增加kni 支持fqdn共享

1 files changed, 41 insertions, 10 deletions

diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index fb0066a..f524c26 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -380,6 +380,23 @@ static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pm
 			ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
 		else
 			ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)session_attribute_label->ja3_fingerprint, strlen(session_attribute_label->ja3_fingerprint), pmeinfo);
+
+		ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_NUM, (const unsigned char*)&(session_attribute_label->fqdn_category_id_num), sizeof(unsigned int), pmeinfo);
+
+		if(session_attribute_label->fqdn_category_id_num <= 0 || session_attribute_label->fqdn_category_id_num > 8)
+		{
+			ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_VAL, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+		}
+		else
+		{
+			char fqdn_val[sizeof(session_attribute_label->fqdn_category_id)] = {0};
+			for(int i = 0 ; i < session_attribute_label->fqdn_category_id_num; i ++)
+			{
+				memcpy((void *)(fqdn_val + i * (sizeof(unsigned int))),  (void *)&(session_attribute_label->fqdn_category_id[i]), sizeof(unsigned int));
+			}
+			ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_VAL, (const unsigned char*)fqdn_val,session_attribute_label->fqdn_category_id_num *sizeof(unsigned int) , pmeinfo);
+		}
+		
 	}while(0);
 	return ret;
 }
@@ -994,6 +1011,20 @@ static struct _session_attribute_label_t * kni_pull_session_attribute_results(st
 			KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is NULL,stream traceid = %s",pmeinfo->stream_traceid);
 		else
 			KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is %s,stream traceid = %s",session_attribute_label->ja3_fingerprint,pmeinfo->stream_traceid);
+
+
+		if(session_attribute_label->fqdn_category_id_num < 0 || session_attribute_label->fqdn_category_id_num > 8)
+		{
+			KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id_num out of range( 0 <= value <= 8), value = %d,stream traceid = %s",session_attribute_label->fqdn_category_id_num,pmeinfo->stream_traceid);
+		}
+		else
+		{
+			for(int i= 0; i < session_attribute_label->fqdn_category_id_num; i ++)
+			{
+				KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id[%d] = %u,stream traceid = %s",i,session_attribute_label->fqdn_category_id[i]);
+			}
+		}
+		
 	}
 	else
 	{
@@ -1127,7 +1158,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 		if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1)
 		{
 			KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid);
-			return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;	
+			return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;	
 		}
 	}
 
@@ -1168,7 +1199,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 					}
 				}
 			}
-			return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
+			return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 		}
 	}
 
@@ -1232,13 +1263,13 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 		KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
 	}
 	FREE(&buff);
-	return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
+	return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 
 error_out:
 	if(buff != NULL){
 		FREE(&buff);
 	}
-	return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_DROPME;
+	return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_DROPME;
 }
 
 static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){
@@ -1296,7 +1327,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
 	struct ip6_hdr* ipv6_hdr = NULL;
 	if(pktinfo->parse_failed == 1){
 		KNI_LOG_ERROR(logger, "next_data_intercept: invalid ip header, drop pkt and not send to tfe");
-		return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
+		return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 	}
 	//search dabloom
 	if(g_kni_handle->dup_traffic_switch == 1){
@@ -1305,12 +1336,12 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
 			if(g_kni_handle->pxy_tcp_option_enable == 1)
 			{
 				if(pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1){ //Bypass Duplicated Packet
-					return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
+					return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 				}
 			}
 			ret = dabloom_search(pktinfo, thread_seq);
 			if(ret == 1){
-				return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
+				return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 			}
 		}
 	}
@@ -1325,12 +1356,12 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
 	if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
 		KNI_LOG_DEBUG(logger, "Next data packet exceed MTU(1500), stream traceid = %s, stream addr = %s", 
 				pmeinfo->stream_traceid, pmeinfo->stream_addr);
-		return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
+		return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 	}
 	if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
 		if(pmeinfo->is_dynamic_bypass){
 			next_data_ssl_dynamic_bypass(pktinfo);
-			return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
+			return APP_STATE_FAWPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 		}
 	}
 
@@ -1343,7 +1374,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
 	else{
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
 	}
-	return APP_STATE_DROPPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
+	return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
 }
 
 char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){