eb5dd08323
* 将在pending状态下判断报文是否存在在redirect表中的逻辑提前,因修改后的SYN-ACK会单独成为一个流,再次触发pending状态。 * 修正读入控制域时内存越界的问题; * 增加拦截协议识别过滤单项流的流程,如需要拦截的流量为单项流,则不执行拦截流程直接转发。
57 lines
1.6 KiB
C
57 lines
1.6 KiB
C
#ifndef KNI_REDIRECT_H
|
|
#define KNI_REDIRECT_H
|
|
|
|
#ifndef IPV6_ADDR_LEN
|
|
#define IPV6_ADDR_LEN (sizeof(struct in6_addr))
|
|
#endif
|
|
|
|
|
|
|
|
#define REDIRECT_SERDEF_LEN 16
|
|
|
|
|
|
#define REDIRECT_SNAT_TYPE 1
|
|
#define REDIRECT_DNAT_TYPE 2
|
|
#define REDIRECT_SNAT_REPLAY 3
|
|
#define REDIRECT_DNAT_REPLAY 4
|
|
|
|
//maat plugin ex data
|
|
struct redirect_plugin_ex_data
|
|
{
|
|
int addr_type;
|
|
char spoofing_ip[INET6_ADDRSTRLEN];
|
|
};
|
|
|
|
|
|
//redirect htable data
|
|
struct redirect_htable_data
|
|
{
|
|
int nat_type;
|
|
int addr_type;
|
|
unsigned int ipv4;
|
|
char ipv6[IPV6_ADDR_LEN];
|
|
};
|
|
|
|
|
|
struct redirect_serdef_info
|
|
{
|
|
char ip_pool[REDIRECT_SERDEF_LEN];
|
|
char nat_type[REDIRECT_SERDEF_LEN];
|
|
};
|
|
|
|
int redirect_search_htable(unsigned char addr_type,struct kni_pme_info* pmeinfo,int thread_seq,const void* a_packet,int protocol);
|
|
|
|
char process_redirect_pending(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const void* a_packet,int protocol,unsigned char dir);
|
|
char process_redirect_data(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const void* a_packet,int protocol,unsigned char dir);
|
|
char process_redirect_close(const struct streaminfo* pstream,struct kni_pme_info* pmeinfo,int thread_seq,const void* a_packet,int protocol,unsigned char dir);
|
|
|
|
void plugin_EX_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
|
|
void plugin_EX_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
|
|
void plugin_EX_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp);
|
|
|
|
int kni_init_redirect_htable();
|
|
|
|
|
|
#endif
|
|
|