bugfix:mirror流量的MAC地址是默认值
This commit is contained in:
wangmenglan
@@ -109,6 +109,8 @@ int packet_get_outermost_tuple4(const struct packet *handler, struct tuple4 *tup
|
|||||||
int packet_get_innermost_tuple6(const struct packet *handler, struct tuple6 *tuple);
|
int packet_get_innermost_tuple6(const struct packet *handler, struct tuple6 *tuple);
|
||||||
int packet_get_outermost_tuple6(const struct packet *handler, struct tuple6 *tuple);
|
int packet_get_outermost_tuple6(const struct packet *handler, struct tuple6 *tuple);
|
||||||
|
|
||||||
|
int packet_get_outermost_mac(const struct packet *handler, unsigned char *src_mac, unsigned char *dst_mac);
|
||||||
|
|
||||||
const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type);
|
const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type);
|
||||||
const struct layer_record *packet_get_outermost_layer(const struct packet *handler, enum layer_type type);
|
const struct layer_record *packet_get_outermost_layer(const struct packet *handler, enum layer_type type);
|
||||||
|
|
||||||
|
|||||||
@@ -1323,6 +1323,37 @@ int packet_get_outermost_tuple6(const struct packet *handler, struct tuple6 *tup
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int packet_get_outermost_mac(const struct packet *handler, unsigned char *src_mac, unsigned char *dst_mac)
|
||||||
|
{
|
||||||
|
const struct layer_record *layer_l2 = NULL;
|
||||||
|
const struct layer_record *layer = NULL;
|
||||||
|
struct ethhdr *ethhdr = NULL;
|
||||||
|
|
||||||
|
for (int8_t i = 0; i < handler->layers_used; i++)
|
||||||
|
{
|
||||||
|
layer = &handler->layers[i];
|
||||||
|
|
||||||
|
// first get L2 layer
|
||||||
|
if (layer->type & LAYER_TYPE_ETHER)
|
||||||
|
{
|
||||||
|
layer_l2 = layer;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (layer_l2)
|
||||||
|
{
|
||||||
|
ethhdr = (struct ethhdr *)handler->data_ptr;
|
||||||
|
memcpy(src_mac, ethhdr->h_source, ETH_ALEN);
|
||||||
|
memcpy(dst_mac, ethhdr->h_dest, ETH_ALEN);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type)
|
const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type)
|
||||||
{
|
{
|
||||||
const struct layer_record *layer = NULL;
|
const struct layer_record *layer = NULL;
|
||||||
|
|||||||
@@ -355,25 +355,25 @@ static int overwrite_tcp_mss(struct tfe_cmsg *cmsg, struct tcp_restore_info *res
|
|||||||
int client_side_mss_enable = 0;
|
int client_side_mss_enable = 0;
|
||||||
int client_side_mss_value = 0;
|
int client_side_mss_value = 0;
|
||||||
|
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE, (unsigned char *)&client_side_mss_enable, sizeof(client_side_mss_enable), &size);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE, (uint8_t *)&client_side_mss_enable, sizeof(client_side_mss_enable), &size);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
{
|
{
|
||||||
TFE_LOG_ERROR(logger, "%s: session %lu failed at fetch client side tcp mss from cmsg: %s", LOG_TAG_PKTIO, session_id, strerror(-ret));
|
TFE_LOG_ERROR(logger, "%s: session %lu failed at fetch client side tcp mss from cmsg: %s", LOG_TAG_PKTIO, session_id, strerror(-ret));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_VALUE, (unsigned char *)&client_side_mss_value, sizeof(client_side_mss_value), &size);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_VALUE, (uint8_t *)&client_side_mss_value, sizeof(client_side_mss_value), &size);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
{
|
{
|
||||||
TFE_LOG_ERROR(logger, "%s: session %lu failed at fetch client side tcp mss value from cmsg: %s", LOG_TAG_PKTIO, session_id, strerror(-ret));
|
TFE_LOG_ERROR(logger, "%s: session %lu failed at fetch client side tcp mss value from cmsg: %s", LOG_TAG_PKTIO, session_id, strerror(-ret));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_UPSTREAM_TCP_MSS_ENABLE, (unsigned char *)&server_side_mss_enable, sizeof(server_side_mss_enable), &size);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_UPSTREAM_TCP_MSS_ENABLE, (uint8_t *)&server_side_mss_enable, sizeof(server_side_mss_enable), &size);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
{
|
{
|
||||||
TFE_LOG_ERROR(logger, "%s: session %lu failed at fetch server side tcp mss from cmsg: %s", LOG_TAG_PKTIO, session_id, strerror(-ret));
|
TFE_LOG_ERROR(logger, "%s: session %lu failed at fetch server side tcp mss from cmsg: %s", LOG_TAG_PKTIO, session_id, strerror(-ret));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_UPSTREAM_TCP_MSS_VALUE, (unsigned char *)&server_side_mss_value, sizeof(server_side_mss_value), &size);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_UPSTREAM_TCP_MSS_VALUE, (uint8_t *)&server_side_mss_value, sizeof(server_side_mss_value), &size);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
{
|
{
|
||||||
TFE_LOG_ERROR(logger, "%s: session %lu failed at fetch server side tcp mss value from cmsg: %s", LOG_TAG_PKTIO, session_id, strerror(-ret));
|
TFE_LOG_ERROR(logger, "%s: session %lu failed at fetch server side tcp mss value from cmsg: %s", LOG_TAG_PKTIO, session_id, strerror(-ret));
|
||||||
@@ -397,7 +397,7 @@ static int tcp_restore_set_from_cmsg(struct tfe_cmsg *cmsg, struct tcp_restore_i
|
|||||||
uint16_t length = 0;
|
uint16_t length = 0;
|
||||||
|
|
||||||
uint32_t seq;
|
uint32_t seq;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (unsigned char *)&seq, sizeof(uint32_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (uint8_t *)&seq, sizeof(uint32_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->client.seq = ntohl(seq);
|
restore_info->client.seq = ntohl(seq);
|
||||||
@@ -405,7 +405,7 @@ static int tcp_restore_set_from_cmsg(struct tfe_cmsg *cmsg, struct tcp_restore_i
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint32_t ack;
|
uint32_t ack;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_ACK, (unsigned char *)&ack, sizeof(uint32_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_ACK, (uint8_t *)&ack, sizeof(uint32_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->client.ack = ntohl(ack);
|
restore_info->client.ack = ntohl(ack);
|
||||||
@@ -413,35 +413,35 @@ static int tcp_restore_set_from_cmsg(struct tfe_cmsg *cmsg, struct tcp_restore_i
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint8_t ts_client;
|
uint8_t ts_client;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT, (unsigned char *)&ts_client, sizeof(uint8_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT, (uint8_t *)&ts_client, sizeof(uint8_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->client.timestamp_perm = !!ts_client;
|
restore_info->client.timestamp_perm = !!ts_client;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t ts_server;
|
uint8_t ts_server;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER, (unsigned char *)&ts_server, sizeof(uint8_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER, (uint8_t *)&ts_server, sizeof(uint8_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->server.timestamp_perm = !!ts_server;
|
restore_info->server.timestamp_perm = !!ts_server;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t ts_client_val;
|
uint32_t ts_client_val;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT_VAL, (unsigned char *)&ts_client_val, sizeof(uint32_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT_VAL, (uint8_t *)&ts_client_val, sizeof(uint32_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->client.ts_val = ntohl(ts_client_val);
|
restore_info->client.ts_val = ntohl(ts_client_val);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t ts_server_val;
|
uint32_t ts_server_val;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER_VAL, (unsigned char *)&ts_server_val, sizeof(uint32_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER_VAL, (uint8_t *)&ts_server_val, sizeof(uint32_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->server.ts_val = ntohl(ts_server_val);
|
restore_info->server.ts_val = ntohl(ts_server_val);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t wsacle_client;
|
uint8_t wsacle_client;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT, (unsigned char *)&wsacle_client, sizeof(uint8_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT, (uint8_t *)&wsacle_client, sizeof(uint8_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->client.wscale_perm = true;
|
restore_info->client.wscale_perm = true;
|
||||||
@@ -449,7 +449,7 @@ static int tcp_restore_set_from_cmsg(struct tfe_cmsg *cmsg, struct tcp_restore_i
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint8_t wsacle_server;
|
uint8_t wsacle_server;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_SERVER, (unsigned char *)&wsacle_server, sizeof(uint8_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_SERVER, (uint8_t *)&wsacle_server, sizeof(uint8_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->server.wscale_perm = true;
|
restore_info->server.wscale_perm = true;
|
||||||
@@ -457,49 +457,49 @@ static int tcp_restore_set_from_cmsg(struct tfe_cmsg *cmsg, struct tcp_restore_i
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint8_t sack_client;
|
uint8_t sack_client;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_SACK_CLIENT, (unsigned char *)&sack_client, sizeof(uint8_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_SACK_CLIENT, (uint8_t *)&sack_client, sizeof(uint8_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->client.sack_perm = !!sack_client;
|
restore_info->client.sack_perm = !!sack_client;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t sack_server;
|
uint8_t sack_server;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_SACK_SERVER, (unsigned char *)&sack_server, sizeof(uint8_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_SACK_SERVER, (uint8_t *)&sack_server, sizeof(uint8_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->server.sack_perm = !!sack_server;
|
restore_info->server.sack_perm = !!sack_server;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint16_t mss_client;
|
uint16_t mss_client;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_MSS_CLIENT, (unsigned char *)&mss_client, sizeof(uint16_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_MSS_CLIENT, (uint8_t *)&mss_client, sizeof(uint16_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->client.mss = mss_client;
|
restore_info->client.mss = mss_client;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint16_t mss_server;
|
uint16_t mss_server;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_MSS_SERVER, (unsigned char *)&mss_server, sizeof(uint16_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_MSS_SERVER, (uint8_t *)&mss_server, sizeof(uint16_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->server.mss = mss_server;
|
restore_info->server.mss = mss_server;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint16_t window_client;
|
uint16_t window_client;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT, (unsigned char *)&window_client, sizeof(uint16_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT, (uint8_t *)&window_client, sizeof(uint16_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->client.window = window_client;
|
restore_info->client.window = window_client;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint16_t window_server;
|
uint16_t window_server;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_SERVER, (unsigned char *)&window_server, sizeof(uint16_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_SERVER, (uint8_t *)&window_server, sizeof(uint16_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->server.window = window_server;
|
restore_info->server.window = window_server;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t packet_cur_dir;
|
uint8_t packet_cur_dir;
|
||||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR, (unsigned char *)&packet_cur_dir, sizeof(uint8_t), &length);
|
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR, (uint8_t *)&packet_cur_dir, sizeof(uint8_t), &length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
restore_info->cur_dir = (enum tcp_restore_pkt_dir)packet_cur_dir;
|
restore_info->cur_dir = (enum tcp_restore_pkt_dir)packet_cur_dir;
|
||||||
@@ -841,13 +841,13 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
|
|||||||
size_t size;
|
size_t size;
|
||||||
mpack_writer_t writer;
|
mpack_writer_t writer;
|
||||||
|
|
||||||
ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_DO_LOG, (unsigned char *)&do_log, sizeof(do_log), &length);
|
ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_DO_LOG, (uint8_t *)&do_log, sizeof(do_log), &length);
|
||||||
if (ret < 0 || do_log == 0)
|
if (ret < 0 || do_log == 0)
|
||||||
return;
|
return;
|
||||||
ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)rule_id, UUID_LEN, &length);
|
ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_ID, (uint8_t *)rule_id, UUID_LEN, &length);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
return;
|
return;
|
||||||
ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept), &length);
|
ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (uint8_t *)&hit_no_intercept, sizeof(hit_no_intercept), &length);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
@@ -884,23 +884,23 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
|
|||||||
mpack_write_bin(&writer, (const char*)rule_id, UUID_LEN);
|
mpack_write_bin(&writer, (const char*)rule_id, UUID_LEN);
|
||||||
mpack_complete_array(&writer);
|
mpack_complete_array(&writer);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, (unsigned char *)&ssl_intercept_status, sizeof(ssl_intercept_status), &length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, (uint8_t *)&ssl_intercept_status, sizeof(ssl_intercept_status), &length);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_SERVER_SIDE_LATENCY, (unsigned char *)&ssl_upstream_latency, sizeof(ssl_upstream_latency), &length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_SERVER_SIDE_LATENCY, (uint8_t *)&ssl_upstream_latency, sizeof(ssl_upstream_latency), &length);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, (unsigned char *)&ssl_downstream_latency, sizeof(ssl_downstream_latency), &length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, (uint8_t *)&ssl_downstream_latency, sizeof(ssl_downstream_latency), &length);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_SERVER_SIDE_VERSION, (unsigned char *)ssl_upstream_version, sizeof(ssl_upstream_version), &ssl_upstream_version_length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_SERVER_SIDE_VERSION, (uint8_t *)ssl_upstream_version, sizeof(ssl_upstream_version), &ssl_upstream_version_length);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_CLIENT_SIDE_VERSION, (unsigned char *)ssl_downstream_version, sizeof(ssl_downstream_version), &ssl_downstream_version_length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_CLIENT_SIDE_VERSION, (uint8_t *)ssl_downstream_version, sizeof(ssl_downstream_version), &ssl_downstream_version_length);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_PINNING_STATE, (unsigned char *)&ssl_pinning_state, sizeof(ssl_pinning_state), &length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_PINNING_STATE, (uint8_t *)&ssl_pinning_state, sizeof(ssl_pinning_state), &length);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_CERT_VERIFY, (unsigned char *)&ssl_cert_verify, sizeof(ssl_cert_verify), &length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_CERT_VERIFY, (uint8_t *)&ssl_cert_verify, sizeof(ssl_cert_verify), &length);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_ERROR, (unsigned char *)ssl_error, sizeof(ssl_error), &ssl_error_length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_ERROR, (uint8_t *)ssl_error, sizeof(ssl_error), &ssl_error_length);
|
||||||
|
|
||||||
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (unsigned char *)ssl_passthrough_reason, sizeof(ssl_passthrough_reason), &ssl_passthrough_reason_length);
|
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (uint8_t *)ssl_passthrough_reason, sizeof(ssl_passthrough_reason), &ssl_passthrough_reason_length);
|
||||||
|
|
||||||
mpack_write_u8(&writer, hit_no_intercept?0:1);
|
mpack_write_u8(&writer, hit_no_intercept?0:1);
|
||||||
mpack_write_u8(&writer, ssl_intercept_status);
|
mpack_write_u8(&writer, ssl_intercept_status);
|
||||||
@@ -1010,8 +1010,8 @@ static void set_passthrough_reason(struct tfe_cmsg *cmsg, char *reason)
|
|||||||
{
|
{
|
||||||
uint8_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
|
uint8_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
|
||||||
|
|
||||||
tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)reason, strlen(reason));
|
tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const uint8_t *)reason, strlen(reason));
|
||||||
tfe_cmsg_set(cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, (const unsigned char *)&ssl_intercept_status, (uint16_t)sizeof(ssl_intercept_status));
|
tfe_cmsg_set(cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, (const uint8_t *)&ssl_intercept_status, (uint16_t)sizeof(ssl_intercept_status));
|
||||||
tfe_cmsg_set_flag(cmsg, TFE_CMSG_FLAG_USER0);
|
tfe_cmsg_set_flag(cmsg, TFE_CMSG_FLAG_USER0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1103,8 +1103,10 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
|
|||||||
char reason_invalid_intercept_param[] = "Invalid Intercept Param";
|
char reason_invalid_intercept_param[] = "Invalid Intercept Param";
|
||||||
char reason_invalid_tcp_policy_param[] = "Invalid tcp policy Param";
|
char reason_invalid_tcp_policy_param[] = "Invalid tcp policy Param";
|
||||||
char reason_underlying_stream_error[] = "Underlying Stream Error";
|
char reason_underlying_stream_error[] = "Underlying Stream Error";
|
||||||
|
uint8_t src_mac[ETH_ALEN] = {0};
|
||||||
|
uint8_t dst_mac[ETH_ALEN] = {0};
|
||||||
|
|
||||||
unsigned int stream_common_direction;
|
uint32_t stream_common_direction;
|
||||||
uint8_t stream_protocol_in_char = 0;
|
uint8_t stream_protocol_in_char = 0;
|
||||||
uint8_t enable_decrypted_traffic_steering = 0;
|
uint8_t enable_decrypted_traffic_steering = 0;
|
||||||
struct session_ctx *s_ctx = NULL;
|
struct session_ctx *s_ctx = NULL;
|
||||||
@@ -1126,7 +1128,20 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
|
|||||||
TFE_LOG_ERROR(logger, "%s: incorrect dataoffset in the control zone of session %lu, offset:%u, l7offset:%u, payload:%p, raw_data:%p", LOG_TAG_PKTIO, meta->session_id, offset, meta->l7offset, payload, meta->raw_data);
|
TFE_LOG_ERROR(logger, "%s: incorrect dataoffset in the control zone of session %lu, offset:%u, l7offset:%u, payload:%p, raw_data:%p", LOG_TAG_PKTIO, meta->session_id, offset, meta->l7offset, payload, meta->raw_data);
|
||||||
}
|
}
|
||||||
packet_get_innermost_tuple4(&pkt, &inner_tuple4);
|
packet_get_innermost_tuple4(&pkt, &inner_tuple4);
|
||||||
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size);
|
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (uint8_t *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size);
|
||||||
|
|
||||||
|
uint8_t packet_cur_dir = CURDIR_C2S;
|
||||||
|
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR, (uint8_t *)&packet_cur_dir, sizeof(uint8_t), &size);
|
||||||
|
|
||||||
|
packet_get_outermost_mac(&pkt, src_mac, dst_mac);
|
||||||
|
if (packet_cur_dir == CURDIR_C2S) {
|
||||||
|
tfe_cmsg_set(parser->cmsg, TFE_CMSG_SRC_MAC, (const uint8_t *)src_mac, ETH_ALEN);
|
||||||
|
tfe_cmsg_set(parser->cmsg, TFE_CMSG_DST_MAC, (const uint8_t *)dst_mac, ETH_ALEN);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
tfe_cmsg_set(parser->cmsg, TFE_CMSG_SRC_MAC, (const uint8_t *)dst_mac, ETH_ALEN);
|
||||||
|
tfe_cmsg_set(parser->cmsg, TFE_CMSG_DST_MAC, (const uint8_t *)src_mac, ETH_ALEN);
|
||||||
|
}
|
||||||
|
|
||||||
uuid_t rule_id = {0};
|
uuid_t rule_id = {0};
|
||||||
char str_rule_id[UUID_STRING_SIZE] = {0};
|
char str_rule_id[UUID_STRING_SIZE] = {0};
|
||||||
@@ -1139,7 +1154,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
|
|||||||
tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid intercept param");
|
tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid intercept param");
|
||||||
goto passthrough;
|
goto passthrough;
|
||||||
}
|
}
|
||||||
tfe_cmsg_set(parser->cmsg, TFE_CMSG_POLICY_ID, (const unsigned char *)rule_id, UUID_LEN);
|
tfe_cmsg_set(parser->cmsg, TFE_CMSG_POLICY_ID, (const uint8_t *)rule_id, UUID_LEN);
|
||||||
|
|
||||||
ret = intercept_policy_enforce(thread->ref_proxy->int_ply_enforcer, parser->cmsg);
|
ret = intercept_policy_enforce(thread->ref_proxy->int_ply_enforcer, parser->cmsg);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
@@ -1149,7 +1164,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
|
|||||||
goto passthrough;
|
goto passthrough;
|
||||||
}
|
}
|
||||||
|
|
||||||
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept), &out_size);
|
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (uint8_t *)&hit_no_intercept, sizeof(hit_no_intercept), &out_size);
|
||||||
if (hit_no_intercept == 1) {
|
if (hit_no_intercept == 1) {
|
||||||
is_passthrough = 1;
|
is_passthrough = 1;
|
||||||
__atomic_fetch_add(&packet_io_fs->hit_no_intercept_num, 1, __ATOMIC_RELAXED);
|
__atomic_fetch_add(&packet_io_fs->hit_no_intercept_num, 1, __ATOMIC_RELAXED);
|
||||||
@@ -1208,7 +1223,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
|
|||||||
goto passthrough;
|
goto passthrough;
|
||||||
}
|
}
|
||||||
|
|
||||||
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enable_decrypted_traffic_steering, sizeof(enable_decrypted_traffic_steering), &size);
|
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (uint8_t *)&enable_decrypted_traffic_steering, sizeof(enable_decrypted_traffic_steering), &size);
|
||||||
if ((STREAM_PROTO_PLAIN == (enum tfe_stream_proto)stream_protocol_in_char && thread->ref_proxy->traffic_steering_options.enable_steering_http) ||
|
if ((STREAM_PROTO_PLAIN == (enum tfe_stream_proto)stream_protocol_in_char && thread->ref_proxy->traffic_steering_options.enable_steering_http) ||
|
||||||
(STREAM_PROTO_SSL == (enum tfe_stream_proto)stream_protocol_in_char && thread->ref_proxy->traffic_steering_options.enable_steering_ssl) ||
|
(STREAM_PROTO_SSL == (enum tfe_stream_proto)stream_protocol_in_char && thread->ref_proxy->traffic_steering_options.enable_steering_ssl) ||
|
||||||
enable_decrypted_traffic_steering == 1)
|
enable_decrypted_traffic_steering == 1)
|
||||||
@@ -1239,9 +1254,9 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
|
|||||||
}
|
}
|
||||||
|
|
||||||
stream_common_direction = meta->is_e2i_dir ? 'I' : 'E';
|
stream_common_direction = meta->is_e2i_dir ? 'I' : 'E';
|
||||||
tfe_cmsg_set(parser->cmsg, TFE_CMSG_COMMON_DIRECTION, (const unsigned char *)&stream_common_direction, sizeof(stream_common_direction));
|
tfe_cmsg_set(parser->cmsg, TFE_CMSG_COMMON_DIRECTION, (const uint8_t *)&stream_common_direction, sizeof(stream_common_direction));
|
||||||
snprintf(stream_traceid, 24, "%" PRIu64, meta->session_id);
|
snprintf(stream_traceid, 24, "%" PRIu64, meta->session_id);
|
||||||
tfe_cmsg_set(parser->cmsg, TFE_CMSG_STREAM_TRACE_ID, (const unsigned char *)stream_traceid, strlen(stream_traceid));
|
tfe_cmsg_set(parser->cmsg, TFE_CMSG_STREAM_TRACE_ID, (const uint8_t *)stream_traceid, strlen(stream_traceid));
|
||||||
|
|
||||||
tfe_cmsg_dup(parser->cmsg);
|
tfe_cmsg_dup(parser->cmsg);
|
||||||
// 为避免 packet IO thread 与 worker 访问 cmsg 时出现竞争,packet IO thread 必须在调用 tfe_proxy_fds_accept 之前 set cmsg
|
// 为避免 packet IO thread 与 worker 访问 cmsg 时出现竞争,packet IO thread 必须在调用 tfe_proxy_fds_accept 之前 set cmsg
|
||||||
@@ -1289,9 +1304,6 @@ passthrough:
|
|||||||
if (parser->ack_len > 0)
|
if (parser->ack_len > 0)
|
||||||
raw_traffic_decapsulate(parser->ack_header, parser->ack_len, &s_ctx->s2c_info);
|
raw_traffic_decapsulate(parser->ack_header, parser->ack_len, &s_ctx->s2c_info);
|
||||||
|
|
||||||
uint8_t packet_cur_dir = CURDIR_C2S;
|
|
||||||
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR, (unsigned char *)&packet_cur_dir, sizeof(uint8_t), &size);
|
|
||||||
|
|
||||||
if (packet_cur_dir == CURDIR_C2S) {
|
if (packet_cur_dir == CURDIR_C2S) {
|
||||||
s_ctx->c2s_info.tuple4 = inner_tuple4;
|
s_ctx->c2s_info.tuple4 = inner_tuple4;
|
||||||
tuple4_reverse(&inner_tuple4, &s_ctx->s2c_info.tuple4);
|
tuple4_reverse(&inner_tuple4, &s_ctx->s2c_info.tuple4);
|
||||||
|
|||||||
Reference in New Issue
Block a user