TSG-13171 Decrypted Traffic Steering构造的SYN/SYN ACK/ACK支持TimeStamp选项

platform/src/acceptor_kni_v3.cpp

@@ -282,18 +282,25 @@ struct tcp_option_mss {
 	uint8_t kind;
 	uint8_t length;
 	uint16_t mss_value;
-};
+} __attribute__((__packed__));
 
 struct tcp_option_window_scale {
 	uint8_t kind;
 	uint8_t length;
 	uint8_t shift_count;
-};
+} __attribute__((__packed__));
 
 struct tcp_option_sack {
 	uint8_t kind;
 	uint8_t length;
-};
+} __attribute__((__packed__));
+
+struct tcp_option_time_stamp {
+	uint8_t kind;
+	uint8_t length;
+	uint32_t tsval;
+	uint32_t tsecr;
+} __attribute__((__packed__));
 
 static int fake_tcp_handshake(struct tfe_proxy *proxy, struct tcp_restore_info *restore_info)
 {
@@ -302,9 +309,10 @@ static int fake_tcp_handshake(struct tfe_proxy *proxy, struct tcp_restore_info *
 
 	char tcp_option_buffer_c[40] = {0};
 	char tcp_option_buffer_s[40] = {0};
+	char tcp_option_buffer_c2[40] = {0};
 	int tcp_option_length_c = 0;
 	int tcp_option_length_s = 0;
-	int options_padding_size = 0;
+	int tcp_option_length_c2 = 0;
 
 	const struct tcp_restore_endpoint *client = &restore_info->client;
 	const struct tcp_restore_endpoint *server = &restore_info->server;
@@ -397,6 +405,45 @@ static int fake_tcp_handshake(struct tfe_proxy *proxy, struct tcp_restore_info *
 		tcp_option_length_s += sizeof(struct tcp_option_sack);
 	}
 
+	/*
+	 * Time Stamp option: Kind: 8, Length: 10
+	 * +---------+---------+-----+-----+
+	 * | Kind=8  |Length=10|tsval|tsecr|
+	 * +---------+---------+-----+-----+
+	 *      1         1       4     4
+	 */
+	if (client->timestamp_perm && server->timestamp_perm)
+	{
+		// padding
+		memset(tcp_option_buffer_c + tcp_option_length_c, 1, 2);
+		tcp_option_length_c += 2;
+		memset(tcp_option_buffer_s + tcp_option_length_s, 1, 2);
+		tcp_option_length_s += 2;
+		memset(tcp_option_buffer_c2 + tcp_option_length_c2, 1, 2);
+		tcp_option_length_c2 += 2;
+
+		struct tcp_option_time_stamp *option_c = (struct tcp_option_time_stamp *)(tcp_option_buffer_c + tcp_option_length_c);
+		option_c->kind = 8;
+		option_c->length = 10;
+		option_c->tsval = htonl(client->ts_val);
+		option_c->tsecr = htonl(0);
+		tcp_option_length_c += sizeof(struct tcp_option_time_stamp);
+
+		struct tcp_option_time_stamp *option_s = (struct tcp_option_time_stamp *)(tcp_option_buffer_s + tcp_option_length_s);
+		option_s->kind = 8;
+		option_s->length = 10;
+		option_s->tsval = htonl(server->ts_val);
+		option_s->tsecr = htonl(client->ts_val);
+		tcp_option_length_s += sizeof(struct tcp_option_time_stamp);
+
+		struct tcp_option_time_stamp *option_c2 = (struct tcp_option_time_stamp *)(tcp_option_buffer_c2 + tcp_option_length_c2);
+		option_c2->kind = 8;
+		option_c2->length = 10;
+		option_c2->tsval = htonl(client->ts_val);
+		option_c2->tsecr = htonl(server->ts_val);
+		tcp_option_length_c2 += sizeof(struct tcp_option_time_stamp);
+	}
+
 	if (client->addr.ss_family == AF_INET6)
 	{
 		struct sockaddr_in6 *sk_client = (struct sockaddr_in6 *)&client->addr;
@@ -432,7 +479,7 @@ static int fake_tcp_handshake(struct tfe_proxy *proxy, struct tcp_restore_info *
        	 	&raw_socket_c->mac_addr, &raw_socket_s->mac_addr, 0, ETH_P_IPV6, // Ether
         	&sk_client->sin6_addr, &sk_server->sin6_addr, 55,  // IPv6
 			port_client, port_server, c_seq, s_seq, TCP_ACK_FLAG, client->window, // TCP Header
-			NULL, 0, // TCP Options
+			tcp_option_buffer_c2, tcp_option_length_c2, // TCP Options
 			NULL, 0); // Payload
 		raw_socket_send(raw_socket_c, buffer, length);
 	}
@@ -471,7 +518,7 @@ static int fake_tcp_handshake(struct tfe_proxy *proxy, struct tcp_restore_info *
 			&raw_socket_c->mac_addr, &raw_socket_s->mac_addr, 0, ETH_P_IP, // Ether
 			&sk_client->sin_addr, &sk_server->sin_addr, 0, 55, 0x13, // IPv4
 			port_client, port_server, c_seq, s_seq, TCP_ACK_FLAG, client->window, // TCP Header
-			NULL, 0, // TCP Options
+			tcp_option_buffer_c2, tcp_option_length_c2, // TCP Options
 			NULL, 0);
 		raw_socket_send(raw_socket_c, buffer, length);
 	}