#ifndef KNI_PROCESS_H #define KNI_PROCESS_H #ifndef TH_FIN #define TH_FIN 0x01 #endif #ifndef TH_SYN #define TH_SYN 0x02 #endif #ifndef TH_RST #define TH_RST 0x04 #endif #ifndef TH_PUSH #define TH_PUSH 0x08 #endif #ifndef TH_ACK #define TH_ACK 0x10 #endif #ifndef TH_URG #define TH_URG 0x20 #endif //#define KNI_DEBUG_TCPREPAIR 1 //#define KNI_DEBUG_KEEPALIVE 1 #define KNI_MAX_THREADNUM 64 #define KNI_ETHER_LEN 14 #define TCPHDR_DEFAULT_LEN 20 #define LOCAL_IP_ADDR "192.168.100.1" #define KNI_MAX_BUFLEN 1500 //fds index #define KNI_FDS_NUM 3 #define KNI_FDS_INDEX_CLIENT 0 #define KNI_FDS_INDEX_SERVER 1 #define KNI_FDS_INDEX_PROTOCOL 2 //work module #define KNI_MODE_WORK 0 #define KNI_MODE_BYPASS 1 //runtime log #define KNI_MODULE_INIT "kni_init" #define KNI_MODULE_READTUN "kni_read_tun" #define KNI_MODULE_SENDPKT "kni_sendpkt" #define KNI_MODULE_WRITETUN "kni_write_tun" #define KNI_MODULE_IPENTRY "kni_process" #define KNI_MODULE_DEBUG "kni_debug" #define KNI_MODULE_SENDFD "send_fds" #define KNI_ACTION_EXIT "exit..." //init profile info #define KNI_CONF_MAXLEN 1024 #define KNI_CONF_FILENAME "./kniconf/kni.conf" #define KNI_CONF_MODE "Module" #define KNI_CONF_FILENAME_MAIN "./conf/main.conf" #define KNI_OFFSET_ROUTDIR 1 #define KNI_OFFSET_CARDNAME 3 #define KNI_CARD_NUM 2 #define PROTO_TYPE_TCP 6 #define PROTO_TYPE_UDP 17 #define KNI_DEFAULT_WINSCLE 0 #define KNI_DEFAULT_MSS 1460 //maat #define KNI_ACTION_NONE 0x00 #define KNI_ACTION_REJECT 0x10 #define KNI_ACTION_DROP 0x20 #define KNI_ACTION_REDIRECT 0x30 #define KNI_ACTION_RATELIMIT 0x40 #define KNI_ACTION_REPLACE 0x50 #define KNI_ACTION_LOOP 0x60 #define KNI_ACTION_WHITELIST 0x80 #define KNI_MAX_SAMENUM 50 #define KNI_TABLENAME_AREA "USER_AREA" #define KNI_TABLENAME_IP "WHITE_LIST_IP" #define KNI_TABLENAME_DOMAIN "WHITE_LIST_DOMAIN" #define KNI_MAATJSON_FILEPATH "./kniconf/maat_test.json" #define KNI_TABLEINFO_PATH "./kniconf/maat_table_info.conf" #define KNI_FULLCFG_FILEPATH "/home/config/full/index" #define KNI_INCCFG_FILEPATH "/home/config/inc/index" //lqueue info #define KNI_THREAD_SAFE 1 #define KNI_USLEEP_TIME 10 #define KNI_LQUEUE_MAXNUM 100000 //htable_info #define KNI_HTABLE_SIZE 1024*1024 #define KNI_HTABLE_MAXNUM 100000 #define KNI_HTABLE_EXPIRE_TIME 60*60*24 //ssl info #define KNI_SSL_PORT 443 #define KNI_SNI_MAXLEN 65535 #define SSL_HEADER_LEN 5 #define SSL_CONTENTTYPE_HANDSHAKE 0x16 #define SSL_VERSION_TLS1_0 0x0301 #define SSL_VERSION_TLS1_1 0x0302 #define SSL_VERSION_TLS1_2 0x0303 #define SSL_BODY_LEN 4 #define SSL_HANDSHAR_TYPE_CLIENTHELLO 0x01 #define SSL_EXTENSION_TYPE_SNI 0x0 #define KNI_MACADDR_LEN 6 #define KNI_TLV_TYPE_PRO 0x01 #define KNI_TLV_VALUE_HTTP 0x01 #define KNI_TLV_VALUE_SSL 0x02 //filestate2 #define FS2_COLUMN_NUM 6 #define FS2_APPNAME "KNI" #define FS2_COLUME_RECV 0 #define FS2_COLUME_FWD 1 #define FS2_COLUME_DROP 2 #define FS2_COLUME_WRITE 3 #define FS2_COLUME_READ 4 #define FS2_COLUME_SEND 5 //tcp opt type #define KNI_TCPOPT_MSS 2 #define KNI_TCPOPT_WINSCALE 3 #define KNI_TCPOPT_SACKOK 4 #define KNI_TCPOPT_TIMESTAMP 8 #define KNI_DIR_DOUBLE 2 #define KNI_DIR_C2S 0 #define KNI_DIR_S2C 1 #define KNI_TCPREPAIR_OPT_NUM 4 #define KNI_PROJECT_NAME "protocol_tag" enum kni_flag { KNI_FLAG_UNKNOW=0, KNI_FLAG_HTTP, KNI_FLAG_SSL, KNI_FLAG_OUTUSER, KNI_FLAG_IPBMD, KNI_FLAG_SNIBMD, KNI_FLAG_DROP, KNI_FLAG_NOTPROC, }; struct kni_switch_info { int maat_default_switch; //0:KNI_ACTION_NONE is fwdpkt;1:KNI_ACTION_NONE is reject }; //htable_data_info ipv6 struct datainfo_to_tun { int state_flag; int route_dir; unsigned int mss; unsigned char smac[KNI_MACADDR_LEN]; unsigned char dmac[KNI_MACADDR_LEN]; }; struct args_to_tun { void* a_packet; //[IN] set fs's tcp_state char* tcpdata; //[IN] judge ssl and get sni int tcpdata_len; //[IN] judge ssl and get sni int thread_seq; //[IN] arg int routdir; //[IN] add datainfo int iprevers; }; //global variable //comm struct kni_var_comm { int project_id; int kni_mode_cur; //0:work 1:bypass int thread_num; int fd_domain; unsigned int local_ip; char tun_name[KNI_CONF_MAXLEN]; char domain_path[KNI_CONF_MAXLEN]; char card_in[KNI_CONF_MAXLEN]; char card_out[KNI_CONF_MAXLEN]; int* fd_tun; void* logger; int* ipv4_fd; }; //htable and lqueue struct kni_var_struct { MESA_htable_handle htable_to_tun_v4; MESA_htable_handle htable_to_tun_v6; MESA_htable_handle htable_to_io_v6; MESA_lqueue_head lqueue_for_domain; }; //maat struct kni_var_maat { Maat_feather_t maat_feather; short tableid_ip; short tableid_area; short tableid_domain; }; //field stat2 struct kni_fs2_info { screen_stat_handle_t handler; int column_id[FS2_COLUMN_NUM]; unsigned long long column_value[KNI_MAX_THREADNUM][FS2_COLUMN_NUM]; }; struct kni_tlv_info { char type; short len; char value; }; struct kni_ipv6_hdr { unsigned char ip6_flags[4]; unsigned int ip6_payload_len; unsigned char ip6_nex_hdr; unsigned char ip6_hop; struct in6_addr ip6_src; struct in6_addr ip6_dst; }; struct kni_tcp_hdr { unsigned short th_sport; unsigned short th_dport; unsigned int th_seq; unsigned int th_ack; # if __BYTE_ORDER == __LITTLE_ENDIAN unsigned char th_x2:4, th_off:4; # elif __BYTE_ORDER == __BIG_ENDIAN unsigned char th_off:4, th_x2:4; # else # error "Adjust your defines" # endif unsigned char th_flags; unsigned short th_win; unsigned short thsum; unsigned short th_urp; }; struct kni_tcp_opt_format { char type; char len; char content[32]; }; struct common_tcp_opt { unsigned char sack_ok; unsigned char wnscale; unsigned short mss; //host order unsigned int timestamp; }; struct kni_wndpro_reply_info { unsigned int seq; //host order unsigned int ack; //host order unsigned int syn_flag; unsigned int len; //tcp payload len:host order unsigned short wndsize; //host order unsigned short ipid; //host order unsigned char ttl; //host order }; struct kni_pme_info { unsigned short status_flag; unsigned short mss[KNI_DIR_DOUBLE]; //host order unsigned char wnscal[KNI_DIR_DOUBLE]; //host order unsigned char sack[KNI_DIR_DOUBLE]; unsigned char timestamps[KNI_DIR_DOUBLE]; struct kni_wndpro_reply_info lastpkt_info[KNI_DIR_DOUBLE]; //for add htable scan_status_t mid; //for maat }; //htable_data_info ipv4 struct kni_htable_datainfo { //for sendpkt int route_dir; unsigned char smac[KNI_MACADDR_LEN]; unsigned char dmac[KNI_MACADDR_LEN]; //send wnd pro reply int wndpro_flag[KNI_DIR_DOUBLE]; unsigned short wnscal[KNI_DIR_DOUBLE]; //host order unsigned short mss[KNI_DIR_DOUBLE]; //host order struct kni_wndpro_reply_info lastpkt_info[KNI_DIR_DOUBLE]; }; //set tcp repair info struct kni_tcp_state { unsigned int src_ip; unsigned int dst_ip; unsigned short sport; unsigned short dport; unsigned int seq; unsigned int ack; unsigned short win; unsigned short mss_src; unsigned short mss_dst; unsigned char wscale_src; unsigned char wscale_dst; unsigned char sack_src; unsigned char sack_dst; unsigned char timestamps_src; unsigned char timestamps_dst; }; struct args_read_tun { int thread_seq; //in int iprevers; //in int iplen; //in int routdir; //out char* a_packet; //in unsigned char smac[KNI_MACADDR_LEN]; //out unsigned char dmac[KNI_MACADDR_LEN]; //ouit }; /* #ifndef TCP_REPAIR_WINDOW #define TCP_REPAIR_WINDOW 29 #endif struct tcp_repair_window { __u32 snd_wl1; __u32 snd_wnd; __u32 max_window; __u32 rcv_wnd; __u32 rcv_wup; }; */ #endif