summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--entry/src/kni_entry.cpp117
1 files changed, 71 insertions, 46 deletions
diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index 6bb4896..8d13b48 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -1082,6 +1082,7 @@ void next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
struct iphdr *ipv4_hdr = NULL;
struct ip6_hdr* ipv6_hdr = NULL;
if(pktinfo->parse_failed == 1){
+ KNI_LOG_ERROR(logger, "next_data_intercept: invalid ip header, drop pkt and not send to tfe");
return;
}
//search dabloom
@@ -1157,7 +1158,64 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
}
}
+void dup_traffic_detect(struct pme_info *pmeinfo, struct pkt_info *pktinfo){
+ if(g_kni_handle->dup_traffic_switch == 0){
+ return;
+ }
+ //syn
+ if(pktinfo->tcphdr->syn && !pktinfo->tcphdr->ack){
+ if(pmeinfo->syn_packet == NULL){
+ struct dup_traffic_dabloom_key *syn_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
+ dup_traffic_dabloom_key_get(pktinfo, syn_packet);
+ pmeinfo->syn_packet = syn_packet;
+ }
+ else{
+ struct dup_traffic_dabloom_key *syn_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
+ dup_traffic_dabloom_key_get(pktinfo, syn_packet);
+ if(memcmp(pmeinfo->syn_packet, syn_packet, sizeof(*syn_packet)) == 0){
+ pmeinfo->has_dup_syn = 1;
+ }
+ FREE(&(pmeinfo->syn_packet));
+ pmeinfo->syn_packet = syn_packet;
+ }
+ }
+ //syn/ack
+ if(pktinfo->tcphdr->syn && pktinfo->tcphdr->ack){
+ if(pmeinfo->syn_ack_packet == NULL){
+ struct dup_traffic_dabloom_key *syn_ack_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
+ dup_traffic_dabloom_key_get(pktinfo, syn_ack_packet);
+ pmeinfo->syn_ack_packet = syn_ack_packet;
+ }
+ else{
+ struct dup_traffic_dabloom_key *syn_ack_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
+ dup_traffic_dabloom_key_get(pktinfo, syn_ack_packet);
+ if(memcmp(pmeinfo->syn_ack_packet, syn_ack_packet, sizeof(*syn_ack_packet)) == 0){
+ pmeinfo->has_dup_syn_ack = 1;
+ }
+ FREE(&(pmeinfo->syn_ack_packet));
+ pmeinfo->syn_ack_packet = syn_ack_packet;
+ }
+ }
+}
+
+void tcp_handshake_pkt_process(struct pme_info *pmeinfo, struct pkt_info *pktinfo){
+ //syn
+ if(pktinfo->tcphdr->syn && !pktinfo->tcphdr->ack){
+ pmeinfo->client_window = ntohs(pktinfo->tcphdr->window);
+ pmeinfo->has_syn = 1;
+ kni_get_tcpopt(&(pmeinfo->client_tcpopt), pktinfo->tcphdr, pktinfo->tcphdr_len);
+ }
+ //syn/ack
+ if(pktinfo->tcphdr->syn && pktinfo->tcphdr->ack){
+ pmeinfo->server_window = ntohs(pktinfo->tcphdr->window);
+ pmeinfo->has_syn_ack = 1;
+ kni_get_tcpopt(&(pmeinfo->server_tcpopt), pktinfo->tcphdr, pktinfo->tcphdr_len);
+ }
+ dup_traffic_detect(pmeinfo, pktinfo);
+}
+
static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, const void *a_packet, int thread_seq){
+ void *logger = g_kni_handle->local_logger;
//parse ipv4/6 header
struct pkt_info pktinfo;
memset(&pktinfo, 0, sizeof(pktinfo));
@@ -1171,31 +1229,12 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
if(stream->ptcpdetail->datalen > 0){
return first_data_process(stream, pmeinfo, &pktinfo, thread_seq);
}
- //before first data, may be syn/ack, ack
- if(pktinfo.parse_failed == 0){
- if(pktinfo.tcphdr->syn && pktinfo.tcphdr->ack){
- pmeinfo->server_window = ntohs(pktinfo.tcphdr->window);
- pmeinfo->has_syn_ack = 1;
- kni_get_tcpopt(&(pmeinfo->server_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len);
- //dup traffic detect
- if(g_kni_handle->dup_traffic_switch == 1){
- if(pmeinfo->syn_ack_packet == NULL){
- struct dup_traffic_dabloom_key *syn_ack_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
- dup_traffic_dabloom_key_get(&pktinfo, syn_ack_packet);
- pmeinfo->syn_ack_packet = syn_ack_packet;
- }
- else{
- struct dup_traffic_dabloom_key *syn_ack_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
- dup_traffic_dabloom_key_get(&pktinfo, syn_ack_packet);
- if(memcmp(pmeinfo->syn_ack_packet, syn_ack_packet, sizeof(*syn_ack_packet)) == 0){
- pmeinfo->has_dup_syn_ack = 1;
- }
- FREE(&(pmeinfo->syn_ack_packet));
- pmeinfo->syn_ack_packet = syn_ack_packet;
- }
- }
- }
+ //before first data, may be dup_syn, syn/ack, dup_syn/ack
+ if(pktinfo.parse_failed != 0){
+ KNI_LOG_ERROR(logger, "before first data: invalid ip header, bypass pkt");
+ return APP_STATE_FAWPKT | APP_STATE_GIVEME;
}
+ tcp_handshake_pkt_process(pmeinfo, &pktinfo);
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
}
@@ -1217,34 +1256,15 @@ static char close_opstate(const struct streaminfo *stream, struct pme_info *pmei
}
static void pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, const void *a_packet, int thread_seq){
+ void *logger = g_kni_handle->local_logger;
pme_info_init(pmeinfo, stream, thread_seq);
struct pkt_info pktinfo;
wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo);
if(pktinfo.parse_failed == 1){
+ KNI_LOG_ERROR(logger, "pending opstate: invalid ip header, bypass pkt");
return;
}
- if(pktinfo.tcphdr->syn){
- pmeinfo->client_window = ntohs(pktinfo.tcphdr->window);
- pmeinfo->has_syn = 1;
- kni_get_tcpopt(&(pmeinfo->client_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len);
- //dup traffic detect
- if(g_kni_handle->dup_traffic_switch == 1){
- if(pmeinfo->syn_packet == NULL){
- struct dup_traffic_dabloom_key *syn_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
- dup_traffic_dabloom_key_get(&pktinfo, syn_packet);
- pmeinfo->syn_packet = syn_packet;
- }
- else{
- struct dup_traffic_dabloom_key *syn_packet = ALLOC(struct dup_traffic_dabloom_key, 1);
- dup_traffic_dabloom_key_get(&pktinfo, syn_packet);
- if(memcmp(pmeinfo->syn_packet, syn_packet, sizeof(*syn_packet)) == 0){
- pmeinfo->has_dup_syn = 1;
- }
- FREE(&(pmeinfo->syn_packet));
- pmeinfo->syn_packet = syn_packet;
- }
- }
- }
+ tcp_handshake_pkt_process(pmeinfo, &pktinfo);
return;
}
@@ -1261,6 +1281,11 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1);
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
}
+ enum addr_type_t addr_type = (enum addr_type_t)stream->addr.addrtype;
+ if(addr_type != ADDR_TYPE_IPV6 && addr_type != ADDR_TYPE_IPV4){
+ KNI_LOG_ERROR(logger, "addr_type(%d) is not ipv4 or ipv6, bypass stream");
+ return APP_STATE_FAWPKT | APP_STATE_DROPME;
+ }
switch(stream->pktstate){
case OP_STATE_PENDING:
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_PENDING], 0, FS_OP_ADD, 1);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:23:17 +0000