gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TFE Acceptor V3 不扫描Service Chaining Rule;

Browse Source 
tcp_passthrough执行优先级: No Intercept Rule大于Tcp Option Profile
This commit is contained in:
luwenpeng
2023-05-09 15:36:00 +08:00
parent ceffc9b168
commit 4e1c470720
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
platform/src/acceptor_kni_v3.cpp
View File

@@ -605,7 +605,7 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
uint8_t stream_protocol_in_char = 0; uint8_t stream_protocol_in_char = 0;
uint8_t enalbe_decrypted_traffic_steering = 0; uint8_t enalbe_decrypted_traffic_steering = 0;
uint16_t size = 0; uint16_t size = 0;
uint64_t chaining_rule_id = 0; // only use for acceptv4 // uint64_t chaining_rule_id = 0; // only use for acceptv4
struct acceptor_kni_v3 *__ctx = (struct acceptor_kni_v3 *)data; struct acceptor_kni_v3 *__ctx = (struct acceptor_kni_v3 *)data;
clock_gettime(CLOCK_MONOTONIC, &(__ctx->start)); clock_gettime(CLOCK_MONOTONIC, &(__ctx->start));
memset(&pktinfo, 0, sizeof(pktinfo)); memset(&pktinfo, 0, sizeof(pktinfo));
@@ -718,7 +718,7 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
intercept_policy_enforce(__ctx->proxy->int_ply_enforcer, cmsg); intercept_policy_enforce(__ctx->proxy->int_ply_enforcer, cmsg);
tcp_policy_enforce(__ctx->proxy->tcp_ply_enforcer, cmsg); tcp_policy_enforce(__ctx->proxy->tcp_ply_enforcer, cmsg);
chaining_policy_enforce(__ctx->proxy->chain_ply_enforcer, cmsg, chaining_rule_id); // chaining_policy_enforce(__ctx->proxy->chain_ply_enforcer, cmsg, chaining_rule_id);
if (overwrite_tcp_mss(cmsg, &restore_info)) if (overwrite_tcp_mss(cmsg, &restore_info))
{ {
@@ -744,7 +744,7 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
} }
tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size); tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size);
tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering), &size); // tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering), &size);
if (steering_device_is_available() && ( if (steering_device_is_available() && (
(STREAM_PROTO_PLAIN == (enum tfe_stream_proto)stream_protocol_in_char && __ctx->proxy->traffic_steering_options.enable_steering_http) || (STREAM_PROTO_PLAIN == (enum tfe_stream_proto)stream_protocol_in_char && __ctx->proxy->traffic_steering_options.enable_steering_http) ||

7
plugin/business/tcp-policy/src/tcp_policy.cpp
View File

@@ -254,7 +254,12 @@ int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg
return -1; return -1;
} }
tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (unsigned char *)&param->tcp_passthrough, sizeof(param->tcp_passthrough)); uint8_t hit_no_intercept = 0;
tfe_cmsg_get_value(cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept), &size);
if (hit_no_intercept == 0)
{
tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (unsigned char *)&param->tcp_passthrough, sizeof(param->tcp_passthrough));
}
struct side_conn_param *client_side = &param->client_side; struct side_conn_param *client_side = &param->client_side;
tfe_cmsg_set(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE, (unsigned char *)&client_side->maxseg_enable, sizeof(client_side->maxseg_enable)); tfe_cmsg_set(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE, (unsigned char *)&client_side->maxseg_enable, sizeof(client_side->maxseg_enable));