Decrypted Traffic Steering增加enable_steering_http和enable_steering_ssl开关，支持按照协议类型回流

conf/tfe/tfe.conf

@@ -168,7 +168,8 @@ table_info=resource/pangu/table_info_traffic_mirror.conf
 stat_file=log/traffic_mirror.status
 
 [traffic_steering]
-enable=1
+enable_steering_http=1
+enable_steering_ssl=1
 # 17: 0x11
 so_mask_client=17
 # 34: 0x22

platform/include/internal/proxy.h

@@ -63,7 +63,8 @@ struct tfe_proxy_tcp_options
 
 struct tfe_traffic_steering_options
 {
-	int enable;
+	int enable_steering_http;
+	int enable_steering_ssl;
 	int so_mask_client;
 	int so_mask_server;
 	char device_client[IFNAMSIZ];

platform/src/acceptor_kni_v3.cpp

@@ -401,6 +401,8 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
 	struct tfe_cmsg *cmsg = NULL;
 	struct pkt_info pktinfo;
 	struct tcp_restore_info restore_info;
+	uint8_t stream_protocol_in_char = 0;
+	uint16_t size = 0;
 	struct acceptor_kni_v3 *__ctx = (struct acceptor_kni_v3 *)data;
 	clock_gettime(CLOCK_MONOTONIC, &(__ctx->start));
 	memset(&pktinfo, 0, sizeof(pktinfo));
@@ -523,7 +525,16 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
 		goto end;
 	}
 
-	if (__ctx->proxy->traffic_steering_options.enable && steering_device_is_available())
+	if (tfe_cmsg_deserialize((const unsigned char *)restore_info.cmsg, restore_info.cmsg_len, &cmsg) < 0)
+	{
+		TFE_LOG_ERROR(g_default_logger, "Failed at tfe_cmsg_deserialize()");
+		goto end;
+	}
+
+	tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size);
+	if (steering_device_is_available() && (
+			(STREAM_PROTO_PLAIN == (enum tfe_stream_proto)stream_protocol_in_char && __ctx->proxy->traffic_steering_options.enable_steering_http) ||
+		 	(STREAM_PROTO_SSL == (enum tfe_stream_proto)stream_protocol_in_char && __ctx->proxy->traffic_steering_options.enable_steering_ssl)))
 	{
 		if (fake_tcp_handshake(__ctx->proxy, &restore_info) == -1)
 		{
@@ -546,12 +557,6 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
 		}
 	}
 
-	if (tfe_cmsg_deserialize((const unsigned char *)restore_info.cmsg, restore_info.cmsg_len, &cmsg) < 0)
-	{
-		TFE_LOG_ERROR(g_default_logger, "Failed at tfe_cmsg_deserialize()");
-		goto end;
-	}
-
 	if (tfe_proxy_fds_accept(__ctx->proxy, fd_downstream, fd_upstream, fd_fake_c, fd_fake_s, cmsg) < 0)
 	{
 		TFE_LOG_ERROR(g_default_logger, "Failed at tfe_proxy_fds_accept()");

platform/src/proxy.cpp

@@ -431,7 +431,8 @@ int tfe_proxy_config(struct tfe_proxy * proxy, const char * profile)
     MESA_load_profile_int_def(profile, "tcp", "tcp_ttl_upstream", &proxy->tcp_options.tcp_ttl_upstream, -1);
     MESA_load_profile_int_def(profile, "tcp", "tcp_ttl_downstream", &proxy->tcp_options.tcp_ttl_downstream, -1);
 
-	MESA_load_profile_int_def(profile, "traffic_steering", "enable", &proxy->traffic_steering_options.enable, 0);
+	MESA_load_profile_int_def(profile, "traffic_steering", "enable_steering_http", &proxy->traffic_steering_options.enable_steering_http, 0);
+	MESA_load_profile_int_def(profile, "traffic_steering", "enable_steering_ssl", &proxy->traffic_steering_options.enable_steering_ssl, 0);
 	MESA_load_profile_int_def(profile, "traffic_steering", "so_mask_client", &proxy->traffic_steering_options.so_mask_client, 0x11);
 	MESA_load_profile_int_def(profile, "traffic_steering", "so_mask_server", &proxy->traffic_steering_options.so_mask_server, 0x22);
 	MESA_load_profile_string_def(profile, "traffic_steering", "device_client", proxy->traffic_steering_options.device_client, sizeof(proxy->traffic_steering_options.device_client), "eth_client");

platform/src/tcp_stream.cpp

@@ -589,7 +589,9 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
 	struct evbuffer * inbuf = NULL;
 	struct evbuffer * outbuf = NULL;
 
-	if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available())
+	if (steering_device_is_available() && (
+		(STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) ||
+		(STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl)))
 	{
 		if (bev == _stream->conn_downstream->bev)
 		{
@@ -774,7 +776,9 @@ static void __stream_bev_writecb(struct bufferevent * bev, void * arg)
 	struct tfe_conn_private ** ref_peer_conn{};
 	struct ssl_stream ** ref_this_ssl_stream{};
 
-	if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available())
+	if (steering_device_is_available() && (
+		(STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) ||
+		(STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl)))
 	{
 		// TODO 增加计数
 		TFE_LOG_DEBUG(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s run writecb",  bev == _stream->conn_downstream->bev ? "conn_downstream" : "conn_upstream");
@@ -837,7 +841,9 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void *
 	enum tfe_conn_dir peer_conn_dir{};
 	size_t rx_offset = 0;
 
-	if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available())
+	if (steering_device_is_available() && (
+		(STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) ||
+		(STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl)))
 	{
 		// TODO 增加计数
 		TFE_LOG_DEBUG(__STREAM_LOGGER(_stream), "decrypted traffic steering, %s run eventcb",  bev == _stream->conn_downstream->bev ? "conn_downstream" : "conn_upstream");
@@ -1252,7 +1258,9 @@ void ssl_downstream_create_on_success(future_result_t * result, void * user)
 	__conn_private_enable(_stream->conn_downstream);
 	__conn_private_enable(_stream->conn_upstream);
 
-	if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available())
+	if (steering_device_is_available() && (
+		(STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) ||
+		(STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl)))
 	{
 		__conn_private_enable(_stream->conn_fake_c);
 		__conn_private_enable(_stream->conn_fake_s);
@@ -1756,7 +1764,10 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
 	__stream_fd_option_setup(_stream, fd_downstream, CONN_DIR_DOWNSTREAM);
 	__stream_fd_option_setup(_stream, fd_upstream, CONN_DIR_UPSTREAM);
 
-	if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available())
+	if (steering_device_is_available() && (
+		(STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) ||
+		(STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl)
+	))
 	{
 		__stream_fd_option_setup(_stream, fd_fake_s, CONN_DIR_DOWNSTREAM);
 		__stream_fd_option_setup(_stream, fd_fake_c, CONN_DIR_UPSTREAM);
@@ -1813,7 +1824,9 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
 		__conn_private_enable(_stream->conn_downstream);
 		__conn_private_enable(_stream->conn_upstream);
 
-		if (_stream->proxy_ref->traffic_steering_options.enable && steering_device_is_available())
+		if (steering_device_is_available() && (
+			(STREAM_PROTO_PLAIN == _stream->session_type && _stream->proxy_ref->traffic_steering_options.enable_steering_http) ||
+			(STREAM_PROTO_SSL == _stream->session_type &&_stream->proxy_ref->traffic_steering_options.enable_steering_ssl)))
 		{
 			__conn_private_enable(_stream->conn_fake_s);
 			__conn_private_enable(_stream->conn_fake_c);