TSG-13042 构造三次握手报文，通过原始套接字注入tap_client和tap_server

2022-12-20 14:00:46 +08:00
parent 42dded52ac
commit 7978e74321
6 changed files with 672 additions and 1 deletions
--- a/platform/src/acceptor_kni_v3.cpp
+++ b/platform/src/acceptor_kni_v3.cpp
@@ -13,6 +13,8 @@
 #include <tfe_tcp_restore.h>
 #include <MESA/MESA_prof_load.h>
 #include <watchdog_3rd_device.h>
+#include <raw_socket.h>
+#include <packet_construct.h>

 #define TCP_RESTORE_TCPOPT_KIND 88

@@ -276,6 +278,105 @@ static void tcp_restore_info_parse_from_pkt(struct pkt_info *pktinfo, struct tcp
 	}
 }

+static int fake_tcp_handshake(struct tfe_proxy *proxy, struct tcp_restore_info *restore_info)
+{
+    char buffer[1500] = {0};
+    int length = 0;
+
+	const struct tcp_restore_endpoint *client = &restore_info->client;
+	const struct tcp_restore_endpoint *server = &restore_info->server;
+    struct raw_socket *raw_socket_c = raw_socket_create(proxy->traffic_steering_options.device_client, proxy->traffic_steering_options.so_mask_client);
+    struct raw_socket *raw_socket_s = raw_socket_create(proxy->traffic_steering_options.device_server, proxy->traffic_steering_options.so_mask_server);
+    if (raw_socket_c == NULL || raw_socket_s == NULL)
+    {
+    	raw_socket_destory(raw_socket_c);
+    	raw_socket_destory(raw_socket_s);
+
+    	return -1;
+    }
+
+	uint32_t c_seq = client->seq - 1;
+	uint32_t s_seq = server->seq - 1;
+
+	if (client->addr.ss_family == AF_INET6)
+	{
+		struct sockaddr_in6 *sk_client = (struct sockaddr_in6 *)&client->addr;
+		struct sockaddr_in6 *sk_server = (struct sockaddr_in6 *)&server->addr;
+		uint16_t port_client = sk_client->sin6_port;
+		uint16_t port_server = sk_server->sin6_port;
+
+		// C -> S
+		length = tcp_packet_v6_construct(
+       		buffer,                                                               // buffer
+       	 	&raw_socket_c->mac_addr, &raw_socket_s->mac_addr, 0, ETH_P_IPV6,      // Ether
+        	&sk_client->sin6_addr, &sk_server->sin6_addr, 55,                     // IPv6
+			port_client, port_server, c_seq, s_seq, TCP_SYN_FLAG, client->window, // TCP
+			NULL, 0);
+		raw_socket_send(raw_socket_c, buffer, length);
+		c_seq += 1;
+
+		// S -> C
+		length = tcp_packet_v6_construct(
+       		buffer,                                                                              // buffer
+       	 	&raw_socket_s->mac_addr, &raw_socket_c->mac_addr, 0, ETH_P_IPV6,                     // Ether
+        	&sk_server->sin6_addr, &sk_client->sin6_addr,  65,                                   // IPv6
+			port_server, port_client, s_seq, c_seq, TCP_SYN_FLAG | TCP_ACK_FLAG, server->window, // TCP
+			NULL, 0);
+		raw_socket_send(raw_socket_s, buffer, length);
+		s_seq += 1;
+
+		// C -> S
+		length = tcp_packet_v6_construct(
+       		buffer,                                                               // buffer
+       	 	&raw_socket_c->mac_addr, &raw_socket_s->mac_addr, 0, ETH_P_IPV6,      // Ether
+        	&sk_client->sin6_addr, &sk_server->sin6_addr, 55,                     // IPv6
+			port_client, port_server, c_seq, s_seq, TCP_SYN_FLAG, client->window, // TCP
+			NULL, 0);
+		raw_socket_send(raw_socket_c, buffer, length);
+	}
+	else
+	{
+		struct sockaddr_in *sk_client = (struct sockaddr_in *)&client->addr;
+		struct sockaddr_in *sk_server = (struct sockaddr_in *)&server->addr;
+		uint16_t port_client = sk_client->sin_port;
+		uint16_t port_server = sk_server->sin_port;
+
+		// C -> S
+		length = tcp_packet_v4_construct(
+			buffer,                                                               // buffer
+			&raw_socket_c->mac_addr, &raw_socket_s->mac_addr, 0, ETH_P_IP,        // Ether
+			&sk_client->sin_addr, &sk_server->sin_addr, 0, 55, 0x11,              // IPv4
+			port_client, port_server, c_seq, s_seq, TCP_SYN_FLAG, client->window, // TCP
+			NULL, 0);
+		raw_socket_send(raw_socket_c, buffer, length);
+		c_seq += 1;
+
+		// S -> C
+		length = tcp_packet_v4_construct(
+			buffer,                                                                              // buffer
+			&raw_socket_s->mac_addr, &raw_socket_c->mac_addr, 0, ETH_P_IP,                       // Ether
+			&sk_server->sin_addr,&sk_client->sin_addr, 0, 65, 0x12,                              // IPv4
+			port_server, port_client, s_seq, c_seq, TCP_SYN_FLAG | TCP_ACK_FLAG, server->window, // TCP
+			NULL, 0);
+		raw_socket_send(raw_socket_s, buffer, length);
+		s_seq += 1;
+
+		// C -> S
+		length = tcp_packet_v4_construct(
+			buffer,                                                               // buffer
+			&raw_socket_c->mac_addr, &raw_socket_s->mac_addr, 0, ETH_P_IP,        // Ether
+			&sk_client->sin_addr, &sk_server->sin_addr, 0, 55, 0x13,              // IPv4
+			port_client, port_server, c_seq, s_seq, TCP_ACK_FLAG, client->window, // TCP
+			NULL, 0);
+		raw_socket_send(raw_socket_c, buffer, length);
+	}
+
+    raw_socket_destory(raw_socket_c);
+    raw_socket_destory(raw_socket_s);
+    
+	return 0;
+}
+
 /*
 * nfmsg : message objetc that contains the packet
 * nfad : Netlink packet data handle
@@ -424,6 +525,12 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s

 	if (__ctx->proxy->traffic_steering_options.enable && steering_device_is_available())
 	{
+		if (fake_tcp_handshake(__ctx->proxy, &restore_info) == -1)
+		{
+			TFE_LOG_ERROR(g_default_logger, "Failed at fake_tcp_handshake()");
+			goto end;
+		}
+
 		fd_fake_c = tfe_tcp_restore_fd_create(&(restore_info.client), &(restore_info.server), __ctx->proxy->traffic_steering_options.device_client, __ctx->proxy->traffic_steering_options.so_mask_client);
 		if (fd_fake_c < 0)
 		{