bugfix: fix deal ssl frag error.v21.09.02

author: fumingwei <[email protected]> 2024-06-13 19:13:26 +0800
committer: fumingwei <[email protected]> 2024-06-14 15:40:03 +0800
commit: afa1e2792bad561e2be1bdeeaca319dbed530652 (patch)
tree: 0d6edd6d288a284e8cd5a8ea93d4eb4c2b7e4fc3
parent: ec3fabe4c52affb9809d92e73265e7e4a2ef73cd (diff)
2 files changed, 40 insertions, 39 deletions
diff --git a/ci/travis.sh b/ci/travis.sh
index b938240..315419d 100644
--- a/ci/travis.sh
+++ b/ci/travis.sh
@@ -34,7 +34,7 @@ env | sort
 : "${COMPILER_IS_GNUCXX:=OFF}"
 
 # Install dependency from YUM
-yum install -y mrzcpd-4.4.8.566081c numactl-devel zlib-devel librdkafka-devel systemd-devel libMESA_handle_logger-devel libMESA_htable-devel libcjson-devel libMESA_field_stat2-devel  sapp-devel framework_env  libMESA_prof_load-devel libmaatframe-devel-3.4.8.c84fb97 tsg_master-devel-5.4.3.36911a6 libasan ssl-devel-2.0.16.123a903
+yum install -y mrzcpd-4.4.8.566081c numactl-devel zlib-devel librdkafka-devel systemd-devel libMESA_handle_logger-devel libMESA_htable-devel libcjson-devel libMESA_field_stat2-devel  sapp-devel framework_env  libMESA_prof_load-devel libmaatframe-3.4.8.c84fb97 libmaatframe-devel-3.4.8.c84fb97 tsg_master-devel-5.4.3.36911a6 libasan ssl-devel-2.0.16.123a903
 
 if [ $ASAN_OPTION ];then
 	source /opt/rh/devtoolset-7/enable
diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index 32c08b4..b9706a7 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -1308,9 +1308,9 @@ static int is_stream_can_intercept(struct streaminfo *stream, struct pme_info *p
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_TFE], 0, FS_OP_ADD, 1);
 		goto error_out;
 	}
-	return INTERCEPT_RET_CODE_OK;
+	return 1;
 error_out:
-	return INTERCEPT_RET_CODE_FAIL;
+	return 0;
 }
 
 static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){
@@ -1473,14 +1473,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 		KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
 	}
 	FREE(&buff);
-	return INTERCEPT_RET_CODE_OK;
+	return 0;
 	//return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 
 error_out:
 	if(buff != NULL){
 		FREE(&buff);
 	}
-	return INTERCEPT_RET_CODE_FAIL;
+	return -1;
 	//return APP_STATE_FAWPKT  | APP_STATE_KILL_FOLLOW | APP_STATE_DROPME;
 }
 
@@ -1634,40 +1634,35 @@ void read_stream_intercept_status(struct streaminfo *stream, struct pme_info *pm
 }
 
 
-char deal_chello_frag(struct streaminfo *stream, struct pme_info *pmeinfo, int thread_seq)
+char deal_chello_frag(struct streaminfo *stream, struct pme_info *pmeinfo, int thread_seq, struct ssl_frag_chello *ssl_frag_chell_0)
 {
 	void * logger = g_kni_handle->local_logger;
-	int ret = 0;
-	struct ssl_frag_chello *ssl_frag_chell_0 = ssl_frag_chello_get0(stream);
-	if(ssl_frag_chell_0->p_sz > 0){
-		for(int i = 0; i < (int)ssl_frag_chell_0->p_sz; i++){
-			struct detain_pkt *packet = ssl_frag_chell_0->p[i];
-			int  len_rawpkt;
-			void *rawpkt = (void *)MESA_detain_rawpkt_data_get0(stream, packet, &len_rawpkt);
-
-			struct pkt_info rawpkt_info;
-			memset(&rawpkt_info, 0, sizeof(rawpkt_info));
-			wrapped_kni_header_parse(rawpkt, pmeinfo, &rawpkt_info);
-			KNI_LOG_DEBUG(logger, "Deal chello frags list[%d], stream traceid: %s, seq: %u, tcp_data_len: %d",i, pmeinfo->stream_traceid, ntohl(rawpkt_info.tcphdr->seq), rawpkt_info.data_len);
-
-			if(i == 0){
-				ret = first_data_intercept(stream, pmeinfo, &rawpkt_info, thread_seq);
-				// usleep(5000);
-				if(ret == INTERCEPT_RET_CODE_FAIL){
-					break;
-				}
-			} else {
-				char *new_pkt = (char*)ALLOC(struct wrapped_packet, 1);
-				int offset = 0;
-				offset = rebuild_packet_to_add_tcp_option(pmeinfo, &rawpkt_info, new_pkt);
-				set_new_packet_checksum(pmeinfo, &rawpkt_info, new_pkt, offset);
-				ret = next_data_intercept(pmeinfo, (void *)new_pkt, &rawpkt_info, thread_seq);
-				free(new_pkt);
+	for(int i = 0; i < (int)ssl_frag_chell_0->p_sz; i++){
+		struct detain_pkt *packet = ssl_frag_chell_0->p[i];
+		int  len_rawpkt;
+		void *rawpkt = (void *)MESA_detain_rawpkt_data_get0(stream, packet, &len_rawpkt);
+
+		struct pkt_info rawpkt_info;
+		memset(&rawpkt_info, 0, sizeof(rawpkt_info));
+		wrapped_kni_header_parse(rawpkt, pmeinfo, &rawpkt_info);
+		KNI_LOG_DEBUG(logger, "Deal chello frags list[%d], stream traceid: %s, seq: %u, tcp_data_len: %d",i, pmeinfo->stream_traceid, ntohl(rawpkt_info.tcphdr->seq), rawpkt_info.data_len);
+
+		if(i == 0){
+			int ret = first_data_intercept(stream, pmeinfo, &rawpkt_info, thread_seq);
+			if(ret == -1){
+				return APP_STATE_KILL_FOLLOW | APP_STATE_DROPME;
 			}
+		} else {
+			struct wrapped_packet new_pkt;
+			memset(&new_pkt, 0, sizeof(struct wrapped_packet));
+			int offset = 0;
+			offset = rebuild_packet_to_add_tcp_option(pmeinfo, &rawpkt_info, (char *)&new_pkt);
+			set_new_packet_checksum(pmeinfo, &rawpkt_info, (char *)&new_pkt, offset);
+			next_data_intercept(pmeinfo, (void *)&new_pkt, &rawpkt_info, thread_seq);
 		}
 	}
 	ssl_frag_chello_free(stream);
-	return ret;
+	return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 }
 
 
@@ -1681,12 +1676,10 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, con
 	if(pmeinfo->check_data_packets_num == 1)
 	{
 		int ret = is_stream_can_intercept(stream, pmeinfo, pktinfo, thread_seq);
-		if(ret == INTERCEPT_RET_CODE_FAIL){
-			return INTERCEPT_RET_CODE_FAIL;
+		if(ret == 0){
+			return APP_STATE_FAWPKT | APP_STATE_DROPME;
 		}
 	}
-	if(pmeinfo->action != KNI_ACTION_INTERCEPT && pmeinfo->check_data_packets_num < g_kni_handle->reassembled_packets_num)
-		return INTERCEPT_RET_CODE_NEED_NEXT;
 
 	if(pmeinfo->action == KNI_ACTION_INTERCEPT){
 		pmeinfo->ssl_intercept_state = 1;
@@ -1706,13 +1699,21 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, con
 		if(ssl_frag_chell_0 && ssl_frag_chell_0->p_sz > 0)
 		{
 			KNI_LOG_DEBUG(logger, "ssl_frag chello: packet num: %d, stream traceid = %s, data packet number: %d", ssl_frag_chell_0->p_sz, pmeinfo->stream_traceid, pmeinfo->check_data_packets_num);
-			return deal_chello_frag(stream, pmeinfo, thread_seq);
+			return deal_chello_frag(stream, pmeinfo, thread_seq, ssl_frag_chell_0);
 			// ret = next_data_intercept(pmeinfo, a_packet, pktinfo, thread_seq);
 		}
 		else{
-			return first_data_intercept(stream, pmeinfo, pktinfo, thread_seq);
+			int ret = first_data_intercept(stream, pmeinfo, pktinfo, thread_seq);
+			if(ret == 0)
+				return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
+			else
+				return APP_STATE_FAWPKT  | APP_STATE_KILL_FOLLOW | APP_STATE_DROPME;
 		}
 	}
+	else{
+		if(pmeinfo->check_data_packets_num < g_kni_handle->reassembled_packets_num)
+			return APP_STATE_GIVEME;
+	}
 	return APP_STATE_FAWPKT | APP_STATE_DROPME;
 }
author	fumingwei <[email protected]>	2024-06-13 19:13:26 +0800
committer	fumingwei <[email protected]>	2024-06-14 15:40:03 +0800
commit	afa1e2792bad561e2be1bdeeaca319dbed530652 (patch)
tree	0d6edd6d288a284e8cd5a8ea93d4eb4c2b7e4fc3
parent	ec3fabe4c52affb9809d92e73265e7e4a2ef73cd (diff)