#pragma once #include #include #include #include #include #include #include #include #include #include "MESA/MESA_handle_logger.h" #include "MESA/MESA_htable.h" #include "MESA/MESA_prof_load.h" #include "MESA/field_stat2.h" #include "MESA/Maat_rule.h" #include "MESA/Maat_command.h" //#include "mrtunnat.h" #include #include #include #define KNI_STRING_MAX 2048 #define KNI_PATH_MAX 256 #define KNI_SYMBOL_MAX 64 #define KNI_ADDR_MAX 128 #ifndef MAX #define MAX(a, b) (((a) > (b)) ? (a) : (b)) #endif #ifndef MIN #define MIN(a, b) (((a) < (b)) ? (a) : (b)) #endif #define likely(expr) __builtin_expect((expr), 1) #define unlikely(expr) __builtin_expect((expr), 0) #define ALLOC(type, number) ((type *)calloc(sizeof(type), number)) #define FREE(p) {free(*p);*p=NULL;} #define KNI_LOG_ERROR(handler, fmt, ...) \ do { \ MESA_handle_runtime_log(handler, RLOG_LV_FATAL, "kni", fmt, ##__VA_ARGS__); } while(0) #define KNI_LOG_INFO(handler, fmt, ...) \ do { \ MESA_handle_runtime_log(handler, RLOG_LV_INFO, "kni", fmt, ##__VA_ARGS__); } while(0) #define KNI_LOG_DEBUG(handler, fmt, ...) \ do { \ MESA_handle_runtime_log(handler, RLOG_LV_DEBUG, "kni", fmt, ##__VA_ARGS__); } while(0) //default tcp opt #define KNI_DEFAULT_WINSCLE 0 #define KNI_DEFAULT_MSS 1460 #define KNI_DEFAULT_MTU 1500 #define KNI_MTU 3000 struct kni_tcpopt_info{ uint16_t mss; uint8_t wscale_set; uint8_t wscale; uint8_t ts_set; uint8_t sack; uint32_t ts_value; uint32_t ts_ecr; }; //field_stat #define KNI_FS_FIELD_MAX 64 #define KNI_FS_COLUMN_MAX 256 #define KNI_FS_LINE_MAX 256 enum kni_field{ KNI_FIELD_BYP_INTCPERR, //intercept error link mode KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR, KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN, //intercept error HAVE_DUP_PKT KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR, KNI_FIELD_INTCPERR_DUP_PKT_NOT_SURE_ERR, //intercept error stream tun type KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR, KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE, //intercept error KNI_FIELD_INTCPERR_ASYM_ROUTING, KNI_FIELD_INTCPERR_NO_SYN, KNI_FIELD_INTCPERR_NO_SYN_ACK, KNI_FIELD_INTCPERR_INVALID_IP_HDR, KNI_FIELD_INTCPERR_EXCEED_MTU, //intercept error: internal error KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL, KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL, KNI_FIELD_INTCPERR_NO_TFE, KNI_FIELD_INTCPERR_DUP_TRAFFIC, KNI_FIELD_INTCPERR_CMSG_ADD_FAIL, //success intercept stream KNI_FIELD_INTCP_STM, KNI_FIELD_INTCP_BYTE, KNI_FIELD_SSL_STM, KNI_FIELD_HTTP_STM, KNI_FIELD_IPV4_STM, KNI_FIELD_IPV6_STM, KNI_FIELD_DUP_TFC_STM, KNI_FIELD_DUP_TFC_BYTE, //intercept ready stream KNI_FIELD_INTCP_READY_STM, KNI_FIELD_INTCP_READY_BYTE, //pme KNI_FIELD_PME_NEW_SUCC, KNI_FIELD_PME_FREE, KNI_FIELD_PME_CNT, //errors KNI_FIELD_SENDLOG_FAIL, KNI_FIELD_ID2PME_ADD_FAIL, KNI_FIELD_ID2PME_DEL_FAIL, KNI_FIELD_TUPLE2STM_ADD_FAIL, KNI_FIELD_TUPLE2STM_DEL_FAIL, KNI_FIELD_SAPP_INJECT_FAIL, KNI_FIELD_BLOOM_SEARCH_FAIL, KNI_FIELD_BLOOM_ADD_FAIL, //htable KNI_FIELD_ID2PME_ADD_SUCC, KNI_FIELD_ID2PME_DEL_SUCC, KNI_FIELD_ID2PME_CNT, KNI_FIELD_TUPLE2STM_ADD_SUCC, KNI_FIELD_TUPLE2STM_DEL_SUCC, KNI_FIELD_TUPLE2STM_CUR, KNI_FIELD_TUPLE2STM_SEARCH_HIT, KNI_FIELD_TUPLE2STM_SEARCH_MISS, //send_log KNI_FIELD_SENDLOG_SUCC, //sapp_inject KNI_FIELD_SAPP_INJECT_SUCC, //dabloom KNI_FIELD_BLOOM_HIT, KNI_FIELD_BLOOM_MISS, //kni dynamic bypass KNI_FIELD_ID2SSL_ADD_SUCC, KNI_FIELD_ID2SSL_DEL_SUCC, KNI_FIELD_ID2SSL_CNT, KNI_FIELD_SSL2PASS_ADD_SUCC, KNI_FIELD_SSL2PASS_DEL_SUCC, KNI_FIELD_SSL2PASS_CNT, KNI_FIELD_DY_PASS_STM, KNI_FIELD_DY_PASS_BYTE, KNI_FIELD_DY_PASS_IPV6_STM, KNI_FIELD_DY_PASS_IPV4_STM, //KNI_FIELD_TFE_STATUS_BASE must be last KNI_FIELD_TFE_STATUS_BASE, }; struct kni_field_stat_handle{ screen_stat_handle_t handle; int fields[KNI_FS_FIELD_MAX]; int column_ids[KNI_FS_COLUMN_MAX]; int line_ids[KNI_FS_LINE_MAX]; }; struct pkt_info{ addr_type_t addr_type; union{ struct iphdr *v4; struct ip6_hdr *v6; }iphdr; uint16_t iphdr_len; uint16_t ip_totlen; struct tcphdr *tcphdr; uint16_t tcphdr_len; char *data; uint16_t data_len; int parse_failed; }; enum kni_ipv4hdr_parse_error{ KNI_IPV4HDR_PARSE_ERROR_NULL_PACKET = -1, }; enum kni_ipv6hdr_parse_error{ KNI_IPV6HDR_PARSE_ERROR_NULL_PACKET = -1, KNI_IPV6HDR_PARSE_ERROR_NO_TCPHDR = -2, KNI_IPV6HDR_PARSE_ERROR_INVALID_TYPE = -3, }; enum kni_deploy_mode { KNI_DEPLOY_MODE_TAP = 0, KNI_DEPLOY_MODE_NORMAL = 1, }; struct kni_htable_opt{ int mho_screen_print_ctrl; int mho_thread_safe; int mho_mutex_num; int mho_hash_slot_size; int mho_hash_max_element_num; int mho_expire_time; char mho_eliminate_type[KNI_SYMBOL_MAX]; void *free_data_cb; void *expire_notify_cb; }; int kni_addr_trans_v4(struct stream_tuple4_v4 *tuple4, char *output, int len); int kni_addr_trans_v6(struct stream_tuple4_v6 *tuple4, char *output, int len); uint16_t kni_ip_checksum(const void *buf, size_t hdr_len); uint16_t kni_tcp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr); uint16_t kni_tcp_checksum_v6(const void *_buf, size_t len, struct in6_addr src_addr, struct in6_addr dest_addr); uint16_t kni_udp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr); void kni_get_tcpopt(struct kni_tcpopt_info *tcpopt, struct tcphdr* tcphdr,int tcphdr_len); int kni_ipv4_addr_get_by_eth(const char *ifname, uint32_t *ip); int kni_ipv4_header_parse(const void *a_packet, struct pkt_info *pktinfo); int kni_ipv6_header_parse(const void *a_packet, struct pkt_info *pktinfo); char* kni_ipv4_errmsg_get(enum kni_ipv4hdr_parse_error _errno); char* kni_ipv6_errmsg_get(enum kni_ipv6hdr_parse_error _errno); char* kni_strdup(const char* s); MESA_htable_handle kni_create_htable(char *symbol, struct kni_htable_opt *opt, void *logger); void kni_get_htable_opt(struct kni_htable_opt *opt, const char *profile, const char *section, void *free_data_cb, void *expire_notify_cb, void *logger);