bugfix: fix chello first packet hit intercept policy bug.v21.09.04

2 files changed, 19 insertions, 7 deletions

diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h
index 36192ce..78f92b2 100644
--- a/entry/include/kni_entry.h
+++ b/entry/include/kni_entry.h
@@ -154,6 +154,7 @@ struct pme_info{
 	int pxy_tcp_option_is_scan;
 	struct session_attribute_label *session_attribute;
 	int check_data_packets_num;
+	int has_send_packet_nums;
 };
 
 struct wrapped_packet{
diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index a3da110..f7ac99a 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -1425,6 +1425,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 	//Note: traceid2pme_add_fail, still work. no cmsg
 	traceid2pme_htable_add(pmeinfo);
 	//send to tfe
+	pmeinfo->has_send_packet_nums ++;
 	ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
 	if(ret < 0){
 		KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, stream addr = %s", 
@@ -1522,6 +1523,16 @@ char* kni_maat_action_trans(enum kni_action action){
 char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct pkt_info *pktinfo, int thread_seq){
 	//return value  0 
 	//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
+	struct wrapped_packet new_pkt;
+	if(pmeinfo->has_send_packet_nums < g_kni_handle->reassembled_packets_num){
+		memset(&new_pkt, 0, sizeof(struct wrapped_packet));
+		int offset = 0;
+		offset = rebuild_packet_to_add_tcp_option(pmeinfo, pktinfo, (char *)&new_pkt);
+		set_new_packet_checksum(pmeinfo, pktinfo, (char *)&new_pkt, offset);
+		a_packet = (void *)&(new_pkt);
+	}
+
+
 	int ret, len;
 	void *logger = g_kni_handle->local_logger;
 	struct iphdr *ipv4_hdr = NULL;
@@ -1570,7 +1581,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
 			//return APP_STATE_FAWPKT  | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 		}
 	}
-
+	pmeinfo->has_send_packet_nums ++;
 	ret = send_to_tfe((char*)a_packet, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
 	if(ret < 0){
 		KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s, stream addr = %s", 
@@ -1641,12 +1652,12 @@ char deal_chello_frag(struct streaminfo *stream, struct pme_info *pmeinfo, int t
 				return APP_STATE_KILL_FOLLOW | APP_STATE_DROPME;
 			}
 		} else {
-			struct wrapped_packet new_pkt;
-			memset(&new_pkt, 0, sizeof(struct wrapped_packet));
-			int offset = 0;
-			offset = rebuild_packet_to_add_tcp_option(pmeinfo, &rawpkt_info, (char *)&new_pkt);
-			set_new_packet_checksum(pmeinfo, &rawpkt_info, (char *)&new_pkt, offset);
-			next_data_intercept(pmeinfo, (void *)&new_pkt, &rawpkt_info, thread_seq);
+			// struct wrapped_packet new_pkt;
+			// memset(&new_pkt, 0, sizeof(struct wrapped_packet));
+			// int offset = 0;
+			// offset = rebuild_packet_to_add_tcp_option(pmeinfo, &rawpkt_info, (char *)&new_pkt);
+			// set_new_packet_checksum(pmeinfo, &rawpkt_info, (char *)&new_pkt, offset);
+			next_data_intercept(pmeinfo, rawpkt, &rawpkt_info, thread_seq);
 		}
 	}
 	ssl_frag_chello_free(stream);