From 4e1c4707204e18c30e04181b7193828fed32ad1d Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Tue, 9 May 2023 15:36:00 +0800 Subject: [PATCH] =?UTF-8?q?TFE=20Acceptor=20V3=20=E4=B8=8D=E6=89=AB?= =?UTF-8?q?=E6=8F=8FService=20Chaining=20Rule;=20tcp=5Fpassthrough?= =?UTF-8?q?=E6=89=A7=E8=A1=8C=E4=BC=98=E5=85=88=E7=BA=A7:=20No=20Intercept?= =?UTF-8?q?=20Rule=E5=A4=A7=E4=BA=8ETcp=20Option=20Profile?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- platform/src/acceptor_kni_v3.cpp | 6 +++--- plugin/business/tcp-policy/src/tcp_policy.cpp | 7 ++++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/platform/src/acceptor_kni_v3.cpp b/platform/src/acceptor_kni_v3.cpp index 8a39bfc..f0d7282 100644 --- a/platform/src/acceptor_kni_v3.cpp +++ b/platform/src/acceptor_kni_v3.cpp @@ -605,7 +605,7 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s uint8_t stream_protocol_in_char = 0; uint8_t enalbe_decrypted_traffic_steering = 0; uint16_t size = 0; - uint64_t chaining_rule_id = 0; // only use for acceptv4 + // uint64_t chaining_rule_id = 0; // only use for acceptv4 struct acceptor_kni_v3 *__ctx = (struct acceptor_kni_v3 *)data; clock_gettime(CLOCK_MONOTONIC, &(__ctx->start)); memset(&pktinfo, 0, sizeof(pktinfo)); @@ -718,7 +718,7 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s intercept_policy_enforce(__ctx->proxy->int_ply_enforcer, cmsg); tcp_policy_enforce(__ctx->proxy->tcp_ply_enforcer, cmsg); - chaining_policy_enforce(__ctx->proxy->chain_ply_enforcer, cmsg, chaining_rule_id); + // chaining_policy_enforce(__ctx->proxy->chain_ply_enforcer, cmsg, chaining_rule_id); if (overwrite_tcp_mss(cmsg, &restore_info)) { @@ -744,7 +744,7 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s } tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size); - tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering), &size); + // tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering), &size); if (steering_device_is_available() && ( (STREAM_PROTO_PLAIN == (enum tfe_stream_proto)stream_protocol_in_char && __ctx->proxy->traffic_steering_options.enable_steering_http) || diff --git a/plugin/business/tcp-policy/src/tcp_policy.cpp b/plugin/business/tcp-policy/src/tcp_policy.cpp index fec93df..6c9cdef 100644 --- a/plugin/business/tcp-policy/src/tcp_policy.cpp +++ b/plugin/business/tcp-policy/src/tcp_policy.cpp @@ -254,7 +254,12 @@ int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg return -1; } - tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (unsigned char *)¶m->tcp_passthrough, sizeof(param->tcp_passthrough)); + uint8_t hit_no_intercept = 0; + tfe_cmsg_get_value(cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept), &size); + if (hit_no_intercept == 0) + { + tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (unsigned char *)¶m->tcp_passthrough, sizeof(param->tcp_passthrough)); + } struct side_conn_param *client_side = ¶m->client_side; tfe_cmsg_set(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE, (unsigned char *)&client_side->maxseg_enable, sizeof(client_side->maxseg_enable));