TSG-14628 TFE适配TCP Option Profile库表的变更

platform/src/acceptor_kni_v3.cpp

@@ -18,6 +18,8 @@
 
 #define TCP_RESTORE_TCPOPT_KIND 88
 
+extern void tcp_policy_enforce(struct tcp_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uint64_t rule_id);
+
 struct acceptor_kni_v3
 {
 	struct tfe_proxy *proxy;
@@ -529,6 +531,51 @@ static int fake_tcp_handshake(struct tfe_proxy *proxy, struct tcp_restore_info *
 	return 0;
 }
 
+static int overwrite_tcp_mss(struct tfe_cmsg *cmsg, struct tcp_restore_info *restore)
+{
+	int ret = 0;
+	uint16_t size = 0;
+	int server_side_mss_enable = 0;
+	int server_side_mss_value = 0;
+	int client_side_mss_enable = 0;
+	int client_side_mss_value = 0;
+
+	ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE, (unsigned char *)&client_side_mss_enable, sizeof(client_side_mss_enable), &size);
+	if (ret < 0)
+	{
+		TFE_LOG_ERROR(g_default_logger, "failed at fetch client side tcp mss from cmsg: %s", strerror(-ret));
+		return -1;
+	}
+	ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DOWNSTREAM_TCP_MSS_VALUE, (unsigned char *)&client_side_mss_value, sizeof(client_side_mss_value), &size);
+	if (ret < 0)
+	{
+		TFE_LOG_ERROR(g_default_logger, "failed at fetch client side tcp mss value from cmsg: %s", strerror(-ret));
+		return -1;
+	}
+	ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_UPSTREAM_TCP_MSS_ENABLE, (unsigned char *)&server_side_mss_enable, sizeof(server_side_mss_enable), &size);
+	if (ret < 0)
+	{
+		TFE_LOG_ERROR(g_default_logger, "failed at fetch server side tcp mss from cmsg: %s", strerror(-ret));
+		return -1;
+	}
+	ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_UPSTREAM_TCP_MSS_VALUE, (unsigned char *)&server_side_mss_value, sizeof(server_side_mss_value), &size);
+	if (ret < 0)
+	{
+		TFE_LOG_ERROR(g_default_logger, "failed at fetch server side tcp mss value from cmsg: %s", strerror(-ret));
+		return -1;
+	}
+	if (client_side_mss_enable)
+	{
+		restore->client.mss = client_side_mss_value;
+	}
+	if (server_side_mss_enable)
+	{
+		restore->server.mss = server_side_mss_value;
+	}
+
+	return 0;
+}
+
 /*
  * nfmsg : message objetc that contains the packet
  * nfad : Netlink packet data handle
@@ -555,6 +602,7 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
 	struct tcp_restore_info restore_info;
 	uint8_t stream_protocol_in_char = 0;
 	uint16_t size = 0;
+	uint64_t rule_id = 0;
 	struct acceptor_kni_v3 *__ctx = (struct acceptor_kni_v3 *)data;
 	clock_gettime(CLOCK_MONOTONIC, &(__ctx->start));
 	memset(&pktinfo, 0, sizeof(pktinfo));
@@ -659,6 +707,25 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
 		pktinfo.tcphdr->check = tfe_pkt_checksum_tcp_v6((void*)pktinfo.tcphdr, pktinfo.ip_totlen - pktinfo.iphdr_len, pktinfo.iphdr.v6->ip6_src, pktinfo.iphdr.v6->ip6_dst);
 	}
 
+	if (tfe_cmsg_deserialize((const unsigned char *)restore_info.cmsg, restore_info.cmsg_len, &cmsg) < 0)
+	{
+		TFE_LOG_ERROR(g_default_logger, "failed at tfe_cmsg_deserialize()");
+		goto end;
+	}
+
+	ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &size);
+	if (ret < 0)
+	{
+		TFE_LOG_ERROR(g_default_logger, "failed at fetch rule_id from cmsg: %s", strerror(-ret));
+		goto end;
+	}
+	tcp_policy_enforce(__ctx->proxy->tcp_ply_enforcer, cmsg, rule_id);
+
+	if (overwrite_tcp_mss(cmsg, &restore_info))
+	{
+		goto end;
+	}
+
 	tfe_tcp_restore_info_dump(&restore_info);
 
 	// tcp repair C2S
@@ -677,12 +744,6 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
 		goto end;
 	}
 
-	if (tfe_cmsg_deserialize((const unsigned char *)restore_info.cmsg, restore_info.cmsg_len, &cmsg) < 0)
-	{
-		TFE_LOG_ERROR(g_default_logger, "Failed at tfe_cmsg_deserialize()");
-		goto end;
-	}
-
 	tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size);
 	if (steering_device_is_available() && (
 			(STREAM_PROTO_PLAIN == (enum tfe_stream_proto)stream_protocol_in_char && __ctx->proxy->traffic_steering_options.enable_steering_http) ||