修复根据fd创建stream addr时源目的地址颠倒的问题。修复HTTP业务层IP扫描不命中问题。
This commit is contained in:
zhengchao
@@ -21,11 +21,6 @@ enum tfe_app_proto
|
||||
APP_PROTO_QUIC //QUIC is a protocol that cross session layer and application layer.
|
||||
};
|
||||
|
||||
enum tfe_conn_dir
|
||||
{
|
||||
CONN_DIR_DOWNSTREAM = 0, //From client to proxy, aka client-side.
|
||||
CONN_DIR_UPSTREAM //From proxy to server, aka server-side.
|
||||
};
|
||||
|
||||
enum tfe_conn_status
|
||||
{
|
||||
|
||||
@@ -8,6 +8,11 @@
|
||||
#include <netinet/in.h> //defines struct in_addr
|
||||
#include <arpa/inet.h>
|
||||
|
||||
enum tfe_conn_dir
|
||||
{
|
||||
CONN_DIR_DOWNSTREAM = 0, //From client to proxy, aka client-side.
|
||||
CONN_DIR_UPSTREAM //From proxy to server, aka server-side.
|
||||
};
|
||||
|
||||
/* network-order */
|
||||
struct tfe_stream_addr_tuple4_v4
|
||||
@@ -181,7 +186,7 @@ static inline void tfe_stream_addr_free(struct tfe_stream_addr *addr)
|
||||
free(addr);
|
||||
return;
|
||||
}
|
||||
static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd)
|
||||
static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd, enum tfe_conn_dir dir)
|
||||
{
|
||||
struct tfe_stream_addr * __stream_addr = NULL;
|
||||
|
||||
@@ -192,7 +197,8 @@ static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd)
|
||||
struct sockaddr_storage sk_dst_storage{};
|
||||
struct sockaddr * sk_dst_ptr = (struct sockaddr *) &sk_dst_storage;
|
||||
socklen_t sk_dst_len = sizeof(sk_dst_storage);
|
||||
|
||||
if(dir==CONN_DIR_UPSTREAM)
|
||||
{
|
||||
int ret = getsockname(fd, sk_src_ptr, &sk_src_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
@@ -204,6 +210,21 @@ static inline struct tfe_stream_addr * tfe_stream_addr_create_by_fd(int fd)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
int ret = getsockname(fd, sk_dst_ptr, &sk_dst_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
|
||||
ret = getpeername(fd, sk_src_ptr, &sk_src_len);
|
||||
if (ret < 0)
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
}
|
||||
|
||||
assert(sk_src_ptr->sa_family == sk_dst_ptr->sa_family);
|
||||
if (sk_src_ptr->sa_family == AF_INET)
|
||||
|
||||
@@ -218,7 +218,8 @@ struct ssl_stream * ssl_stream_new(struct ssl_mgr * mgr, evutil_socket_t fd, enu
|
||||
s_stream->ssl = downstream_ssl_create(mgr, kyr);
|
||||
s_stream->keyring = kyr;
|
||||
break;
|
||||
case CONN_DIR_UPSTREAM: s_stream->ssl = upstream_ssl_create(mgr, client_hello, fd);
|
||||
case CONN_DIR_UPSTREAM:
|
||||
s_stream->ssl = upstream_ssl_create(mgr, client_hello, fd);
|
||||
s_stream->client_hello = client_hello;
|
||||
break;
|
||||
default: assert(0);
|
||||
@@ -618,15 +619,18 @@ static SSL * upstream_ssl_create(struct ssl_mgr * mgr, const struct ssl_chello *
|
||||
socklen_t addrlen = sizeof(struct sockaddr_storage);
|
||||
|
||||
ret = getpeername(fd, (struct sockaddr *) (&addr), &addrlen);
|
||||
assert(ret == 0);
|
||||
|
||||
if(ret == 0)
|
||||
{
|
||||
/* session resuming based on remote endpoint address and port */
|
||||
sess = up_session_get(mgr->up_sess_cache, (struct sockaddr *) &addr, addrlen, chello->sni); /* new sess insert */
|
||||
sess = up_session_get(mgr->up_sess_cache, (struct sockaddr *) &addr, addrlen, chello->sni);
|
||||
if (sess)
|
||||
{
|
||||
SSL_set_session(ssl, sess); /* increments sess refcount */
|
||||
SSL_SESSION_free(sess);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
return ssl;
|
||||
}
|
||||
@@ -1275,7 +1279,7 @@ retry:
|
||||
|
||||
if (ctx->retries++ >= MAX_NET_RETRIES)
|
||||
{
|
||||
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd);
|
||||
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, ctx->s_stream->dir);
|
||||
char* addr_string=tfe_stream_addr_to_str(addr);
|
||||
TFE_LOG_ERROR(logger, "Failed to shutdown SSL connection cleanly: %s "
|
||||
"Max retries reached. Closing fd %d.", addr_string, fd);
|
||||
|
||||
@@ -890,7 +890,7 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
|
||||
__stream_fd_option_setup(_stream, fd_downstream);
|
||||
__stream_fd_option_setup(_stream, fd_upstream);
|
||||
|
||||
_stream->head.addr = tfe_stream_addr_create_by_fd(fd_downstream);
|
||||
_stream->head.addr = tfe_stream_addr_create_by_fd(fd_downstream, CONN_DIR_DOWNSTREAM);
|
||||
if (unlikely(_stream->head.addr == NULL))
|
||||
{
|
||||
TFE_LOG_ERROR(_stream->stream_logger, "Failed to create address from fd %d, %d, terminate fds.",
|
||||
|
||||
@@ -285,7 +285,14 @@ static void pangu_http_ctx_free(struct pangu_http_ctx * ctx)
|
||||
|
||||
inline void addr_tfe2sapp(const struct tfe_stream_addr * tfe_addr, struct ipaddr * sapp_addr)
|
||||
{
|
||||
sapp_addr->addrtype = tfe_addr->addrtype;
|
||||
if(tfe_addr->addrtype==TFE_ADDR_STREAM_TUPLE4_V4||tfe_addr->addrtype==TFE_ADDR_IPV4)
|
||||
{
|
||||
sapp_addr->addrtype = ADDR_TYPE_IPV4;
|
||||
}
|
||||
else
|
||||
{
|
||||
sapp_addr->addrtype=ADDR_TYPE_IPV6;
|
||||
}
|
||||
sapp_addr->paddr = (char *) tfe_addr->paddr;
|
||||
return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user