From 4142c18ddfa24cb6be0eaa3535e264d4476f367a Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Tue, 20 Dec 2022 14:49:53 +0800 Subject: [PATCH] =?UTF-8?q?Decrypted=20Traffic=20Steering=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0enable=5Fsteering=5Fhttp=E5=92=8Cenable=5Fsteering=5Fs?= =?UTF-8?q?sl=E5=BC=80=E5=85=B3=EF=BC=8C=E6=94=AF=E6=8C=81=E6=8C=89?= =?UTF-8?q?=E7=85=A7=E5=8D=8F=E8=AE=AE=E7=B1=BB=E5=9E=8B=E5=9B=9E=E6=B5=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/tfe/tfe.conf | 3 ++- platform/include/internal/proxy.h | 3 ++- platform/src/acceptor_kni_v3.cpp | 19 ++++++++++++------- platform/src/proxy.cpp | 3 ++- platform/src/tcp_stream.cpp | 25 +++++++++++++++++++------ 5 files changed, 37 insertions(+), 16 deletions(-) diff --git a/conf/tfe/tfe.conf b/conf/tfe/tfe.conf index c09226e..53b5b27 100644 --- a/conf/tfe/tfe.conf +++ b/conf/tfe/tfe.conf @@ -168,7 +168,8 @@ table_info=resource/pangu/table_info_traffic_mirror.conf stat_file=log/traffic_mirror.status [traffic_steering] -enable=1 +enable_steering_http=1 +enable_steering_ssl=1 # 17: 0x11 so_mask_client=17 # 34: 0x22 diff --git a/platform/include/internal/proxy.h b/platform/include/internal/proxy.h index aeecee5..dd328e9 100644 --- a/platform/include/internal/proxy.h +++ b/platform/include/internal/proxy.h @@ -63,7 +63,8 @@ struct tfe_proxy_tcp_options struct tfe_traffic_steering_options { - int enable; + int enable_steering_http; + int enable_steering_ssl; int so_mask_client; int so_mask_server; char device_client[IFNAMSIZ]; diff --git a/platform/src/acceptor_kni_v3.cpp b/platform/src/acceptor_kni_v3.cpp index 3915f67..ced9511 100644 --- a/platform/src/acceptor_kni_v3.cpp +++ b/platform/src/acceptor_kni_v3.cpp @@ -401,6 +401,8 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s struct tfe_cmsg *cmsg = NULL; struct pkt_info pktinfo; struct tcp_restore_info restore_info; + uint8_t stream_protocol_in_char = 0; + uint16_t size = 0; struct acceptor_kni_v3 *__ctx = (struct acceptor_kni_v3 *)data; clock_gettime(CLOCK_MONOTONIC, &(__ctx->start)); memset(&pktinfo, 0, sizeof(pktinfo)); @@ -523,7 +525,16 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s goto end; } - if (__ctx->proxy->traffic_steering_options.enable && steering_device_is_available()) + if (tfe_cmsg_deserialize((const unsigned char *)restore_info.cmsg, restore_info.cmsg_len, &cmsg) < 0) + { + TFE_LOG_ERROR(g_default_logger, "Failed at tfe_cmsg_deserialize()"); + goto end; + } + + tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size); + if (steering_device_is_available() && ( + (STREAM_PROTO_PLAIN == (enum tfe_stream_proto)stream_protocol_in_char && __ctx->proxy->traffic_steering_options.enable_steering_http) || + (STREAM_PROTO_SSL == (enum tfe_stream_proto)stream_protocol_in_char && __ctx->proxy->traffic_steering_options.enable_steering_ssl))) { if (fake_tcp_handshake(__ctx->proxy, &restore_info) == -1) { @@ -546,12 +557,6 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s } } - if (tfe_cmsg_deserialize((const unsigned char *)restore_info.cmsg, restore_info.cmsg_len, &cmsg) < 0) - { - TFE_LOG_ERROR(g_default_logger, "Failed at tfe_cmsg_deserialize()"); - goto end; - } - if (tfe_proxy_fds_accept(__ctx->proxy, fd_downstream, fd_upstream, fd_fake_c, fd_fake_s, cmsg) < 0) { TFE_LOG_ERROR(g_default_logger, "Failed at tfe_proxy_fds_accept()"); diff --git a/platform/src/proxy.cpp b/platform/src/proxy.cpp index 31fcf97..f1fb865 100644 --- a/platform/src/proxy.cpp +++ b/platform/src/proxy.cpp @@ -431,7 +431,8 @@ int tfe_proxy_config(struct tfe_proxy * proxy, const char * profile) MESA_load_profile_int_def(profile, "tcp", "tcp_ttl_upstream", &proxy->tcp_options.tcp_ttl_upstream, -1); MESA_load_profile_int_def(profile, "tcp", "tcp_ttl_downstream", &proxy->tcp_options.tcp_ttl_downstream, -1); - MESA_load_profile_int_def(profile, "traffic_steering", "enable", &proxy->traffic_steering_options.enable, 0); + MESA_load_profile_int_def(profile, "traffic_steering", "enable_steering_http", &proxy->traffic_steering_options.enable_steering_http, 0); + MESA_load_profile_int_def(profile, "traffic_steering", "enable_steering_ssl", &proxy->traffic_steering_options.enable_steering_ssl, 0); MESA_load_profile_int_def(profile, "traffic_steering", "so_mask_client", &proxy->traffic_steering_options.so_mask_client, 0x11); MESA_load_profile_int_def(profile, "traffic_steering", "so_mask_server", &proxy->traffic_steering_options.so_mask_server, 0x22); MESA_load_profile_string_def(profile, "traffic_steering", "device_client", proxy->traffic_steering_options.device_client, sizeof(proxy->traffic_steering_options.device_client), "eth_client"); diff --git a/platform/src/tcp_stream.cpp b/platform/src/tcp_stream.cpp index 7b63a13..16bbfcb 100644 --- a/platform/src/tcp_stream.cpp +++ b/platform/src/tcp_stream.cpp @@ -589,7 +589,9 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg) struct evbuffer * inbuf = NULL; struct evbuffer * outbuf = NULL; - if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available()) + if (steering_device_is_available() && ( + (STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) || + (STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl))) { if (bev == _stream->conn_downstream->bev) { @@ -774,7 +776,9 @@ static void __stream_bev_writecb(struct bufferevent * bev, void * arg) struct tfe_conn_private ** ref_peer_conn{}; struct ssl_stream ** ref_this_ssl_stream{}; - if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available()) + if (steering_device_is_available() && ( + (STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) || + (STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl))) { // TODO 增加计数 TFE_LOG_DEBUG(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s run writecb", bev == _stream->conn_downstream->bev ? "conn_downstream" : "conn_upstream"); @@ -837,7 +841,9 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void * enum tfe_conn_dir peer_conn_dir{}; size_t rx_offset = 0; - if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available()) + if (steering_device_is_available() && ( + (STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) || + (STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl))) { // TODO 增加计数 TFE_LOG_DEBUG(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s run eventcb", bev == _stream->conn_downstream->bev ? "conn_downstream" : "conn_upstream"); @@ -1252,7 +1258,9 @@ void ssl_downstream_create_on_success(future_result_t * result, void * user) __conn_private_enable(_stream->conn_downstream); __conn_private_enable(_stream->conn_upstream); - if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available()) + if (steering_device_is_available() && ( + (STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) || + (STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl))) { __conn_private_enable(_stream->conn_fake_c); __conn_private_enable(_stream->conn_fake_s); @@ -1756,7 +1764,10 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst __stream_fd_option_setup(_stream, fd_downstream, CONN_DIR_DOWNSTREAM); __stream_fd_option_setup(_stream, fd_upstream, CONN_DIR_UPSTREAM); - if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available()) + if (steering_device_is_available() && ( + (STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) || + (STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl) + )) { __stream_fd_option_setup(_stream, fd_fake_s, CONN_DIR_DOWNSTREAM); __stream_fd_option_setup(_stream, fd_fake_c, CONN_DIR_UPSTREAM); @@ -1813,7 +1824,9 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst __conn_private_enable(_stream->conn_downstream); __conn_private_enable(_stream->conn_upstream); - if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available()) + if (steering_device_is_available() && ( + (STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) || + (STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl))) { __conn_private_enable(_stream->conn_fake_s); __conn_private_enable(_stream->conn_fake_c);