gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SCE支持动态更新sid list; SCE存储raw packet/decrypted packet共计4个方向的metadata

Browse Source
This commit is contained in:
luwenpeng
2023-05-06 10:41:30 +08:00
parent 1577f489c9
commit bd899c08f1
8 changed files with 309 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
platform/src/packet_io.cpp
View File

@@ -185,6 +185,92 @@ int mbuff_set_metadata(marsio_buff_t *tx_buff, struct metadata *meta)
return 0;
}
static void update_session_by_metadata(struct session_ctx *ctx, struct metadata *meta)
{
struct metadata *dst_meta_i2e = NULL;
struct metadata *dst_meta_e2i = NULL;
if (meta->is_decrypted)
{
dst_meta_i2e = ctx->decrypted_meta_i2e;
dst_meta_e2i = ctx->decrypted_meta_e2i;
}
else
{
dst_meta_i2e = ctx->raw_meta_i2e;
dst_meta_e2i = ctx->raw_meta_e2i;
}
if (meta->is_e2i_dir)
{
// first packet update metadata
if (metadata_is_empty(dst_meta_e2i))
{
metadata_shallow_copy(dst_meta_e2i, meta);
}
else
{
// next packet only update sids
sids_copy(&dst_meta_e2i->sids, &meta->sids);
}
}
else
{
// first packet update metadata
if (metadata_is_empty(dst_meta_i2e))
{
metadata_shallow_copy(dst_meta_i2e, meta);
}
else
{
// next packet only update sids
sids_copy(&dst_meta_i2e->sids, &meta->sids);
}
}
}
static void update_metadata_by_session(struct session_ctx *ctx, struct metadata *meta)
{
struct sids *sids = NULL;
struct route_ctx *route_ctx = NULL;
meta->session_id = ctx->session_id;
if (meta->is_e2i_dir)
{
if (meta->is_decrypted)
{
sids = &ctx->decrypted_meta_e2i->sids;
route_ctx = &ctx->decrypted_meta_e2i->route_ctx;
}
else
{
sids = &ctx->raw_meta_e2i->sids;
route_ctx = &ctx->raw_meta_e2i->route_ctx;
}
}
else
{
if (meta->is_decrypted)
{
sids = &ctx->decrypted_meta_i2e->sids;
route_ctx = &ctx->decrypted_meta_i2e->route_ctx;
}
else
{
sids = &ctx->raw_meta_i2e->sids;
route_ctx = &ctx->raw_meta_i2e->route_ctx;
}
}
sids_copy(&meta->sids, sids);
route_ctx_copy(&meta->route_ctx, route_ctx);
}
/******************************************************************************
* keepalive
******************************************************************************/
// return 0 : not keepalive packet
// return 1 : is keepalive packet
static int is_downlink_keepalive_packet(marsio_buff_t *rx_buff)
@@ -902,13 +988,13 @@ static void handle_raw_packet(marsio_buff_t *rx_buff, struct thread_ctx *thread_
// bypass_traffic:3 bypass decrypted traffic
if (unlikely(thread_ctx->ref_io->config.bypass_traffic == 2 && meta.is_decrypted == 0))
{
LOG_DEBUG("%s: session %lu bypass, enable raw traffic bypass !!!", LOG_TAG_PKTIO);
LOG_DEBUG("%s: session %lu bypass, enable raw traffic bypass !!!", LOG_TAG_PKTIO, meta.session_id);
goto error_bypass;
}
if (unlikely(thread_ctx->ref_io->config.bypass_traffic == 3 && meta.is_decrypted == 1))
{
LOG_DEBUG("%s: session %lu bypass, enable decrypted traffic bypass !!!", LOG_TAG_PKTIO);
LOG_DEBUG("%s: session %lu bypass, enable decrypted traffic bypass !!!", LOG_TAG_PKTIO, meta.session_id);
goto error_bypass;
}
@@ -919,20 +1005,7 @@ static void handle_raw_packet(marsio_buff_t *rx_buff, struct thread_ctx *thread_
goto error_bypass;
}
if (meta.is_e2i_dir)
{
if (metadata_is_empty(session_ctx->raw_meta_e2i))
{
metadata_deep_copy(session_ctx->raw_meta_e2i, &meta);
}
}
else
{
if (metadata_is_empty(session_ctx->raw_meta_i2e))
{
metadata_deep_copy(session_ctx->raw_meta_i2e, &meta);
}
}
update_session_by_metadata(session_ctx, &meta);
if (meta.is_decrypted == 1)
{
@@ -988,17 +1061,7 @@ static void handle_inject_packet(marsio_buff_t *rx_buff, struct thread_ctx *thre
goto error_block;
}
meta.session_id = session_ctx->session_id;
if (meta.is_e2i_dir)
{
sids_copy(&meta.sids, &session_ctx->raw_meta_e2i->sids);
route_ctx_copy(&meta.route_ctx, &session_ctx->raw_meta_e2i->route_ctx);
}
else
{
sids_copy(&meta.sids, &session_ctx->raw_meta_i2e->sids);
route_ctx_copy(&meta.route_ctx, &session_ctx->raw_meta_i2e->route_ctx);
}
update_metadata_by_session(session_ctx, &meta);
if (meta.is_decrypted == 1)
{

29
platform/src/sce.cpp
View File

@@ -28,6 +28,21 @@ int metadata_is_empty(struct metadata *meta)
}
}
void metadata_shallow_copy(struct metadata *dst, struct metadata *src)
{
dst->write_ref++;
dst->session_id = src->session_id;
dst->raw_data = NULL;
dst->raw_len = 0;
dst->l7offset = src->l7offset;
dst->is_e2i_dir = src->is_e2i_dir;
dst->is_ctrl_pkt = src->is_ctrl_pkt;
dst->is_decrypted = src->is_decrypted;
sids_copy(&dst->sids, &src->sids);
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
}
void metadata_deep_copy(struct metadata *dst, struct metadata *src)
{
dst->write_ref++;
@@ -70,6 +85,8 @@ struct session_ctx *session_ctx_new()
fixed_num_array_init(&session_ctx->rule_ids);
session_ctx->decrypted_meta_i2e = metadata_new();
session_ctx->decrypted_meta_e2i = metadata_new();
session_ctx->raw_meta_i2e = metadata_new();
session_ctx->raw_meta_e2i = metadata_new();
session_ctx->ctrl_meta = metadata_new();
@@ -81,6 +98,18 @@ void session_ctx_free(struct session_ctx *session_ctx)
{
if (session_ctx)
{
if (session_ctx->decrypted_meta_i2e)
{
metadata_free(session_ctx->decrypted_meta_i2e);
session_ctx->decrypted_meta_i2e = NULL;
}
if (session_ctx->decrypted_meta_e2i)
{
metadata_free(session_ctx->decrypted_meta_e2i);
session_ctx->decrypted_meta_e2i = NULL;
}
if (session_ctx->raw_meta_i2e)
{
metadata_free(session_ctx->raw_meta_i2e);