gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TCP handshake for decrypted traffic disables IP fragmentation

Browse Source
This commit is contained in:
luwenpeng
2023-11-07 17:56:39 +08:00
parent cc1a6f7a87
commit 2b00650d3e
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/src/packet_construct.cpp
View File

@@ -218,7 +218,7 @@ int ipv4_header_construct(char *buffer, uint16_t carry_layer_len, struct in_addr
ip_hdr->tos = tos; ip_hdr->tos = tos;
ip_hdr->tot_len = htons(sizeof(struct iphdr) + carry_layer_len); ip_hdr->tot_len = htons(sizeof(struct iphdr) + carry_layer_len);
ip_hdr->id = htons(id); ip_hdr->id = htons(id);
ip_hdr->frag_off = 0; ip_hdr->frag_off = htons(frag);
ip_hdr->ttl = ttl; ip_hdr->ttl = ttl;
ip_hdr->protocol = protocol; ip_hdr->protocol = protocol;
ip_hdr->check = 0; ip_hdr->check = 0;
@@ -334,7 +334,7 @@ int tcp_packet_v4_construct(
// IPv4 Header // IPv4 Header
u_char protocol = IPPROTO_TCP; u_char protocol = IPPROTO_TCP;
uint16_t frag = 0; uint16_t frag = IP_DF;
length += ipv4_header_construct(buffer + length, sizeof(struct tcphdr) + tcp_options_len + payload_len, src_addr, dst_addr, tos, id, frag, ttl, protocol); length += ipv4_header_construct(buffer + length, sizeof(struct tcphdr) + tcp_options_len + payload_len, src_addr, dst_addr, tos, id, frag, ttl, protocol);
// TCP header and payload // TCP header and payload

10
common/src/tfe_packet_io.cpp
View File

@@ -2001,6 +2001,14 @@ void handle_decryption_packet_from_tap(const char *data, int len, void *args)
struct session_node *node = session_table_search_by_addr(thread->session_table, &inner_addr); struct session_node *node = session_table_search_by_addr(thread->session_table, &inner_addr);
if (node == NULL) { if (node == NULL) {
if (thread->ref_acceptor_ctx->debug)
{
char *str = addr_tuple4_to_str(&inner_addr);
uint16_t ipid = raw_packet_parser_get_most_inner_ipid(&raw_parser);
TFE_LOG_ERROR(logger, "decypted packet from tap %s (ipid: %u) miss session table", str, ipid);
free(str);
}
throughput_metrics_inc(&packet_io_fs->decrypt_rxdrop, 1, len); throughput_metrics_inc(&packet_io_fs->decrypt_rxdrop, 1, len);
return; return;
} }
@@ -2082,7 +2090,7 @@ void handle_raw_packet_from_tap(const char *data, int len, void *args)
{ {
char *str = addr_tuple4_to_str(&inner_addr); char *str = addr_tuple4_to_str(&inner_addr);
uint16_t ipid = raw_packet_parser_get_most_inner_ipid(&raw_parser); uint16_t ipid = raw_packet_parser_get_most_inner_ipid(&raw_parser);
TFE_LOG_ERROR(logger, "packet from tap %s (ipid: %u) miss session table", str, ipid); TFE_LOG_ERROR(logger, "raw packet from tap %s (ipid: %u) miss session table", str, ipid);
free(str); free(str);
} }