diff options
| author | fumingwei <[email protected]> | 2023-04-28 18:03:22 +0800 |
|---|---|---|
| committer | fumingwei <[email protected]> | 2023-04-28 18:19:10 +0800 |
| commit | 2e19f0a9d79a43f3a419830a9df9c1bf384ada32 (patch) | |
| tree | c8371825f04f624ce8dffe3cf2d16e80c7f9e63b /entry | |
| parent | 19d0a2bd4867f81e2d747e55af950d409538de1b (diff) | |
feature:TSG-14915:kni适配新版本tfe cmsg修改
Diffstat (limited to 'entry')
| -rw-r--r-- | entry/include/kni_entry.h | 8 | ||||
| -rw-r--r-- | entry/src/kni_dynamic_bypass.cpp | 4 | ||||
| -rw-r--r-- | entry/src/kni_entry.cpp | 12 |
3 files changed, 12 insertions, 12 deletions
diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h index 9f9473a..9a93b14 100644 --- a/entry/include/kni_entry.h +++ b/entry/include/kni_entry.h @@ -101,7 +101,7 @@ struct pme_info{ addr_type_t addr_type; char stream_addr[KNI_ADDR_MAX]; int do_log; - int policy_id; + long long policy_id; enum TSG_PROTOCOL protocol; enum kni_action action; int service; @@ -131,13 +131,13 @@ struct pme_info{ int n_maat_rule; struct maat_rule maat_rule; //from tfe, kafka log - uint64_t ssl_intercept_state; - uint64_t ssl_pinningst; //defalut 0 + uint8_t ssl_intercept_state; + uint8_t ssl_pinningst; //defalut 0 uint64_t ssl_server_side_latency; uint64_t ssl_client_side_latency; char ssl_server_side_version[KNI_SYMBOL_MAX]; char ssl_client_side_version[KNI_SYMBOL_MAX]; - int64_t ssl_cert_verify; + int8_t ssl_cert_verify; char ssl_error[KNI_STRING_MAX]; //for dup traffic detect diff --git a/entry/src/kni_dynamic_bypass.cpp b/entry/src/kni_dynamic_bypass.cpp index 004ae3a..c0d93e7 100644 --- a/entry/src/kni_dynamic_bypass.cpp +++ b/entry/src/kni_dynamic_bypass.cpp @@ -109,7 +109,7 @@ static int sslinfo2bypass_htable_search(MESA_htable_handle htable,char *key, int value = MESA_htable_search_cb(htable, (const unsigned char *)key, (unsigned int )klen, sslinfo2bypass_htable_search_cb, NULL, &cb_ret); if(cb_ret == 0) { - pmeinfo->ssl_pinningst = *((uint64_t *)value); + pmeinfo->ssl_pinningst = *((uint8_t *)value); KNI_LOG_DEBUG(logger, "MESA_htable: success to search, table = sslinfo2bypass_htable,key = %s, key_size = %d, ret =%d", key, klen,cb_ret); } else @@ -309,7 +309,7 @@ int ssl_dynamic_bypass_htable_add(struct pme_info *pmeinfo) MESA_htable_handle traceid2sslinfo_htable = g_kni_handle->threads_handle[pmeinfo->thread_seq].traceid2sslinfo_htable; if(pmeinfo->ssl_intercept_state == 0) { - cb_ret = traceid2sslinfo_htable_search(traceid2sslinfo_htable,pmeinfo->stream_traceid, strlen(pmeinfo->stream_traceid), pmeinfo->thread_seq, pmeinfo->ssl_pinningst); + cb_ret = traceid2sslinfo_htable_search(traceid2sslinfo_htable,pmeinfo->stream_traceid, strlen(pmeinfo->stream_traceid), pmeinfo->thread_seq, (uint64_t)pmeinfo->ssl_pinningst); if(cb_ret >= 0) { cb_ret = MESA_htable_del(traceid2sslinfo_htable, (const unsigned char *)pmeinfo->stream_traceid, strlen(pmeinfo->stream_traceid), NULL); diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index 5b7c2b2..1206007 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -199,9 +199,9 @@ static int log_generate(struct pme_info *pmeinfo){ if(pmeinfo->protocol == PROTO_SSL){ TLD_append(tld_handle, (char*)"ssl_sni", (void*)pmeinfo->domain.sni, TLD_TYPE_STRING); //pinning state: from tfe - TLD_append(tld_handle, (char*)"ssl_pinningst", (void*)pmeinfo->ssl_pinningst, TLD_TYPE_LONG); + TLD_append(tld_handle, (char*)"ssl_pinningst", (void*)(long)pmeinfo->ssl_pinningst, TLD_TYPE_LONG); //intercept state: from tfe - TLD_append(tld_handle, (char*)"ssl_intercept_state", (void*)pmeinfo->ssl_intercept_state, TLD_TYPE_LONG); + TLD_append(tld_handle, (char*)"ssl_intercept_state", (void*)(long)pmeinfo->ssl_intercept_state, TLD_TYPE_LONG); //ssl upstream latency: from tfe TLD_append(tld_handle, (char*)"ssl_server_side_latency", (void*)pmeinfo->ssl_server_side_latency, TLD_TYPE_LONG); //ssl downstream latency: from tfe @@ -215,7 +215,7 @@ static int log_generate(struct pme_info *pmeinfo){ TLD_append(tld_handle, (char*)"ssl_error", (void*)pmeinfo->ssl_error, TLD_TYPE_STRING); //ssl cert verify if(pmeinfo->ssl_cert_verify != -1){ - TLD_append(tld_handle, (char*)"ssl_cert_verify", (void*)pmeinfo->ssl_cert_verify, TLD_TYPE_LONG); + TLD_append(tld_handle, (char*)"ssl_cert_verify", (void*)(long)pmeinfo->ssl_cert_verify, TLD_TYPE_LONG); } if (pmeinfo->ssl_intercept_state == 0){ if (strlen(pmeinfo->ssl_passthrough_reason)) @@ -619,7 +619,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st char src_mac[6] = {0}; char dst_mac[6] = {0}; - int policy_id; + uint64_t policy_id; unsigned int stream_common_direction; switch(pmeinfo->protocol) @@ -688,7 +688,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR, (const unsigned char*)&stream_curdir, 1, pmeinfo); if(ret < 0) goto error_out; //maat policy id - policy_id = pmeinfo->policy_id; + policy_id = (uint64_t)pmeinfo->policy_id; ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_POLICY_ID, (const unsigned char*)&policy_id, sizeof(policy_id), pmeinfo); if(ret < 0) goto error_out; //stream trace id @@ -1736,7 +1736,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str pmeinfo->session_attribute = kni_pull_session_attribute_results(stream,pmeinfo); maat_hit = 1; char *action_str = kni_maat_action_trans(pmeinfo->action); - KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, rule_id = %d, action = %d(%s), stream traceid = %s", + KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, rule_id = %u, action = %d(%s), stream traceid = %s", pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid); } switch(pmeinfo->action){ |