修复根据fd创建stream addr时源目的地址颠倒的问题。修复HTTP业务层IP扫描不命中问题。
This commit is contained in:
zhengchao
@@ -21,11 +21,6 @@ enum tfe_app_proto
|
|||||||
APP_PROTO_QUIC //QUIC is a protocol that cross session layer and application layer.
|
APP_PROTO_QUIC //QUIC is a protocol that cross session layer and application layer.
|
||||||
};
|
};
|
||||||
|
|
||||||
enum tfe_conn_dir
|
|
||||||
{
|
|
||||||
CONN_DIR_DOWNSTREAM = 0, //From client to proxy, aka client-side.
|
|
||||||
CONN_DIR_UPSTREAM //From proxy to server, aka server-side.
|
|
||||||
};
|
|
||||||
|
|
||||||
enum tfe_conn_status
|
enum tfe_conn_status
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -8,6 +8,11 @@
|
|||||||
#include <netinet/in.h> //defines struct in_addr
|
#include <netinet/in.h> //defines struct in_addr
|
||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
|
|
||||||
|
enum tfe_conn_dir
|
||||||
|
{
|
||||||
|
CONN_DIR_DOWNSTREAM = 0, //From client to proxy, aka client-side.
|
||||||
|
CONN_DIR_UPSTREAM //From proxy to server, aka server-side.
|
||||||
|
};
|
||||||
|
|
||||||
/* network-order */
|
/* network-order */
|
||||||
struct tfe_stream_addr_tuple4_v4
|
struct tfe_stream_addr_tuple4_v4
|
||||||
@@ -181,7 +186,7 @@ static inline void tfe_stream_addr_free(struct tfe_stream_addr *addr)
|
|||||||
free(addr);
|
free(addr);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd)
|
static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd, enum tfe_conn_dir dir)
|
||||||
{
|
{
|
||||||
struct tfe_stream_addr * __stream_addr = NULL;
|
struct tfe_stream_addr * __stream_addr = NULL;
|
||||||
|
|
||||||
@@ -192,7 +197,8 @@ static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd)
|
|||||||
struct sockaddr_storage sk_dst_storage{};
|
struct sockaddr_storage sk_dst_storage{};
|
||||||
struct sockaddr * sk_dst_ptr = (struct sockaddr *) &sk_dst_storage;
|
struct sockaddr * sk_dst_ptr = (struct sockaddr *) &sk_dst_storage;
|
||||||
socklen_t sk_dst_len = sizeof(sk_dst_storage);
|
socklen_t sk_dst_len = sizeof(sk_dst_storage);
|
||||||
|
if(dir==CONN_DIR_UPSTREAM)
|
||||||
|
{
|
||||||
int ret = getsockname(fd, sk_src_ptr, &sk_src_len);
|
int ret = getsockname(fd, sk_src_ptr, &sk_src_len);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
{
|
{
|
||||||
@@ -204,6 +210,21 @@ static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd)
|
|||||||
{
|
{
|
||||||
goto __errout;
|
goto __errout;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
int ret = getsockname(fd, sk_dst_ptr, &sk_dst_len);
|
||||||
|
if (ret < 0)
|
||||||
|
{
|
||||||
|
goto __errout;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = getpeername(fd, sk_src_ptr, &sk_src_len);
|
||||||
|
if (ret < 0)
|
||||||
|
{
|
||||||
|
goto __errout;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
assert(sk_src_ptr->sa_family == sk_dst_ptr->sa_family);
|
assert(sk_src_ptr->sa_family == sk_dst_ptr->sa_family);
|
||||||
if (sk_src_ptr->sa_family == AF_INET)
|
if (sk_src_ptr->sa_family == AF_INET)
|
||||||
|
|||||||
@@ -218,7 +218,8 @@ struct ssl_stream * ssl_stream_new(struct ssl_mgr * mgr, evutil_socket_t fd, enu
|
|||||||
s_stream->ssl = downstream_ssl_create(mgr, kyr);
|
s_stream->ssl = downstream_ssl_create(mgr, kyr);
|
||||||
s_stream->keyring = kyr;
|
s_stream->keyring = kyr;
|
||||||
break;
|
break;
|
||||||
case CONN_DIR_UPSTREAM: s_stream->ssl = upstream_ssl_create(mgr, client_hello, fd);
|
case CONN_DIR_UPSTREAM:
|
||||||
|
s_stream->ssl = upstream_ssl_create(mgr, client_hello, fd);
|
||||||
s_stream->client_hello = client_hello;
|
s_stream->client_hello = client_hello;
|
||||||
break;
|
break;
|
||||||
default: assert(0);
|
default: assert(0);
|
||||||
@@ -618,15 +619,18 @@ static SSL * upstream_ssl_create(struct ssl_mgr * mgr, const struct ssl_chello *
|
|||||||
socklen_t addrlen = sizeof(struct sockaddr_storage);
|
socklen_t addrlen = sizeof(struct sockaddr_storage);
|
||||||
|
|
||||||
ret = getpeername(fd, (struct sockaddr *) (&addr), &addrlen);
|
ret = getpeername(fd, (struct sockaddr *) (&addr), &addrlen);
|
||||||
assert(ret == 0);
|
if(ret == 0)
|
||||||
|
{
|
||||||
/* session resuming based on remote endpoint address and port */
|
/* session resuming based on remote endpoint address and port */
|
||||||
sess = up_session_get(mgr->up_sess_cache, (struct sockaddr *) &addr, addrlen, chello->sni); /* new sess insert */
|
sess = up_session_get(mgr->up_sess_cache, (struct sockaddr *) &addr, addrlen, chello->sni);
|
||||||
if (sess)
|
if (sess)
|
||||||
{
|
{
|
||||||
SSL_set_session(ssl, sess); /* increments sess refcount */
|
SSL_set_session(ssl, sess); /* increments sess refcount */
|
||||||
SSL_SESSION_free(sess);
|
SSL_SESSION_free(sess);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
return ssl;
|
return ssl;
|
||||||
}
|
}
|
||||||
@@ -1275,7 +1279,7 @@ retry:
|
|||||||
|
|
||||||
if (ctx->retries++ >= MAX_NET_RETRIES)
|
if (ctx->retries++ >= MAX_NET_RETRIES)
|
||||||
{
|
{
|
||||||
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd);
|
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, ctx->s_stream->dir);
|
||||||
char* addr_string=tfe_stream_addr_to_str(addr);
|
char* addr_string=tfe_stream_addr_to_str(addr);
|
||||||
TFE_LOG_ERROR(logger, "Failed to shutdown SSL connection cleanly: %s "
|
TFE_LOG_ERROR(logger, "Failed to shutdown SSL connection cleanly: %s "
|
||||||
"Max retries reached. Closing fd %d.", addr_string, fd);
|
"Max retries reached. Closing fd %d.", addr_string, fd);
|
||||||
|
|||||||
@@ -890,7 +890,7 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
|
|||||||
__stream_fd_option_setup(_stream, fd_downstream);
|
__stream_fd_option_setup(_stream, fd_downstream);
|
||||||
__stream_fd_option_setup(_stream, fd_upstream);
|
__stream_fd_option_setup(_stream, fd_upstream);
|
||||||
|
|
||||||
_stream->head.addr = tfe_stream_addr_create_by_fd(fd_downstream);
|
_stream->head.addr = tfe_stream_addr_create_by_fd(fd_downstream, CONN_DIR_DOWNSTREAM);
|
||||||
if (unlikely(_stream->head.addr == NULL))
|
if (unlikely(_stream->head.addr == NULL))
|
||||||
{
|
{
|
||||||
TFE_LOG_ERROR(_stream->stream_logger, "Failed to create address from fd %d, %d, terminate fds.",
|
TFE_LOG_ERROR(_stream->stream_logger, "Failed to create address from fd %d, %d, terminate fds.",
|
||||||
|
|||||||
@@ -285,7 +285,14 @@ static void pangu_http_ctx_free(struct pangu_http_ctx * ctx)
|
|||||||
|
|
||||||
inline void addr_tfe2sapp(const struct tfe_stream_addr * tfe_addr, struct ipaddr * sapp_addr)
|
inline void addr_tfe2sapp(const struct tfe_stream_addr * tfe_addr, struct ipaddr * sapp_addr)
|
||||||
{
|
{
|
||||||
sapp_addr->addrtype = tfe_addr->addrtype;
|
if(tfe_addr->addrtype==TFE_ADDR_STREAM_TUPLE4_V4||tfe_addr->addrtype==TFE_ADDR_IPV4)
|
||||||
|
{
|
||||||
|
sapp_addr->addrtype = ADDR_TYPE_IPV4;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
sapp_addr->addrtype=ADDR_TYPE_IPV6;
|
||||||
|
}
|
||||||
sapp_addr->paddr = (char *) tfe_addr->paddr;
|
sapp_addr->paddr = (char *) tfe_addr->paddr;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user