gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
a48d99ec262647a9a8765b9eb9603bed6ebd93aa
tango-kni/kni_entry.c

1902 lines
52 KiB
C
Raw Blame History

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <net/ethernet.h>
#include "http.h"
#include "kni_replace.h"
#include "kni_entry.h"
#include "kni_utils.h"
#include "kni_sendlog.h"
int g_kni_version_VERSION_20190123_2;
struct kni_var_comm g_kni_comminfo;
struct kni_var_struct g_kni_structinfo;
struct kni_var_maat g_kni_maatinfo;
struct kni_fs2_info g_kni_fs2_info;
struct kni_switch_info g_kni_switch_info;
char g_kni_cardname[KNI_CARD_NUM][KNI_CONF_MAXLEN];
int g_kni_threadseq[KNI_MAX_THREADNUM];
struct kni_pme_info* kni_pmeinfo_new(void)
{
struct kni_pme_info* pmeinfo=ALLOC(struct kni_pme_info, 1);
pmeinfo->tun_index = -1;
return pmeinfo;
}
int kni_free_pmeinfo(struct kni_pme_info* pmeinfo)
{
Maat_clean_status(&(pmeinfo->mid));
free(pmeinfo);
pmeinfo=NULL;
return 0;
}
/***************************************************************************************
return :state_flag
kni_bmd:STAT_FLAG_SNIBMD
not kni_bmd:STAT_FLAG_SSL_NOBMD
***************************************************************************************/
int kni_scan_domain(char* domain,int domain_len,int thread_seq,struct kni_pme_info* pmeinfo)
{
int string_scan_num=0;
int found_pos;
string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,domain,domain_len,&(pmeinfo->maat_result[pmeinfo->maat_result_num]),&found_pos,KNI_MAX_SAMENUM-pmeinfo->maat_result_num,&(pmeinfo->mid),thread_seq);
kni_process_maatresult(string_scan_num,&(pmeinfo->maat_result[pmeinfo->maat_result_num]),pmeinfo);
if(string_scan_num <= 0)
{
string_scan_num=Maat_full_scan_string(g_kni_maatinfo.ipd_dyn_maat_feather,g_kni_maatinfo.tableid_dynamic_domain,CHARSET_GBK,domain,domain_len,&(pmeinfo->maat_result[pmeinfo->maat_result_num]),&found_pos,KNI_MAX_SAMENUM-pmeinfo->maat_result_num,&(pmeinfo->mid),thread_seq);
kni_process_maatresult(string_scan_num,&(pmeinfo->maat_result[pmeinfo->maat_result_num]),pmeinfo);
if(string_scan_num > 0)
{
pmeinfo->maat_result_num += string_scan_num;
}
}
else
{
pmeinfo->maat_result_num += string_scan_num;
}
return string_scan_num;
}
/***************************************************************************************
return :state_flag
kni_bmd:STAT_FLAG_SNIBMD
not kni_bmd:STAT_FLAG_SSL_NOBMD
***************************************************************************************/
/*
int kni_scan_pktbin(char* data,int datalen,int thread_seq,struct kni_pme_info* pmeinfo)
{
int string_scan_num=0;
int found_pos;
struct Maat_rule_t maat_result[KNI_MAX_SAMENUM];
=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_pktbin,CHARSET_GBK,data,datalen,maat_result,&found_pos,KNI_MAX_SAMENUM,&(pmeinfo->mid),thread_seq);
kni_process_maatresult(string_scan_num,maat_result,pmeinfo);
return string_scan_num;
}
*/
int kni_scan_pktbin(char* data,int datalen,int thread_seq,struct kni_pme_info* pmeinfo)
{
int string_scan_num=0;
int found_pos;
string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_pktbin,
CHARSET_GBK,data,datalen,&(pmeinfo->maat_result[pmeinfo->maat_result_num]),
&found_pos,KNI_MAX_SAMENUM-pmeinfo->maat_result_num,&(pmeinfo->mid),thread_seq);
kni_process_maatresult(string_scan_num,&(pmeinfo->maat_result[pmeinfo->maat_result_num]),pmeinfo);
if(string_scan_num >=0)
{
pmeinfo->maat_result_num +=string_scan_num;
}
return string_scan_num;
}
/***************************************************************************************
return :action
default:ipscan_num =0 or =1,not >1
***************************************************************************************/
int kni_scan_ip(struct ipaddr* addr,int thread_seq,int protocol,struct kni_pme_info* pmeinfo)
{
int ipscan_num = 0;
ipscan_num = Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ip,addr,protocol,&(pmeinfo->maat_result[pmeinfo->maat_result_num]),KNI_MAX_SAMENUM-pmeinfo->maat_result_num,&(pmeinfo->mid),thread_seq);
kni_process_maatresult(ipscan_num,&(pmeinfo->maat_result[pmeinfo->maat_result_num]),pmeinfo);
if(ipscan_num >=0)
{
pmeinfo->maat_result_num +=ipscan_num;
}
//20181030add ,ipscan_action is monitor,use this keyringid;ipscan_action is replace,udp data not ipscan and pktscan
pmeinfo->ipsscan_action = pmeinfo->action;
//end
return ipscan_num;
}
void kni_free_htable(void* htable_data)
{
struct kni_htable_datainfo* datainfo = (struct kni_htable_datainfo*)htable_data;
if(datainfo != NULL)
{
free(datainfo);
datainfo = NULL;
}
return;
}
int kni_htable_del(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,const void* a_packet)
{
int ret = 0;
if((pstream->addr.addrtype == ADDR_TYPE_IPV4))
{
ret = MESA_htable_del(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&(pmeinfo->ipv4_addr),sizeof(struct stream_tuple4_v4),kni_free_htable);
if(ret < 0)
{
kni_log_debug(RLOG_LV_FATAL,(char*)"MESA_htable_del",a_packet,"IPv4 MESA_htable_del() error,ret:%d",ret);
return -1;
}
else
{
kni_filestate2_set(pstream->threadnum,FS_HTABLE_DEL,0,1);
}
}
else
{
ret = MESA_htable_del(g_kni_structinfo.htable_to_tun_v6,(unsigned char*)&(pmeinfo->ipv6_addr),sizeof(struct stream_tuple4_v6),kni_free_htable);
if(ret < 0)
{
kni_log_debug(RLOG_LV_FATAL,(char*)"MESA_htable_del",a_packet,"IPv6 MESA_htable_del() error,ret:%d",ret);
return -1;
}
else
{
kni_filestate2_set(pstream->threadnum,FS_HTABLE_DEL,0,1);
}
}
return 0;
}
int kni_htable_add(const struct streaminfo* pstream,const void* a_packet,struct kni_pme_info* pmeinfo)
{
int ret = 0;
int iprevers=0;
struct layer_addr_mac* mac_addr=(struct layer_addr_mac*)((char*)a_packet-KNI_ETHER_LEN);
struct kni_htable_datainfo* datainfo=ALLOC(struct kni_htable_datainfo, 1);
//send pkt info by self
if(iprevers==0)
{
datainfo->route_dir=pstream->routedir;
memcpy(datainfo->smac, mac_addr->src_mac, sizeof(datainfo->smac));
memcpy(datainfo->dmac, mac_addr->dst_mac, sizeof(datainfo->dmac));
}
else
{
if(g_kni_switch_info.sendpkt_mode == 1)
{
datainfo->route_dir=1-pstream->routedir;
}
else
{
datainfo->route_dir=MESA_dir_reverse(pstream->routedir);
}
memcpy(datainfo->smac, mac_addr->dst_mac, sizeof(datainfo->smac));
memcpy(datainfo->dmac, mac_addr->src_mac, sizeof(datainfo->dmac));
}
//send wnd_pro_reply info
memcpy(&(datainfo->lastpkt_info), &(pmeinfo->lastpkt_info), sizeof(datainfo->lastpkt_info));
if(pstream->addr.addrtype == ADDR_TYPE_IPV4)
{
iprevers=kni_get_ipaddr_v4((void*)a_packet,&(pmeinfo->ipv4_addr));
ret = MESA_htable_add(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&(pmeinfo->ipv4_addr),sizeof(struct stream_tuple4_v4),(void*)datainfo);
if(ret == MESA_HTABLE_RET_DUP_ITEM)
{
kni_log_debug(RLOG_LV_FATAL, "kni_htable_add dup",a_packet,"-5");
free(datainfo);
datainfo=NULL;
return -1;
}
else if(ret < 0)
{
kni_log_debug(RLOG_LV_FATAL, "kni_htable_add",a_packet,"IPv4 MESA_htable_add() error,ret:%d",ret);
free(datainfo);
datainfo=NULL;
return -1;
}
else
{
kni_filestate2_set(pstream->threadnum,FS_HTABLE_ADD,0,1);
}
}
else
{
iprevers=kni_get_ipaddr_v6((void*)a_packet,&(pmeinfo->ipv6_addr));
ret = MESA_htable_add(g_kni_structinfo.htable_to_tun_v6,(unsigned char*)&(pmeinfo->ipv6_addr),sizeof(struct stream_tuple4_v6),(void*)datainfo);
if(ret < 0)
{
kni_log_debug(RLOG_LV_FATAL,(char*)"kni_htable_add",a_packet,"IPv6 MESA_htable_add() error,ret:%d",ret);
free(datainfo);
datainfo=NULL;
return -1;
}
else
{
kni_filestate2_set(pstream->threadnum,FS_HTABLE_ADD,0,1);
}
}
return 0;
}
/*
int kni_htable_add(const struct streaminfo* pstream,const void* a_packet,struct kni_pme_info* pmeinfo)
{
int ret = 0;
int iprevers=0;
struct stream_tuple4_v4 ipv4_addr;
struct stream_tuple4_v6 ipv6_addr;
struct layer_addr_mac* mac_addr=(struct layer_addr_mac*)((char*)a_packet-KNI_ETHER_LEN);
struct kni_htable_datainfo* datainfo=(struct kni_htable_datainfo*)malloc(sizeof(struct kni_htable_datainfo));
memset(datainfo,0,sizeof(struct kni_htable_datainfo));
//send pkt info by self
if(iprevers==0)
{
datainfo->route_dir=pstream->routedir;
memcpy(datainfo->smac,mac_addr->src_mac,MAC_ADDR_LEN);
memcpy(datainfo->dmac,mac_addr->dst_mac,MAC_ADDR_LEN);
}
else
{
if(g_kni_switch_info.sendpkt_mode == 1)
{
datainfo->route_dir=1-pstream->routedir;
}
else
{
datainfo->route_dir=MESA_dir_reverse(pstream->routedir);
}
memcpy(datainfo->smac,mac_addr->dst_mac,MAC_ADDR_LEN);
memcpy(datainfo->dmac,mac_addr->src_mac,MAC_ADDR_LEN);
}
//send wnd_pro_reply info
// memcpy(&(datainfo->tcpopt_info),&(pmeinfo->tcpopt_info),KNI_DIR_DOUBLE*sizeof(struct kni_tcpopt_info));
memcpy(&(datainfo->lastpkt_info),&(pmeinfo->lastpkt_info),KNI_DIR_DOUBLE*sizeof(struct kni_wndpro_reply_info));
if(pstream->addr.addrtype == ADDR_TYPE_IPV4)
{
iprevers=kni_get_ipaddr_v4((void*)a_packet,&ipv4_addr);
ret = MESA_htable_add(g_kni_structinfo.htable_to_tun_v4,(unsigned char*)&ipv4_addr,sizeof(struct stream_tuple4_v4),(void*)datainfo);
if(ret < 0)
{
kni_log_debug(RLOG_LV_FATAL,(char*)"kni_htable_add",a_packet,"IPv4 MESA_htable_add() error,ret:%d",ret);
return -1;
}
}
else
{
iprevers=kni_get_ipaddr_v6((void*)a_packet,&ipv6_addr);
ret = MESA_htable_add(g_kni_structinfo.htable_to_tun_v6,(unsigned char*)&ipv6_addr,sizeof(struct stream_tuple4_v6),(void*)datainfo);
if(ret < 0)
{
kni_log_debug(RLOG_LV_FATAL,(char*)"kni_htable_add",a_packet,"IPv6 MESA_htable_add() error,ret:%d",ret);
return -1;
}
}
return 0;
}
*/
/***************************************************************************************
return :state_flag
ssl:STAT_FLAG_SSL_NOBMD
not ssl:STAT_FLAG_NOTSSL
***************************************************************************************/
int kni_judge_ssl(int thread_seq,char* tcp_data,int tcp_datalen,char* sni,int* sni_len,int* clienthello_flag,int* sni_flag)
{
int ssl_header_len=0;
char* ssl_header=NULL;
unsigned char content_type=0;
unsigned short version_in_header=0;
unsigned short len_in_header=0;
int ssl_body_len=0;
char* ssl_body=NULL;
unsigned char handshark_type=0;
unsigned int len_in_body=0;
unsigned short version_in_body=0;
unsigned char session_id_len=0;
unsigned short ciphersuite_len=0;
unsigned char compression_method_len=0;
int ext_offset=0;
char* ssl_extention=NULL;
unsigned short extension_len_less=0;
unsigned short type_in_extension=0;
unsigned short ext_len=0;
// unsigned short sni_list_len=0;
// unsigned char sni_type=0;
//ssl header
ssl_header=tcp_data;
content_type=*(unsigned char*)&ssl_header[ssl_header_len];
if(content_type!=SSL_CONTENTTYPE_HANDSHAKE)
{
return KNI_FLAG_UNKNOW;
}
ssl_header_len+=1;
version_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len]));
if((version_in_header!=SSL_VERSION_TLS1_0)&&(version_in_header!=SSL_VERSION_TLS1_1)&&(version_in_header!=SSL_VERSION_TLS1_2))
{
return KNI_FLAG_UNKNOW;
}
ssl_header_len+=2;
len_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len]));
if(len_in_header!=tcp_datalen-SSL_HEADER_LEN)
{
return KNI_FLAG_UNKNOW;
}
ssl_header_len+=2;
//ssl body
ssl_body=ssl_header+ssl_header_len;
handshark_type=*(unsigned char*)&(ssl_body[ssl_body_len]);
if(handshark_type!=SSL_HANDSHAR_TYPE_CLIENTHELLO)
{
return KNI_FLAG_UNKNOW;
}
ssl_body_len+=1;
*clienthello_flag = 1;
kni_filestate2_set(thread_seq,FS_CLIENT_HELLO,0,1);
// memcpy(&len_in_body,&ssl_body[ssl_body_len],3);
len_in_body=*(unsigned char*)&ssl_body[ssl_body_len+2]+256*(*(unsigned char*)&ssl_body[ssl_body_len+1])+65536*(*(unsigned char*)&ssl_body[ssl_body_len]);
if(len_in_body+SSL_BODY_LEN!=len_in_header)
{
return KNI_FLAG_UNKNOW;
}
ssl_body_len+=3;
version_in_body=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len]));
if((version_in_body!=SSL_VERSION_TLS1_0)&&(version_in_body!=SSL_VERSION_TLS1_1)&&(version_in_body!=SSL_VERSION_TLS1_2))
{
return KNI_FLAG_UNKNOW;
}
ssl_body_len+=2;
ssl_body_len+=32; //4byte time,28bytes random
session_id_len=*(unsigned char*)&(ssl_body[ssl_body_len]);
ssl_body_len+=1;
ssl_body_len+=session_id_len;
ciphersuite_len=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len]));
ssl_body_len+=2;
ssl_body_len+=ciphersuite_len;
compression_method_len=*(unsigned char*)&(ssl_body[ssl_body_len]);
ssl_body_len+=1;
ssl_body_len+=compression_method_len;
//ssl extention
ssl_extention=ssl_body+ssl_body_len;
if(ssl_body - tcp_data + ssl_body_len >= tcp_datalen) return KNI_FLAG_UNKNOW;
extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ext_offset]);
if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2)
{
return KNI_FLAG_UNKNOW;
}
ext_offset+=2;
while(ext_offset<extension_len_less)
{
type_in_extension=ntohs(*(unsigned short*)&ssl_extention[ext_offset]);
ext_offset+=2;
ext_len=ntohs(*(unsigned short*)&ssl_extention[ext_offset]);
ext_offset+=2;
//sni
if(type_in_extension==SSL_EXTENSION_TYPE_SNI)
{
if(ext_len>KNI_SNI_MAXLEN)
{
//error
return KNI_FLAG_UNKNOW;
}
// memcpy(sni,&ssl_extention[ext_offset],ext_len);
// *sni_len=ext_len;
if(ext_len >5)
{
// sni_list_len=ntohs(*(unsigned short*)&ssl_extention[ext_offset]);
ext_offset+=2;
// sni_type = *(unsigned char*)&ssl_extention[ext_offset];
ext_offset+=1;
*sni_len=ntohs(*(unsigned short*)&ssl_extention[ext_offset]);
ext_offset+=2;
if((*sni_len>0)&&(*sni_len == ext_len-5))
{
if(*sni_len>KNI_DEFAULT_MTU)
{
*sni_len=KNI_DEFAULT_MTU;
}
*sni_flag = 1;
kni_filestate2_set(thread_seq,FS_SNI,0,1);
memcpy(sni,&ssl_extention[ext_offset],*sni_len);
return KNI_FLAG_SSL;
}
else
{
return KNI_FLAG_UNKNOW;
}
}
else
{
*sni_flag=0;
*sni_len=0;
sni=NULL;
return KNI_FLAG_UNKNOW;
}
}
else
{
ext_offset+=ext_len;
continue;
}
}
return KNI_FLAG_UNKNOW;
}
int kni_judge_http(const struct streaminfo *stream,char* domain,int* domain_len)
{
int val=1;
struct kni_http_project* host=(struct kni_http_project*)project_req_get_struct(stream,g_kni_comminfo.project_id);
if(host==NULL)
{
*domain_len=0;
return -1;
}
*domain_len=host->host_len>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:host->host_len;
memcpy(domain,host->host,*domain_len);
return val;
}
int kni_protocol_identify(const struct streaminfo* pstream,const void* a_packet,char* tcp_data,int tcp_datalen,char* domain,int* domain_len)
{
int clienthello_flag = 0;
int sni_flag = 0;
if(kni_judge_http(pstream,domain,domain_len)==1)
{
kni_filestate2_set(pstream->threadnum,FS_HTTP,0,1);
return KNI_FLAG_HTTP;
}
else if(kni_judge_ssl(pstream->threadnum,tcp_data,tcp_datalen,domain,domain_len,&clienthello_flag,&sni_flag)==KNI_FLAG_SSL)
{
kni_filestate2_set(pstream->threadnum,FS_SSL,0,1);
return KNI_FLAG_SSL;
}
else if((clienthello_flag == 1)&&(sni_flag == 0))
{
kni_filestate2_set(pstream->threadnum,FS_SSL,0,1);
kni_log_debug(RLOG_LV_DEBUG,(char*)"SSL_IDENTIFY",(void*)a_packet,(char*)"this ssl has client_hello,but no sni!");
return KNI_FLAG_SSL;
}
return KNI_FLAG_NOTPROC;
}
char kni_process_udppkt(unsigned char routdir,struct kni_pme_info* pmeinfo,int thread_seq,const void* a_packet,const struct streaminfo* pstream)
{
char ret = APP_STATE_FAWPKT|APP_STATE_DROPME;
switch(pmeinfo->action)
{
case KNI_ACTION_RATELIMIT:
ret = kni_process_ratelimit(thread_seq,pstream,a_packet,pmeinfo);
break;
case KNI_ACTION_REPLACE:
ret = kni_process_replace(routdir,thread_seq,pstream,a_packet,pmeinfo);
break;
case KNI_ACTION_HALFHIT:
ret = APP_STATE_GIVEME | APP_STATE_FAWPKT;
default:
break;
}
return ret;
}
char kni_first_tcpdata(const struct streaminfo* pstream,const void* a_packet,struct kni_pme_info* pmeinfo,char* data,int datalen)
{
struct timespec start, end;
long elapse=0;
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
int domain_len=0;
char domain[KNI_DEFAULT_MTU]={0};
if(pstream->dir != DIR_DOUBLE)
{
kni_filestate2_set(pstream->threadnum,FS_NOT_DOUBLE,0,1);
kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),pmeinfo->protocol,domain,(char*)"NOT-DOUBLE",(char*)"BYPASS",pmeinfo);
return ret;
}
pmeinfo->protocol=kni_protocol_identify(pstream,a_packet,data,datalen,domain,&domain_len);
assert(domain_len<(int)sizeof(domain));
if((pmeinfo->protocol==KNI_FLAG_HTTP) ||(pmeinfo->protocol==KNI_FLAG_SSL))
{
if(domain_len != 0)
{
kni_scan_domain(domain,domain_len,pstream->threadnum,pmeinfo);
}
switch(pmeinfo->action)
{
case KNI_ACTION_WHITELIST:
kni_filestate2_set(pstream->threadnum,FS_WHITELIST,0,1);
kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),pmeinfo->protocol,domain,(char*)"WHITE_LIST_DOMAIN",(char*)"BYPASS",pmeinfo);
pmeinfo->protocol=KNI_FLAG_NOTPROC;
return ret;
case KNI_ACTION_RATELIMIT:
kni_filestate2_set(pstream->threadnum,FS_RATELIMIT,0,1);
kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),pstream->type,NULL,(char*)"RATELIMITE",(char*)"RATELIMITE",pmeinfo);
ret = kni_process_ratelimit(pstream->threadnum,pstream,a_packet,pmeinfo);
return ret;
case KNI_ACTION_NONE:
case KNI_ACTION_HALFHIT:
if(g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)
{
kni_filestate2_set(pstream->threadnum,FS_NOT_HIT,0,1);
kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),pmeinfo->protocol,domain,(char*)"NOT_HIT",(char*)"BYPASS",pmeinfo);
pmeinfo->protocol=KNI_FLAG_NOTPROC;
pmeinfo->action = KNI_ACTION_NONE;
return ret;
}
else
{
pmeinfo->action = KNI_ACTION_MONITOR;
}
break;
default:
pmeinfo->action = KNI_ACTION_MONITOR;
break;
}
kni_filestate2_set(pstream->threadnum,FS_INTERCEPT,0,1);
if(kni_htable_add(pstream,a_packet,pmeinfo) < 0)
{
pmeinfo->action = KNI_ACTION_NOTPROC;
kni_filestate2_set(pstream->threadnum,FS_DROP_ADDHTABLE_ERROR,0,1);
return ret;
}
clock_gettime(CLOCK_MONOTONIC, &start);
if(tcp_repair_process(pstream,a_packet,pmeinfo,pmeinfo->protocol)<0)
{
kni_htable_del(pstream,pmeinfo,a_packet);
pmeinfo->action = KNI_ACTION_NOTPROC;
clock_gettime(CLOCK_MONOTONIC, &end);
elapse=(end.tv_sec-start.tv_sec)*1000000+(end.tv_nsec-start.tv_nsec)/1000;
FS_operate(g_kni_fs2_info.handler, g_kni_fs2_info.metric_tcprepair, 0, FS_OP_SET, elapse);
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,"tcp_repair_process","tcp_repair_process() error!");
return ret;
}
else
{
pmeinfo->is_tcp_repaired=1;
}
clock_gettime(CLOCK_MONOTONIC, &end);
elapse=(end.tv_sec-start.tv_sec)*1000000+(end.tv_nsec-start.tv_nsec)/1000;
FS_operate(g_kni_fs2_info.handler, g_kni_fs2_info.metric_tcprepair, 0, FS_OP_SET, elapse);
kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),pmeinfo->protocol,domain,(char*)"INTERCEPT",(char*)"INTERCEPT",pmeinfo);
ret=APP_STATE_DROPPKT|APP_STATE_GIVEME;
}
else
{
kni_filestate2_set(pstream->threadnum,FS_NOT_HTTP_SSL,0,1);
kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),pmeinfo->protocol,NULL,(char*)"NOT_HTTP_SSL",(char*)"BYPASS",pmeinfo);
}
return ret;
}
char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const void* a_packet,int protocol)
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
char* data=NULL;
int datalen=0;
int iplen=0;
int tcphdr_len = 0;
struct ip* ipv4_hdr = NULL;
struct kni_ipv6_hdr* ipv6_hdr = NULL;
struct kni_tcp_hdr* tcphdr=NULL;
data=kni_get_payload(pstream,&datalen);
if(pstream->addr.addrtype==ADDR_TYPE_IPV4)
{
ipv4_hdr = (struct ip*)a_packet;
iplen=ntohs(ipv4_hdr->ip_len);
tcphdr_len = iplen-4*(ipv4_hdr->ip_hl)-datalen;
tcphdr=(struct kni_tcp_hdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));
}
else if(pstream->addr.addrtype==ADDR_TYPE_IPV6)
{
ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
iplen = ntohs(ipv6_hdr->ip6_payload_len) + sizeof(struct kni_ipv6_hdr);
tcphdr_len = ntohs(ipv6_hdr->ip6_payload_len) -datalen;
tcphdr =(struct kni_tcp_hdr*)( (unsigned char*)a_packet + sizeof(struct kni_ipv6_hdr));
}
else
{
kni_filestate2_set(thread_seq,FS_DROP_NOTIPV46_SAPP,0,1);
return ret;
}
kni_filestate2_set(thread_seq,FS_RX_BYTES,0,iplen);
kni_scan_ip((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo);
if(pmeinfo->action==KNI_ACTION_WHITELIST)
{
kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),0,NULL,(char*)"WHITE_LIST_IP",(char*)"BYPASS",pmeinfo);
kni_filestate2_set(thread_seq,FS_WHITELIST,0,1);
return ret;
}
//add kni_action_redirect 20181216 start
else if(redirect_search_htable(pstream->addr.addrtype,pmeinfo,thread_seq,a_packet,protocol) == 1)
{
ret = process_redirect_data(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir);
return ret;
}
else if(pmeinfo->action == KNI_ACTION_REDIRECT)
{
ret = process_redirect_pending(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir);
return ret;
}
//end
pmeinfo->protocol=KNI_FLAG_UNKNOW;
if(protocol == PROTO_TYPE_TCP)
{
kni_get_tcpopt(tcphdr, tcphdr_len,
&(pmeinfo->tcpopt_info[pstream->curdir-1].mss),
&(pmeinfo->tcpopt_info[pstream->curdir-1].wscale_perm), &(pmeinfo->tcpopt_info[pstream->curdir-1].wscale),
&(pmeinfo->tcpopt_info[pstream->curdir-1].sack_perm), &(pmeinfo->tcpopt_info[pstream->curdir-1].timestamps));
kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,datalen);
if(datalen>0)//TODO:get link create mode from sapp
{
ret=kni_first_tcpdata(pstream,a_packet,pmeinfo,data,datalen);
if((pmeinfo->action == KNI_ACTION_MONITOR) && ((pmeinfo->protocol==KNI_FLAG_HTTP) ||(pmeinfo->protocol==KNI_FLAG_SSL)))
{
if(g_kni_switch_info.write_listq_switch == 1)
{
if(pmeinfo->tun_index<0)
{
pmeinfo->tun_index=random()%g_kni_comminfo.tun_threadnum;
}
ret = kni_add_lqueue(ADDR_TYPE_IPV4,thread_seq,(char*)ipv4_hdr,iplen,pstream,pmeinfo->tun_index,pmeinfo);
}
else
{
ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)ipv4_hdr,iplen,(struct streaminfo*)pstream,thread_seq,pmeinfo);
}
}
}
else
{
ret=APP_STATE_FAWPKT|APP_STATE_GIVEME;
}
}
else
{
kni_scan_pktbin((char*)(pstream->pudpdetail->pdata),pstream->pudpdetail->datalen,thread_seq,pmeinfo);
ret = kni_process_udppkt(pstream->routedir,pmeinfo,thread_seq,a_packet,pstream);
}
return ret;
}
char kni_data_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const void* a_packet,int protocol)
{
char ret=APP_STATE_DROPPKT|APP_STATE_GIVEME;
char* data=NULL;
int datalen=0;
int iplen=0;
int tcphdr_len = 0;
struct ip* ipv4_hdr = NULL;
struct kni_ipv6_hdr* ipv6_hdr = NULL;
struct kni_tcp_hdr* tcphdr=NULL;
//add kni_action_redirect 20181216 start
if(pmeinfo->action == KNI_ACTION_REDIRECT)
{
ret = process_redirect_data(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir);
return ret;
}
//end
data=kni_get_payload(pstream,&datalen);
if(pstream->addr.addrtype==ADDR_TYPE_IPV4)
{
ipv4_hdr = (struct ip*)a_packet;
iplen=ntohs(ipv4_hdr->ip_len);
tcphdr_len = iplen-4*(ipv4_hdr->ip_hl)-datalen;
tcphdr=(struct kni_tcp_hdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));
}
else if(pstream->addr.addrtype==ADDR_TYPE_IPV6)
{
ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
iplen = ntohs(ipv6_hdr->ip6_payload_len) + sizeof(struct kni_ipv6_hdr);
tcphdr_len = ntohs(ipv6_hdr->ip6_payload_len) -datalen;
tcphdr = (struct kni_tcp_hdr*)((unsigned char*)a_packet + sizeof(struct kni_ipv6_hdr));
}
else
{
kni_filestate2_set(thread_seq,FS_DROP_NOTIPV46_SAPP,0,1);
return ret;
}
kni_filestate2_set(thread_seq,FS_RX_BYTES,0,iplen);
if(protocol== PROTO_TYPE_TCP)
{
if(pmeinfo->protocol==KNI_FLAG_UNKNOW)
{
if((tcphdr->th_flags&TH_SYN)&&(tcphdr->th_flags&TH_ACK))
{
kni_get_tcpopt(tcphdr, tcphdr_len,
&(pmeinfo->tcpopt_info[pstream->curdir-1].mss),
&(pmeinfo->tcpopt_info[pstream->curdir-1].wscale_perm), &(pmeinfo->tcpopt_info[pstream->curdir-1].wscale),
&(pmeinfo->tcpopt_info[pstream->curdir-1].sack_perm),
&(pmeinfo->tcpopt_info[pstream->curdir-1].timestamps));
}
kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,datalen);
if(datalen>0)
{
ret=kni_first_tcpdata(pstream,a_packet,pmeinfo,data,datalen);
}
else
{
ret=APP_STATE_FAWPKT|APP_STATE_GIVEME;
}
}
if((pmeinfo->action == KNI_ACTION_MONITOR) && ((pmeinfo->protocol==KNI_FLAG_HTTP)||(pmeinfo->protocol==KNI_FLAG_SSL)))
{
if(g_kni_switch_info.write_listq_switch == 1)
{
if(pmeinfo->tun_index<0)
{
pmeinfo->tun_index=random()%g_kni_comminfo.tun_threadnum;
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,"get tun_index","index:%d",pmeinfo->tun_index);
}
ret = kni_add_lqueue(ADDR_TYPE_IPV4,thread_seq,(char*)a_packet,iplen,pstream,pmeinfo->tun_index,pmeinfo);
}
else
{
ret=tun_write_data(g_kni_comminfo.fd_tun[thread_seq],(char*)a_packet,iplen,(struct streaminfo*)pstream,thread_seq,pmeinfo);
}
}
else if(pmeinfo->action == KNI_ACTION_RATELIMIT)
{
ret = kni_process_ratelimit(pstream->threadnum,pstream,(void*)a_packet,pmeinfo);
return ret;
}
}
else
{
if(pmeinfo->ipsscan_action == KNI_ACTION_NONE)
{
kni_scan_ip((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo);
}
if((pmeinfo->ipsscan_action != KNI_ACTION_REPLACE) && (pmeinfo->ipsscan_action != KNI_ACTION_RATELIMIT))
{
kni_scan_pktbin((char*)(pstream->pudpdetail->pdata),pstream->pudpdetail->datalen,thread_seq,pmeinfo);
}
ret = kni_process_udppkt(pstream->routedir,pmeinfo,thread_seq,a_packet,pstream);
}
return ret;
}
char kni_close_opstate(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const void* a_packet,int protocol)
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
//add kni_action_redirect 20181216 start
if(pmeinfo->action == KNI_ACTION_REDIRECT)
{
ret = process_redirect_close(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir);
return ret;
}
//end
if(a_packet != NULL)
{
ret=kni_data_opstate(pstream,pmeinfo,thread_seq,a_packet,protocol);
}
//del htable
if(pmeinfo->action==KNI_ACTION_MONITOR&&pmeinfo->is_tcp_repaired==1)
{
kni_htable_del(pstream,pmeinfo,a_packet);
}
return ret|APP_STATE_DROPME;
}
extern "C" char kni_udp_entry(const struct streaminfo* pstream,void** pme,int thread_seq,const void* a_packet)
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
struct kni_ipv6_hdr* ipv6_hdr = NULL;
struct kni_pme_info *pmeinfo = *(struct kni_pme_info **)pme;
if((g_kni_switch_info.replace_switch == 0) && (g_kni_switch_info.ratelimit_switch == 0))
{
return APP_STATE_FAWPKT|APP_STATE_DROPME;
}
if(pstream->addr.addrtype==ADDR_TYPE_IPV6)
{
ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
if(ipv6_hdr->ip6_nex_hdr != NEXTHDR_UDP)
{
return ret;
}
}
// kni_filestate2_set(thread_seq,FS_UDP,0,1);
switch(pstream->opstate)
{
case OP_STATE_PENDING:
*pme=pmeinfo=kni_pmeinfo_new();
ret=kni_pending_opstate(pstream, pmeinfo, thread_seq, a_packet, PROTO_TYPE_UDP);
break;
case OP_STATE_DATA:
ret=kni_data_opstate(pstream, pmeinfo, thread_seq, a_packet, PROTO_TYPE_UDP);
break;
case OP_STATE_CLOSE:
ret=kni_close_opstate(pstream, pmeinfo, thread_seq, a_packet, PROTO_TYPE_UDP);
break;
default:
break;
}
if((ret&APP_STATE_DROPME)&& pmeinfo!=NULL)
{
kni_free_pmeinfo(pmeinfo);
}
*pme=NULL;
return ret;
}
extern "C" char kni_tcpall_entry(const struct streaminfo* pstream,void** pme,int thread_seq,const void* a_packet)
{
char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;
struct kni_ipv6_hdr* ipv6_hdr = NULL;
struct kni_pme_info *pmeinfo = *(struct kni_pme_info **)pme;
struct timespec start, end;
long elapse=0;
clock_gettime(CLOCK_MONOTONIC, &start);
if(g_kni_comminfo.kni_mode_cur==KNI_MODE_BYPASS)
{
return ret;
}
if(pstream->addr.addrtype==ADDR_TYPE_IPV6)
{
ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
if((a_packet != NULL) && (ipv6_hdr->ip6_nex_hdr != NEXTHDR_TCP))
{
kni_filestate2_set(thread_seq,FS_DROP_IPV6OPT,0,1);
return ret;
}
}
kni_filestate2_set(thread_seq,FS_RX_PKTS,0,1);
switch(pstream->pktstate)
{
case OP_STATE_PENDING:
kni_filestate2_set(thread_seq,FS_PENDING,0,1);
kni_filestate2_set(thread_seq,FS_PMENUM,0,1);
*pme=pmeinfo=kni_pmeinfo_new();
ret=kni_pending_opstate(pstream, pmeinfo, thread_seq, a_packet, PROTO_TYPE_TCP);
break;
case OP_STATE_DATA:
ret=kni_data_opstate(pstream, pmeinfo, thread_seq,a_packet, PROTO_TYPE_TCP);
break;
case OP_STATE_CLOSE:
if(a_packet == NULL)
{
kni_filestate2_set(thread_seq,FS_CLOSE_TIMEOUT,0,1);
}
else
{
kni_filestate2_set(thread_seq,FS_CLOSE_FIN,0,1);
}
ret=kni_close_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,a_packet,PROTO_TYPE_TCP);
break;
default:
break;
}
if((ret&APP_STATE_DROPME)&& pmeinfo!=NULL)
{
kni_filestate2_set(thread_seq,FS_PMENUM,0,-1);
kni_free_pmeinfo(pmeinfo);
*pme=NULL;
if(pstream->pktstate != OP_STATE_CLOSE)
{
kni_filestate2_set(thread_seq,FS_CLOSE_DROPME,0,1);
}
}
clock_gettime(CLOCK_MONOTONIC, &end);
elapse=(end.tv_sec-start.tv_sec)*1000000+(end.tv_nsec-start.tv_nsec)/1000;
FS_operate(g_kni_fs2_info.handler, g_kni_fs2_info.metric_sapp_proc, 0, FS_OP_SET, elapse);
return ret;
}
extern "C" char kni_http_entry(stSessionInfo* session_info, void **pme, int thread_seq,struct streaminfo *a_stream,const void *a_packet)
{
char ret=PROT_STATE_DROPME;
http_infor* http_info = (http_infor*)(session_info->app_info);
if((http_info->http_session_seq != 1) || (session_info->prot_flag != HTTP_HOST))
{
return ret;
}
int host_len=MIN(session_info->buflen, KNI_DEFAULT_MTU);
struct kni_http_project* host_info=ALLOC(struct kni_http_project, 1);
host_info->host_len=host_len;
memcpy(host_info->host,session_info->buf,host_len);
if(project_req_add_struct(a_stream,g_kni_comminfo.project_id,host_info)<0)
{
kni_filestate2_set(thread_seq,FS_PRO_ERROR,0,1);
free(host_info);
host_info=NULL;
}
return ret;
}
extern "C" char kni_ipv4_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct ip* ipv4_hdr)
{
if(ipv4_hdr->ip_p !=IPPROTO_ICMP )
{
return APP_STATE_DROPME;
}
char ret = APP_STATE_GIVEME;
scan_status_t mid = NULL;
struct kni_pme_info pmeinfo;
struct ipaddr addr;
struct tuple4 ipv4_addr;
addr.addrtype = ADDR_TYPE_IPV4;
addr.paddr = (void*)(&ipv4_addr);
memset(&ipv4_addr,0,sizeof(ipv4_addr));
ipv4_addr.daddr = *((unsigned int*)&(ipv4_hdr->ip_dst));
ipv4_addr.saddr = *((unsigned int*)&(ipv4_hdr->ip_src));
memset(&pmeinfo,0,sizeof(pmeinfo));
pmeinfo.mid = mid;
kni_scan_ip(&addr,thread_seq,ipv4_hdr->ip_p,&pmeinfo);
Maat_clean_status(&(pmeinfo.mid));
//add kni_action_redirect 20181216 start
if(pmeinfo.action == KNI_ACTION_REDIRECT)
{
ret = process_redirect_pending(pstream,&pmeinfo,thread_seq,ipv4_hdr,0,routedir);
return ret;
}
else if(redirect_search_htable(ADDR_TYPE_IPV4,&pmeinfo,thread_seq,ipv4_hdr,0) == 1)
{
ret = process_redirect_data(pstream,&pmeinfo,thread_seq,ipv4_hdr,0,routedir);
return ret;
}
//end
return ret;
}
extern "C" char kni_ipv6_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct kni_ipv6_hdr* ipv6_hdr)
{
if((ipv6_hdr->ip6_flags[0] & 0xF0) != 0x60)
{
return -1;
}
char ret = APP_STATE_GIVEME;
scan_status_t mid = NULL;
struct kni_pme_info pmeinfo;
struct ipaddr addr;
struct tuple6 ipv6_addr;
unsigned char next_hdr_type = ipv6_hdr->ip6_nex_hdr;
if(next_hdr_type != IPPROTO_ICMP)
{
return ret;
}
addr.addrtype = ADDR_TYPE_IPV6;
addr.paddr = (void*)(&ipv6_addr);
memset(&ipv6_addr,0,sizeof(ipv6_addr));
memcpy(ipv6_addr.saddr,&(ipv6_hdr->ip6_src),sizeof(ipv6_addr.saddr));
memcpy(ipv6_addr.daddr,&(ipv6_hdr->ip6_dst),sizeof(ipv6_addr.saddr));
memset(&pmeinfo,0,sizeof(pmeinfo));
pmeinfo.mid = mid;
kni_scan_ip(&addr,thread_seq,next_hdr_type,&pmeinfo);
Maat_clean_status(&(pmeinfo.mid));
//add kni_action_redirect 20181216 start
if(pmeinfo.action == KNI_ACTION_REDIRECT)
{
ret = process_redirect_pending(pstream,&pmeinfo,thread_seq,ipv6_hdr,0,routedir);
return ret;
}
else if(redirect_search_htable(ADDR_TYPE_IPV6,&pmeinfo,thread_seq,ipv6_hdr,0) == 1)
{
ret = process_redirect_data(pstream,&pmeinfo,thread_seq,ipv6_hdr,0,routedir);
return ret;
}
//end
return ret;
}
/*
extern "C" char kni_ipv4_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct ip* ipv4_hdr)
{
if((ipv4_hdr->ip_p == IPPROTO_TCP) || (ipv4_hdr->ip_p == IPPROTO_UDP) || ((g_kni_switch_info.replace_switch == 0) && (g_kni_switch_info.ratelimit_switch == 0)))
{
return APP_STATE_DROPME;
}
// kni_filestate2_set(thread_seq,FS_IP,0,1);
char ret = APP_STATE_GIVEME;
scan_status_t mid = NULL;
struct kni_pme_info pmeinfo;
// int payload_len = ntohs(ipv4_hdr->ip_len) - 4*(ipv4_hdr->ip_hl);
// char* payload = (char*)ipv4_hdr + 4*(ipv4_hdr->ip_hl);
struct ipaddr addr;
struct tuple4 ipv4_addr;
addr.addrtype = ADDR_TYPE_IPV4;
addr.paddr = (void*)(&ipv4_addr);
memset(&ipv4_addr,0,sizeof(ipv4_addr));
ipv4_addr.daddr = *((unsigned int*)&(ipv4_hdr->ip_dst));
ipv4_addr.saddr = *((unsigned int*)&(ipv4_hdr->ip_src));
memset(&pmeinfo,0,sizeof(pmeinfo));
pmeinfo.mid = mid;
kni_scan_ip(&addr,thread_seq,ipv4_hdr->ip_p,&pmeinfo);
// kni_scan_pktbin(payload,payload_len,thread_seq,&pmeinfo);
Maat_clean_status(&(pmeinfo.mid));
ret = kni_process_udppkt(routedir,&pmeinfo,thread_seq,ipv4_hdr,pstream);
return ret;
}
extern "C" char kni_ipv6_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct kni_ipv6_hdr* ipv6_hdr)
{
if((ipv6_hdr->ip6_flags[0] & 0xF0) != 0x60)
{
return -1;
}
char ret = APP_STATE_GIVEME;
scan_status_t mid = NULL;
struct kni_pme_info pmeinfo;
struct ipaddr addr;
struct tuple6 ipv6_addr;
unsigned char next_hdr_type = ipv6_hdr->ip6_nex_hdr;
if((next_hdr_type == PROTO_TYPE_TCP) || (next_hdr_type == PROTO_TYPE_UDP))
{
return ret;
}
// kni_filestate2_set(thread_seq,FS_IP,0,1);
addr.addrtype = ADDR_TYPE_IPV6;
addr.paddr = (void*)(&ipv6_addr);
memset(&ipv6_addr,0,sizeof(ipv6_addr));
memcpy(ipv6_addr.saddr,&(ipv6_hdr->ip6_src),sizeof(ipv6_addr.saddr));
memcpy(ipv6_addr.daddr,&(ipv6_hdr->ip6_dst),sizeof(ipv6_addr.saddr));
// ipv6_addr.saddr=ipv6_hdr->ip6_src.s6_addr32;
// ipv6_addr.daddr=ipv6_hdr->ip6_dst.s6_addr32;
memset(&pmeinfo,0,sizeof(pmeinfo));
pmeinfo.mid = mid;
kni_scan_ip(&addr,thread_seq,next_hdr_type,&pmeinfo);
Maat_clean_status(&(pmeinfo.mid));
ret = kni_process_udppkt(routedir,&pmeinfo,thread_seq,ipv6_hdr,pstream);
return ret;
}
*/
void kni_free_project(int thread_seq, void *project_req_value)
{
free(project_req_value);
project_req_value=NULL;
return ;
}
int kni_read_cardname()
{
int offset=0;
char* token=NULL;
char buf[KNI_CONF_MAXLEN]={0};
int routdir=0;
FILE* fp=fopen("./conf/send_raw_pkt.conf","r");
if(fp==NULL)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","fopen ./conf/send_raw_pkt.conf err,errno:%d,%s",errno,strerror(errno));
return -1;
}
while(feof(fp)==0)
{
routdir=0;
memset(buf,0,sizeof(buf));
if((fgets(buf,KNI_CONF_MAXLEN,fp)==NULL))
{
break;
}
if(buf[0]=='#')
{
continue;
}
token=strtok(buf,"\t, ");
offset=1;
while(token!=NULL)
{
switch(offset)
{
case KNI_OFFSET_ROUTDIR:
routdir=atoi(token);
if((routdir!=0)&&(routdir!=1))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","routdir :%d error",routdir);
return -1;
}
break;
case KNI_OFFSET_CARDNAME:
memcpy(g_kni_cardname[routdir],token,strlen(token));
assert(strlen(token)<KNI_CONF_MAXLEN);
break;
default:
break;
}
token=strtok(NULL,"\t, ");
offset++;
}
}
fclose(fp);
fp=NULL;
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"kni_read_cardname","card name:%s,%s",g_kni_cardname[0],g_kni_cardname[1]);
return 0;
}
int init_profile_info()
{
//main.conf
// MESA_load_profile_int_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"thread_num",&(g_kni_comminfo.thread_num),1);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"pcapdevice",g_kni_comminfo.card_in,KNI_CONF_MAXLEN,"cap0");
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"pcapdevice2",g_kni_comminfo.card_out,KNI_CONF_MAXLEN,"cap1");
//kni.conf
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"replay_win_update",&(g_kni_switch_info.replay_win_update),1);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"default_work_mode",&(g_kni_switch_info.maat_default_mode),KNI_DEFAULT_MODE_INTERCEPT);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"ratelimit_switch",&(g_kni_switch_info.ratelimit_switch),1);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"replace_switch",&(g_kni_switch_info.replace_switch),1);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"sendpkt_mode",&(g_kni_switch_info.sendpkt_mode),0);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"write_listqueue_switch",&(g_kni_switch_info.write_listq_switch),0);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"send_fds_mode",&(g_kni_switch_info.send_fds_mode),0);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"domain_path",g_kni_comminfo.domain_path,KNI_CONF_MAXLEN,"/home/server_unixsocket_file");
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"socketopt_mark",&(g_kni_comminfo.mark),101);
return 0;
}
int init_kni_stat_htable()
{
int htable_elem_num = 0;
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"htable_elem_num",&htable_elem_num,KNI_HTABLE_MAXNUM);
MESA_htable_create_args_t hash_frags;
memset(&hash_frags,0,sizeof(hash_frags));
hash_frags.thread_safe=KNI_THREAD_SAFE;
hash_frags.recursive=1;
hash_frags.hash_slot_size=KNI_HTABLE_SIZE;
hash_frags.max_elem_num=htable_elem_num;
hash_frags.eliminate_type=HASH_ELIMINATE_ALGO_FIFO;
hash_frags.expire_time=0;
hash_frags.key_comp=NULL;
hash_frags.key2index=NULL;
hash_frags.data_free=NULL;
hash_frags.data_expire_with_condition=NULL;
g_kni_structinfo.htable_to_tun_v4=MESA_htable_create(&hash_frags,sizeof(MESA_htable_create_args_t));
g_kni_structinfo.htable_to_tun_v6=MESA_htable_create(&hash_frags,sizeof(MESA_htable_create_args_t));
if((g_kni_structinfo.htable_to_tun_v4==NULL)||(g_kni_structinfo.htable_to_tun_v6==NULL))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"MESA_htable_create() error!action:%s",KNI_ACTION_EXIT);
return -1;
}
return 0;
}
int init_kni_runtimelog()
{
// int logger_level;
char logger_filepath[KNI_CONF_MAXLEN]={0};
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"logger_level",&(g_kni_comminfo.logger_level),RLOG_LV_INFO);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_MAIN_MODE,(char*)"logger_filepath",logger_filepath,KNI_CONF_MAXLEN,"./log/kni.log");
g_kni_comminfo.logger=MESA_create_runtime_log_handle(logger_filepath,g_kni_comminfo.logger_level);
if(g_kni_comminfo.logger==NULL)
{
printf("MESA_create_runtime_log_handle() error!exit...\n");
return -1;
}
return 0;
}
int init_kni_dyn_maat_info()
{
int ret = 0;
int maat_readconf_mode=0;
char redis_ip[INET_ADDRSTRLEN]={0};
int redis_db_index=0;
int redis_port_begin=0,redis_port_end=0;
unsigned short redis_port_select=0;
char redis_port_range[KNI_CONF_MAXLEN]={0};
int scandir_interval=KNI_SCANDIR_INTERVAL;
int effect_interval=KNI_EFFECT_INTERVAL;
char table_info_path[KNI_CONF_MAXLEN]={0};
char stat_file_dir[KNI_CONF_MAXLEN]={0};
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_maat_readconf_mode",&maat_readconf_mode,KNI_READCONF_IRIS);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_scandir_interval",&scandir_interval,KNI_SCANDIR_INTERVAL);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_effect_interval",&effect_interval,KNI_EFFECT_INTERVAL);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_redis_db_index",&redis_db_index,0);
// MESA_load_profile_int_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_redis_port",(int*)&redis_port);
MESA_load_profile_string_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_redis_server",redis_ip,INET_ADDRSTRLEN);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_redis_port",redis_port_range,sizeof(redis_port_range),"6379");
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_stat_file_path",stat_file_dir,KNI_CONF_MAXLEN,KNI_DYN_STAT_FILEPATH);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_DYNMAAT_MODE,(char*)"dyn_table_info_path",table_info_path,KNI_CONF_MAXLEN,KNI_TABLEINFO_PATH);
g_kni_maatinfo.ipd_dyn_maat_feather=Maat_feather(g_iThreadNum,table_info_path,g_kni_comminfo.logger);
if(g_kni_maatinfo.ipd_dyn_maat_feather==NULL)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"dyn_Maat_feather() error!table_info_path:%s,action:%s",table_info_path,KNI_ACTION_EXIT);
return -1;
}
if(maat_readconf_mode==KNI_READCONF_JSON)
{
Maat_set_feather_opt(g_kni_maatinfo.ipd_dyn_maat_feather,MAAT_OPT_JSON_FILE_PATH, KNI_MAATJSON_FILEPATH,strlen(KNI_MAATJSON_FILEPATH));
}
else if(maat_readconf_mode==KNI_READCONF_REDIS)
{
ret=sscanf(redis_port_range,"%d-%d", &redis_port_begin, &redis_port_end);
if(ret==1)
{
redis_port_select=(unsigned short)redis_port_begin;
}
else if(ret==2)
{
srand(time(NULL));
redis_port_select=(unsigned short)(redis_port_begin+rand()%(redis_port_end-redis_port_begin));
}
else
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Invalid redis port range %s, MAAT init failed.", redis_port_range);
return -1;
}
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"dynmic_maat_redis select port:%d",redis_port_select);
Maat_set_feather_opt(g_kni_maatinfo.ipd_dyn_maat_feather,MAAT_OPT_REDIS_IP,(void*)redis_ip,strlen(redis_ip)+1);
Maat_set_feather_opt(g_kni_maatinfo.ipd_dyn_maat_feather,MAAT_OPT_REDIS_PORT,(void*)&redis_port_select,sizeof(unsigned short));
Maat_set_feather_opt(g_kni_maatinfo.ipd_dyn_maat_feather,MAAT_OPT_REDIS_INDEX,(void*)&redis_db_index,sizeof(int));
}
Maat_set_feather_opt(g_kni_maatinfo.ipd_dyn_maat_feather,MAAT_OPT_SCANDIR_INTERVAL_MS, (void*)&scandir_interval,sizeof(int));
Maat_set_feather_opt(g_kni_maatinfo.ipd_dyn_maat_feather,MAAT_OPT_EFFECT_INVERVAL_MS, (void*)&effect_interval,sizeof(int));
Maat_set_feather_opt(g_kni_maatinfo.ipd_dyn_maat_feather,MAAT_OPT_STAT_FILE_PATH,stat_file_dir,strlen(stat_file_dir));
ret=Maat_initiate_feather(g_kni_maatinfo.ipd_dyn_maat_feather);
if(ret<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_initiate_feather() error!action:%s",KNI_ACTION_EXIT);
return -1;
}
g_kni_maatinfo.tableid_dynamic_domain=Maat_table_register(g_kni_maatinfo.ipd_dyn_maat_feather,KNI_TABLENAME_DNY_DOMAIN);
if(g_kni_maatinfo.tableid_dynamic_domain<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"dyn_Maat_table_register() error!tableid_dynamic_domain:%d,action:%s",g_kni_maatinfo.tableid_dynamic_domain,KNI_ACTION_EXIT);
return -1;
}
return 0;
}
int init_kni_static_maat_info()
{
int ret = 0;
int maat_readconf_mode=0;
char redis_ip[INET_ADDRSTRLEN]={0};
int redis_db_index=0;
int redis_port_begin=0,redis_port_end=0;
unsigned short redis_port_select=0;
int scandir_interval=KNI_SCANDIR_INTERVAL;
int effect_interval=KNI_EFFECT_INTERVAL;
char table_info_path[KNI_CONF_MAXLEN]={0};
char stat_file_dir[KNI_CONF_MAXLEN]={0};
char full_cfg_dir[KNI_CONF_MAXLEN]={0};
char inc_cfg_dir[KNI_CONF_MAXLEN]={0};
char redis_port_range[KNI_CONF_MAXLEN]={0};
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"maat_readconf_mode",&maat_readconf_mode,KNI_READCONF_IRIS);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"scandir_interval",&scandir_interval,KNI_SCANDIR_INTERVAL);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"effect_interval",&effect_interval,KNI_EFFECT_INTERVAL);
MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"redis_db_index",&redis_db_index,0);
// MESA_load_profile_int_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"redis_port",(int*)&redis_port);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"redis_port",redis_port_range,sizeof(redis_port_range),"6379");
MESA_load_profile_string_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"redis_server",redis_ip,INET_ADDRSTRLEN);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"table_info_path",table_info_path,KNI_CONF_MAXLEN,KNI_TABLEINFO_PATH);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"inc_cfg_dir",inc_cfg_dir,KNI_CONF_MAXLEN,KNI_INCCFG_FILEPATH);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"stat_file_path",stat_file_dir,KNI_CONF_MAXLEN,KNI_STAT_FILEPATH);
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_STATIC_MAAT_MODE,(char*)"full_cfg_dir",full_cfg_dir,KNI_CONF_MAXLEN,KNI_FULLCFG_FILEPATH);
g_kni_maatinfo.maat_feather=Maat_feather(g_iThreadNum,table_info_path,g_kni_comminfo.logger);
if(g_kni_maatinfo.maat_feather==NULL)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_feather() error!table_info_path:%s,action:%s",table_info_path,KNI_ACTION_EXIT);
return -1;
}
if(maat_readconf_mode==KNI_READCONF_JSON)
{
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_JSON_FILE_PATH, KNI_MAATJSON_FILEPATH,strlen(KNI_MAATJSON_FILEPATH));
}
else if(maat_readconf_mode==KNI_READCONF_IRIS)
{
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_FULL_CFG_DIR,full_cfg_dir,strlen(full_cfg_dir));
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_INC_CFG_DIR,inc_cfg_dir,strlen(inc_cfg_dir));
}
else if(maat_readconf_mode==KNI_READCONF_REDIS)
{
ret=sscanf(redis_port_range,"%d-%d", &redis_port_begin, &redis_port_end);
if(ret==1)
{
redis_port_select=(unsigned short)redis_port_begin;
}
else if(ret==2)
{
srand(time(NULL));
redis_port_select=(unsigned short)(redis_port_begin+rand()%(redis_port_end-redis_port_begin));
}
else
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Invalid redis port range %s, MAAT init failed.", redis_port_range);
return -1;
}
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"static_maat_redis select port:%d",redis_port_select);
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_IP,(void*)redis_ip,strlen(redis_ip)+1);
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_PORT,(void*)&redis_port_select,sizeof(unsigned short));
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_INDEX,(void*)&redis_db_index,sizeof(int));
}
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_SCANDIR_INTERVAL_MS, (void*)&scandir_interval,sizeof(int));
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_EFFECT_INVERVAL_MS, (void*)&effect_interval,sizeof(int));
Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_STAT_FILE_PATH,stat_file_dir,strlen(stat_file_dir));
ret=Maat_initiate_feather(g_kni_maatinfo.maat_feather);
if(ret<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_initiate_feather() error!action:%s",KNI_ACTION_EXIT);
return -1;
}
g_kni_maatinfo.tableid_ip=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_IP);
g_kni_maatinfo.tableid_domain=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_DOMAIN);
g_kni_maatinfo.tableid_pktbin=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_PKTBIN);
g_kni_maatinfo.tableid_spoofing_ip=Maat_table_register(g_kni_maatinfo.maat_feather,KNI_TABLENAME_SPOOFING_IP);
if((g_kni_maatinfo.tableid_ip<0)||(g_kni_maatinfo.tableid_domain<0)||(g_kni_maatinfo.tableid_pktbin<0)||(g_kni_maatinfo.tableid_spoofing_ip<0))
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_table_register() error!ip_tableid:%d,sni_tableid:%d,action:%s",g_kni_maatinfo.tableid_ip,g_kni_maatinfo.tableid_domain,KNI_ACTION_EXIT);
return -1;
}
ret=Maat_plugin_EX_register(g_kni_maatinfo.maat_feather, g_kni_maatinfo.tableid_spoofing_ip,
plugin_EX_new_cb,
plugin_EX_free_cb,
plugin_EX_dup_cb,
NULL,
0,NULL);
if(ret < 0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"Maat_plugin_EX_register() error!");
return -1;
}
return 0;
}
int init_kni_project()
{
g_kni_comminfo.project_id=project_producer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT,kni_free_project);
if(g_kni_comminfo.project_id<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_producer_register() error!project_id:%d",g_kni_comminfo.project_id);
return -1;
}
g_kni_comminfo.project_id=project_customer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT);
if(g_kni_comminfo.project_id<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_customer_register() error!project_id:%d",g_kni_comminfo.project_id);
return -1;
}
return 0;
}
int init_kni_tunprocess()
{
int i=0;
pthread_t pid_read_tun;
for(i=0;i<g_kni_comminfo.tun_threadnum;i++)
{
g_kni_threadseq[i]=i;
pthread_create(&pid_read_tun,NULL,pthread_process_tun,&(g_kni_threadseq[i]));
}
return 0;
}
int init_kni_sendpkt()
{
int i=0;
kni_read_cardname();
g_kni_comminfo.fd_sendpkt= ALLOC(int, g_kni_comminfo.thread_num);
for(i=0;i<g_kni_comminfo.thread_num;i++)
{
// g_kni_comminfo.ipv4_fd[i]=socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
g_kni_comminfo.fd_sendpkt[i]=socket(AF_PACKET,SOCK_RAW,htons(ETH_P_IP));
if(g_kni_comminfo.fd_sendpkt[i]<0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"ipv4_raw_socket error,i:%d,action:%s",i,KNI_ACTION_EXIT);
return -1;
}
}
return 0;
}
int init_kni_lqueue()
{
int i=0;
g_kni_structinfo.lqueue_send_fds=MESA_lqueue_create(KNI_THREAD_SAFE,KNI_LQUEUE_MAXNUM);
if(g_kni_structinfo.lqueue_send_fds==NULL)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"MESA_lqueue_create() error for lqueue_send_fds,action:%s",KNI_ACTION_EXIT);
return -1;
}
for(i=0;i<g_kni_comminfo.tun_threadnum;i++)
{
g_kni_structinfo.lqueue_write_tun[i] = MESA_lqueue_create(KNI_THREAD_SAFE,KNI_LQUEUE_MAXNUM);
if(g_kni_structinfo.lqueue_write_tun[i] == NULL)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"MESA_lqueue_create() error for lqueue_write_tun,thread_num:%d,action:%s",i,KNI_ACTION_EXIT);
return -1;
}
}
return 0;
}
extern "C" char kni_init()
{
pthread_t pid_kni_filestat2;
g_kni_comminfo.tun_threadnum = g_iThreadNum;
init_profile_info();
if(init_kni_runtimelog() < 0)
{
return -1;
}
if(init_kni_project() < 0)
{
return -1;
}
if(init_kni_static_maat_info() < 0)
{
return -1;
}
if(init_kni_dyn_maat_info() < 0)
{
return -1;
}
if(init_kni_stat_htable() < 0)
{
return -1;
}
if(init_kni_lqueue() < 0)
{
return -1;
}
kni_init_redirect_htable();
if(init_kni_tun() < 0)
{
return -1;
}
init_kni_unixdomain();
pthread_create(&pid_kni_filestat2,NULL,kni_filestat2,NULL);
if(init_kni_sendpkt() < 0)
{
return -1;
}
init_kni_tunprocess();
kni_sendlog_init();
if(g_kni_switch_info.maat_default_mode==0)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"default work module is intercept");
}
else if(g_kni_switch_info.maat_default_mode==1)
{
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"default work module is bypass");
}
MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"kni init succ!");
return 0;
}
Reference in New Issue View Git Blame Copy Permalink