1、修改关闭tcp_option后cmsg没有tcp—_option相关的值，2、使用sapp字段MSO_HAVE_DUP_PKT判断重复流量

author: fumingwei <[email protected]> 2021-05-06 18:42:47 +0800
committer: fumingwei <[email protected]> 2021-05-06 18:42:47 +0800
commit: 37191f51c50037a68051d704a4164c8263230a8d (patch)
tree: cf66b61703dd905e22bb7c0d579dbc1af239d254
parent: f0e8af3f500b65e2b93e90cf6552e2cf6866bda0 (diff)
4 files changed, 54 insertions, 38 deletions
diff --git a/common/include/kni_utils.h b/common/include/kni_utils.h
index 78f371e..67805a2 100644
--- a/common/include/kni_utils.h
+++ b/common/include/kni_utils.h
@@ -75,6 +75,9 @@ enum kni_field{
 	KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR,
 	KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN,
 
+	//intercept error  HAVE_DUP_PKT
+	KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR,
+
 	//intercept error  stream tun type
 	KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR,
 	KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE,
diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h
index 5534805..0b96a4d 100644
--- a/entry/include/kni_entry.h
+++ b/entry/include/kni_entry.h
@@ -34,6 +34,7 @@ enum intercept_error{
 	INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR= -12,
 	INTERCEPT_ERROR_STREAM_TUNNLE_TYPE= -13,
 	INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR= -14,
+	INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR= -15,
 };
 
 /* action
diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index 06dd83f..a2b0084 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -1115,6 +1115,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 	int intercept_stream_link_mode_len = sizeof(unsigned char);
 	unsigned short stream_tunnel_type = STREAM_TUNNLE_NON;
 	int stream_tunnel_type_len = sizeof(unsigned short);
+	int have_dup_pkt_len = sizeof(pmeinfo->has_dup_traffic);
 	ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len);
 	if(ret == 0){
 		if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){
@@ -1216,12 +1217,22 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 		}
 	}
 
+    // get HAVE_DUP_PKT field
+	ret=MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&(pmeinfo->has_dup_traffic), &have_dup_pkt_len);
+	if(ret != 0){
+		KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
+		pmeinfo->intcp_error = INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR;
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, FS_OP_ADD, 1);
+		goto error_out;
+	}
+
 	//Bypass Duplicated Packet
 	if(g_kni_handle->pxy_tcp_option_enable == 1)
 	{
 		if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1)
 		{
 			KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1);
 			return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;	
 		}
 	}
@@ -1249,8 +1260,8 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 			}
 
 			if(pmeinfo->has_dup_traffic == 1){
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
-			KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
+				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
+				KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
 			}
 
 			pmeinfo->ssl_intercept_state = 0;
@@ -2171,6 +2182,8 @@ static struct kni_field_stat_handle * fs_init(const char *profile){
 	//intercept error  link mode
 	fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_lkmd_get");
 	fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_lkmd_not_syn");
+    //intercept error  get HAVE_DUP_PKT error
+	fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_dup_get");
 	//intercept error  stream tunnel type
 	fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tuntype_get");
 	fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_type_tun");	
diff --git a/entry/src/kni_pxy_tcp_option.cpp b/entry/src/kni_pxy_tcp_option.cpp
index f61d94f..5f59271 100644
--- a/entry/src/kni_pxy_tcp_option.cpp
+++ b/entry/src/kni_pxy_tcp_option.cpp
@@ -358,47 +358,46 @@ int pxy_tcp_option_rule_init(const char* conffile, void *logger)
     KNI_LOG_ERROR(logger, "Proxy-tcp-option: MESA_prof_load, [%s]:\n enabled: %d,enable_override:%d", section, pxy_tcp_option_enable,pxy_tcp_option_enable_override);
 	g_kni_handle->pxy_tcp_option_enable = pxy_tcp_option_enable;
 	g_kni_handle->pxy_tcp_option_enable_override = pxy_tcp_option_enable_override;
+
+	MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable), 0);
+	MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg), 1460);
+	MESA_load_profile_int_def(conffile, section, "client_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.client_tcp_nodelay), 1);
+	MESA_load_profile_int_def(conffile, section, "client_tcp_ttl", &(g_kni_handle->pxy_tcp_option.client_tcp_ttl),70);
+	MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable), 1);
+	MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt), 8);
+	MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle), 30);
+	MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl), 15);
+	MESA_load_profile_int_def(conffile, section, "client_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.client_tcp_user_timeout), 600);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable), 0);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg), 1460);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.server_tcp_nodelay), 1);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_ttl", &(g_kni_handle->pxy_tcp_option.server_tcp_ttl), 75);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable), 1);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt), 8);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle), 30);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl), 15);
+	MESA_load_profile_int_def(conffile, section, "server_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.server_tcp_user_timeout), 600);
+	MESA_load_profile_int_def(conffile, section, "bypass_duplicated_packet", &(g_kni_handle->pxy_tcp_option.bypass_duplicated_packet), 0);
+	MESA_load_profile_int_def(conffile, section, "tcp_passthrough", &(g_kni_handle->pxy_tcp_option.tcp_passthrough), 0);
+	KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration override by profile: %s ,value:[client_tcp_maxseg_enable:%d,client_tcp_maxseg:%d,client_tcp_nodelay:%d,"
+							"client_tcp_ttl:%d,client_tcp_keepalive_enable:%d,client_tcp_keepalive_keepcnt:%d,client_tcp_keepalive_keepidle:%d,client_tcp_keepalive_keepintvl:%d,"
+							"client_tcp_user_timeout:%d,server_tcp_maxseg_enable:%d,server_tcp_maxseg:%d,server_tcp_nodelay:%d,server_tcp_ttl:%d,server_tcp_keepalive_enable:%d,"
+							"server_tcp_keepalive_keepcnt:%d,server_tcp_keepalive_keepidle:%d,server_tcp_keepalive_keepintvl:%d,server_tcp_user_timeout:%d,bypass_duplicated_packet:%d,"
+							"tcp_passthrough:%d",
+							conffile, g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.client_tcp_maxseg,g_kni_handle->pxy_tcp_option.client_tcp_nodelay,
+							g_kni_handle->pxy_tcp_option.client_tcp_ttl,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt,
+							g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.client_tcp_user_timeout,
+							g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.server_tcp_maxseg,g_kni_handle->pxy_tcp_option.server_tcp_nodelay,
+							g_kni_handle->pxy_tcp_option.server_tcp_ttl,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt,
+							g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.server_tcp_user_timeout,
+							g_kni_handle->pxy_tcp_option.bypass_duplicated_packet,g_kni_handle->pxy_tcp_option.tcp_passthrough);
+
 	if(pxy_tcp_option_enable == 0)
 	{
 		KNI_LOG_ERROR(logger, "Proxy-tcp-option: Turn off tcp option");
 		return 0;
 	}
-	if(pxy_tcp_option_enable_override == 1)
-	{
-		MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable), 0);
-		MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg), 1460);
-		MESA_load_profile_int_def(conffile, section, "client_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.client_tcp_nodelay), 1);
-		MESA_load_profile_int_def(conffile, section, "client_tcp_ttl", &(g_kni_handle->pxy_tcp_option.client_tcp_ttl),70);
-		MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable), 1);
-		MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt), 8);
-		MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle), 30);
-		MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl), 15);
-		MESA_load_profile_int_def(conffile, section, "client_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.client_tcp_user_timeout), 600);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable), 0);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg), 1460);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.server_tcp_nodelay), 1);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_ttl", &(g_kni_handle->pxy_tcp_option.server_tcp_ttl), 75);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable), 1);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt), 8);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle), 30);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl), 15);
-		MESA_load_profile_int_def(conffile, section, "server_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.server_tcp_user_timeout), 600);
-		MESA_load_profile_int_def(conffile, section, "bypass_duplicated_packet", &(g_kni_handle->pxy_tcp_option.bypass_duplicated_packet), 0);
-		MESA_load_profile_int_def(conffile, section, "tcp_passthrough", &(g_kni_handle->pxy_tcp_option.tcp_passthrough), 0);
-		KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration override by profile: %s ,value:[client_tcp_maxseg_enable:%d,client_tcp_maxseg:%d,client_tcp_nodelay:%d,"
-							   "client_tcp_ttl:%d,client_tcp_keepalive_enable:%d,client_tcp_keepalive_keepcnt:%d,client_tcp_keepalive_keepidle:%d,client_tcp_keepalive_keepintvl:%d,"
-							   "client_tcp_user_timeout:%d,server_tcp_maxseg_enable:%d,server_tcp_maxseg:%d,server_tcp_nodelay:%d,server_tcp_ttl:%d,server_tcp_keepalive_enable:%d,"
-							   "server_tcp_keepalive_keepcnt:%d,server_tcp_keepalive_keepidle:%d,server_tcp_keepalive_keepintvl:%d,server_tcp_user_timeout:%d,bypass_duplicated_packet:%d,"
-							   "tcp_passthrough:%d", 
-							   conffile, g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.client_tcp_maxseg,g_kni_handle->pxy_tcp_option.client_tcp_nodelay,
-							   g_kni_handle->pxy_tcp_option.client_tcp_ttl,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt,
-							   g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.client_tcp_user_timeout,
-							   g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.server_tcp_maxseg,g_kni_handle->pxy_tcp_option.server_tcp_nodelay,
-							   g_kni_handle->pxy_tcp_option.server_tcp_ttl,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt,
-							   g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.server_tcp_user_timeout,
-							   g_kni_handle->pxy_tcp_option.bypass_duplicated_packet,g_kni_handle->pxy_tcp_option.tcp_passthrough);
-	}
-	else
+	if(pxy_tcp_option_enable_override == 0)
 	{
 		KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration read from maat");
 		for(i=0; i<TABLE_COMPILE; i++)
author	fumingwei <[email protected]>	2021-05-06 18:42:47 +0800
committer	fumingwei <[email protected]>	2021-05-06 18:42:47 +0800
commit	37191f51c50037a68051d704a4164c8263230a8d (patch)
tree	cf66b61703dd905e22bb7c0d579dbc1af239d254
parent	f0e8af3f500b65e2b93e90cf6552e2cf6866bda0 (diff)