failed at protocol_identify, protocol is %d\n", pmeinfo->protocol);
+		KNI_LOG_INFO(logger, "Failed at protocol_identify, bypass and dropme, stream addr is %s\n", 
+						pmeinfo->protocol, stream_addr);
 		FREE(&result);
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
@@ -579,19 +594,11 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein
 	}
 	pmeinfo->action = get_action((struct ipaddr*)(&stream->addr), result->domain, result->domain_len, thread_seq, &(pmeinfo->policy_id));
 	//输出maat拦截日志
-	char stream_addr[KNI_SYMBOL_MAX] = "";
-	kni_stream_addr_trans((struct ipaddr*)(&stream->addr), stream_addr, sizeof(stream_addr));
 	char domain_str[KNI_DOMAIN_MAX] = "";
 	memcpy(domain_str, result->domain, result->domain_len);
 	KNI_LOG_DEBUG(logger, "get_action: %s, %s, policy_id = %d, action = %s", 
 			stream_addr, domain_str, pmeinfo->policy_id, pmeinfo->action == KNI_ACTION_BYPASS ? "bypass" : "intercept");
 	FREE(&result);
-	//如果是bypass
-	if(pmeinfo->action == KNI_ACTION_BYPASS){
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
-		return APP_STATE_FAWPKT | APP_STATE_GIVEME;
-	}
 	//TODO: 这块比较奇怪, 收到client hello, 但是没有syn/ack包, 直接bypass了
 	if(pmeinfo->client_tcpopt == NULL || pmeinfo->server_tcpopt == NULL){
 		KNI_LOG_ERROR(logger, "Failed at intercept, %s, %s", pmeinfo->client_tcpopt == NULL ? "no syn" : "", 
@@ -602,27 +609,60 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein
 		pmeinfo->tfe_release = 1;
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
-	//action = KNI_ACTION_INTERCEPT, 带上控制信息发送给qq, 要修改ip, tcp的校验和
-	buf = add_cmsg_to_packet(pmeinfo, pktinfo, &len);
-	send_to_tfe(g_kni_handle->marsio_handle, buf, len, thread_seq, pmeinfo->tfe_id);
-	FREE(&buf);
-	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_PKT], 0, FS_OP_ADD, 1);
-	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1);
-	return APP_STATE_DROPPKT | APP_STATE_GIVEME;
+	switch(pmeinfo->action){
+		case KNI_ACTION_BYPASS:
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
+			return APP_STATE_FAWPKT | APP_STATE_GIVEME;
+		case KNI_ACTION_INTERCEPT: 
+			//action = KNI_ACTION_INTERCEPT, 带上控制信息发送给qq, 要修改ip, tcp的校验和
+			buf = add_cmsg_to_packet(pmeinfo, pktinfo, &len);
+			ret = send_to_tfe(g_kni_handle->marsio_handle, buf, len, thread_seq, pmeinfo->tfe_id);
+			if(ret < 0){
+				KNI_LOG_ERROR(logger, "Failed at send first packet to tfe%d, stream_trace_id is %s", pmeinfo->tfe_id, pmeinfo->stream_trace_id);
+			}
+			else{
+				KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream_trace_id is %s", pmeinfo->tfe_id, pmeinfo->stream_trace_id);
+			}
+			FREE(&buf);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_PKT], 0, FS_OP_ADD, 1);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1);
+			return APP_STATE_DROPPKT | APP_STATE_GIVEME;
+		default:
+			//action非法，bypass and dropme
+			KNI_LOG_ERROR(logger, "Action %d is Invalid, policy_id is %d, bypass(dropme)", pmeinfo->action, pmeinfo->policy_id);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
+			pmeinfo->tfe_release = 1;
+			return APP_STATE_FAWPKT | APP_STATE_DROPME;
+	}
 }

 static char close_opstate(const struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){
 	//close 数据也要发送给tfe
-	//void *logger = g_kni_handle->logger;
+	void *logger = g_kni_handle->local_logger;
 	char *buf = (char*)pktinfo->iphdr;
+	char stream_addr[KNI_SYMBOL_MAX] = "";
+	kni_stream_addr_trans((struct ipaddr*)(&stream->addr), stream_addr, sizeof(stream_addr));
 	int len = pktinfo->ip_totlen;
-	if(pmeinfo->action == KNI_ACTION_INTERCEPT){
-		send_to_tfe(g_kni_handle->marsio_handle, buf, len, thread_seq, pmeinfo->tfe_id);
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_PKT], 0, FS_OP_ADD, 1);
-		return APP_STATE_DROPPKT | APP_STATE_DROPME;
+	int ret;
+	switch(pmeinfo->action){
+		case KNI_ACTION_INTERCEPT:
+			ret =send_to_tfe(g_kni_handle->marsio_handle, buf, len, thread_seq, pmeinfo->tfe_id);
+			if(ret < 0){
+				KNI_LOG_ERROR(logger, "Failed at send last packet to tfe%d, stream addr is %s", 
+						pmeinfo->tfe_id, stream_addr);
+			}
+			else{
+				KNI_LOG_DEBUG(logger, "Succeed at send last packet to tfe%d, stream addr is %s", 
+						pmeinfo->tfe_id, stream_addr);
+			}
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_PKT], 0, FS_OP_ADD, 1);
+			return APP_STATE_DROPPKT | APP_STATE_DROPME;
+		default:
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
+			return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
-	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1);
-	return APP_STATE_FAWPKT | APP_STATE_DROPME;
 }

 //从syn包开始回调