summaryrefslogtreecommitdiff
path: root/entry
diff options
context:
space:
mode:
Diffstat (limited to 'entry')
-rw-r--r--entry/include/kni_dynamic_bypass.h2
-rw-r--r--entry/include/kni_entry.h12
-rw-r--r--entry/include/kni_pxy_tcp_option.h4
-rw-r--r--entry/src/kni_dynamic_bypass.cpp6
-rw-r--r--entry/src/kni_entry.cpp539
-rw-r--r--entry/src/kni_pxy_tcp_option.cpp30
6 files changed, 357 insertions, 236 deletions
diff --git a/entry/include/kni_dynamic_bypass.h b/entry/include/kni_dynamic_bypass.h
index c75bc0c..1f91160 100644
--- a/entry/include/kni_dynamic_bypass.h
+++ b/entry/include/kni_dynamic_bypass.h
@@ -3,6 +3,8 @@
#define __KNI_DYNAMIC_BYPASS_H__
#include "kni_entry.h"
+#include <stdio.h>
+#include <stdlib.h>
int first_data_ssl_dynamic_bypass(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq);
void next_data_ssl_dynamic_bypass(struct pkt_info *pktinfo);
diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h
index fb93919..9f9473a 100644
--- a/entry/include/kni_entry.h
+++ b/entry/include/kni_entry.h
@@ -18,6 +18,7 @@
#define MAX_STRING_LEN 32
#define TSG_DIAGNOSE_POLICY_CNT 32
+#define MAX_DOMAIN_LEN 2048
enum intercept_error{
@@ -101,7 +102,7 @@ struct pme_info{
char stream_addr[KNI_ADDR_MAX];
int do_log;
int policy_id;
- tsg_protocol_t protocol;
+ enum TSG_PROTOCOL protocol;
enum kni_action action;
int service;
struct kni_tcpopt_info client_tcpopt;
@@ -126,8 +127,9 @@ struct pme_info{
//kafka log
struct TLD_handle_t *tld_handle;
const struct streaminfo *stream;
- int maat_result_num;
- Maat_rule_t maat_result;
+ //int maat_result_num;
+ int n_maat_rule;
+ struct maat_rule maat_rule;
//from tfe, kafka log
uint64_t ssl_intercept_state;
uint64_t ssl_pinningst; //defalut 0
@@ -151,7 +153,7 @@ struct pme_info{
//for proxy tcp option
struct proxy_tcp_option pxy_tcp_option;
int pxy_tcp_option_is_scan;
- struct session_attribute_label *session_attribute;
+ struct session_runtime_attribute *session_attribute;
//for ssl passthrough reason
char ssl_passthrough_reason[KNI_SYMBOL_MAX];
};
@@ -243,7 +245,7 @@ struct kni_handle{
char maat_table_name[TABLE_MAX][_MAX_MAAT_TABLE_NAME_LEN]; // for proxy tcp option maat name
int maat_table_id[TABLE_MAX];
struct proxy_tcp_option pxy_tcp_option;
- int session_attribute_id;
+// int session_attribute_id;
int log_level;
};
diff --git a/entry/include/kni_pxy_tcp_option.h b/entry/include/kni_pxy_tcp_option.h
index adb6105..1c32432 100644
--- a/entry/include/kni_pxy_tcp_option.h
+++ b/entry/include/kni_pxy_tcp_option.h
@@ -8,7 +8,9 @@
int pxy_tcp_option_rule_init(const char* conffile, void *logger);
-int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo *a_stream,struct pme_info *pmeinfo, void *logger);
+//int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo *a_stream,struct pme_info *pmeinfo, void *logger);
+
+int pxy_tcp_option_param_get(struct pme_info *pmeinfo, void *logger);
void pxy_tcp_option_modify_mss(struct pme_info *pmeinfo,void *logger);
diff --git a/entry/src/kni_dynamic_bypass.cpp b/entry/src/kni_dynamic_bypass.cpp
index 8425bcb..004ae3a 100644
--- a/entry/src/kni_dynamic_bypass.cpp
+++ b/entry/src/kni_dynamic_bypass.cpp
@@ -230,8 +230,9 @@ static int get_ssl_conn_info(struct pme_info *pmeinfo,struct pkt_info *pktinfo,
const char *sip=NULL, *sport=NULL, *dip=NULL, *dport=NULL;
char *addr_str = NULL;
+ const char *ja3_fingerprint = srt_attribute_get_ja3_fingerprint((const struct session_runtime_attribute *)pmeinfo->session_attribute);
- if(pmeinfo->session_attribute->ja3_fingerprint == NULL)
+ if(ja3_fingerprint == NULL)
{
KNI_LOG_DEBUG(logger, "Dynamic bypass:get stream label ja3_fingerprint is null, stream traceid = %s", pmeinfo->stream_traceid);
return 1;
@@ -242,7 +243,8 @@ static int get_ssl_conn_info(struct pme_info *pmeinfo,struct pkt_info *pktinfo,
ssl_feature->vlen = snprintf(ssl_feature->value, SSL_INFO_LEN, "%s:%s:%s",
- pmeinfo->session_attribute->ja3_fingerprint,sip,
+ ja3_fingerprint,
+ sip,
pmeinfo->domain_len > 0 ? (char*)&(pmeinfo->domain): dip);
FREE(&addr_str);
diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index 507d883..e1097e6 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -162,7 +162,7 @@ static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stre
pmeinfo->stream = stream;
pmeinfo->addr_type = (enum addr_type_t)stream->addr.addrtype;
pmeinfo->ssl_cert_verify = -1;
- uint64_t traceid = tsg_get_stream_id((struct streaminfo*)stream);
+ uint64_t traceid = tsg_get_stream_trace_id((struct streaminfo*)stream);
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%" PRIu64 , traceid);
if(g_kni_handle->log_level < RLOG_LV_FATAL)
printaddr_r(&(stream->addr), pmeinfo->stream_addr, KNI_ADDR_MAX);
@@ -236,12 +236,10 @@ static int log_generate(struct pme_info *pmeinfo){
if(pmeinfo->protocol == PROTO_HTTP){
TLD_append(tld_handle, (char*)"http_host", (void*)pmeinfo->domain.host, TLD_TYPE_STRING);
}
- tsg_log_t log_msg;
- memset(&log_msg, 0, sizeof(log_msg));
- log_msg.result_num = pmeinfo->maat_result_num;
- log_msg.result = &(pmeinfo->maat_result);
- log_msg.a_stream = NULL;
- int ret = tsg_send_log(g_tsg_log_instance, tld_handle, &log_msg, 0);
+ //int ret = tsg_send_log(g_tsg_log_instance, tld_handle, NULL, &pmeinfo->maat_rule, (size_t)pmeinfo->n_maat_rule, 0);
+
+ int ret = tsg_send_log(g_tsg_log_instance, tld_handle, NULL, LOG_TYPE_SECURITY_EVENT, &pmeinfo->maat_rule, 1, 0);
+ //int ret = tsg_send_log(g_tsg_log_instance, tld_handle, &log_msg, 0);
if(ret < 0){
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_FAIL], 0, FS_OP_ADD, 1);
KNI_LOG_ERROR(local_logger, "Failed at sendlog, ret = %d, strem_traceid = %s",
@@ -264,7 +262,7 @@ static int log_generate(struct pme_info *pmeinfo){
break;
}
}
- tsg_set_intercept_flow(&pmeinfo->maat_result, &pmeinfo->traffic_info,0);
+ tsg_set_intercept_flow(&pmeinfo->maat_rule, &pmeinfo->traffic_info, 0);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_SUCC], 0, FS_OP_ADD, 1);
return 0;
@@ -324,169 +322,238 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch
return ret;
}
-static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
+
+static int session_attr_subscribe_id_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
{
- struct session_attribute_label *session_attribute = pmeinfo->session_attribute;
int ret = 0;
char empty_arr[MAX_STR_FIELD_LEN] = {0};
- do {
- if(session_attribute->client_subscribe_id == NULL)
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ const char *client_subscribe_id = srt_attribute_get_client_subscriber_id(session_attr);
+ const char *server_subscribe_id = srt_attribute_get_server_subscriber_id(session_attr);
+
+ do{
+ if(client_subscribe_id == NULL)
+ {
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ }
else
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_SUB_ID, (const unsigned char*)session_attribute->client_subscribe_id->subscribe_id, strlen(session_attribute->client_subscribe_id->subscribe_id), pmeinfo);
+ {
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_SUB_ID, (const unsigned char*)client_subscribe_id, strlen(client_subscribe_id), pmeinfo);
+ }
if(ret < 0) break;
- if(session_attribute->server_subscribe_id == NULL)
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ if(server_subscribe_id == NULL)
+ {
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ }
else
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_SUB_ID, (const unsigned char*)session_attribute->server_subscribe_id->subscribe_id, strlen(session_attribute->server_subscribe_id->subscribe_id), pmeinfo);
+ {
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_SUB_ID, (const unsigned char*)server_subscribe_id, strlen(server_subscribe_id), pmeinfo);
+ }
if(ret < 0) break;
+ }while(0);
+
+ return ret;
+}
- if(session_attribute->client_asn == NULL)
+static int session_attr_asn_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
+{
+ int ret = 0;
+ char empty_arr[MAX_STR_FIELD_LEN] = {0};
+ const struct asn_info *client_asn = srt_attribute_get_client_ip_asn(session_attr);
+ const struct asn_info *server_asn = srt_attribute_get_server_ip_asn(session_attr);
+
+ do{
+ if(client_asn == NULL)
{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
}
else
{
- if(session_attribute->client_asn->asn_id == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)session_attribute->client_asn->asn_id, strlen(session_attribute->client_asn->asn_id), pmeinfo);
- }
+ client_asn->asn_id == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ASN, (const unsigned char*)client_asn->asn_id, strlen(client_asn->asn_id), pmeinfo);
+
if(ret < 0) break;
- if(session_attribute->client_asn->organization){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }
- else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)session_attribute->client_asn->organization, strlen(session_attribute->client_asn->organization), pmeinfo);
- }
+
+ client_asn->organization == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)client_asn->organization, strlen(client_asn->organization), pmeinfo);
if(ret < 0) break;
}
- if(session_attribute->server_asn == NULL)
+ if(server_asn == NULL)
{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
}
else
{
- if(session_attribute->server_asn->asn_id == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)session_attribute->server_asn->asn_id, strlen(session_attribute->server_asn->asn_id), pmeinfo);
- }
+ server_asn->asn_id == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ASN, (const unsigned char*)server_asn->asn_id, strlen(server_asn->asn_id), pmeinfo);
if(ret < 0) break;
- if(session_attribute->server_asn->organization == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)session_attribute->server_asn->organization, strlen(session_attribute->server_asn->organization), pmeinfo);
- }
+
+ server_asn->organization == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)server_asn->organization, strlen(server_asn->organization), pmeinfo);
if(ret < 0) break;
}
+ }while(0);
+ return ret;
+}
- if(session_attribute->client_location == NULL)
+static int session_attr_ip_location_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
+{
+ int ret = 0;
+ char empty_arr[MAX_STR_FIELD_LEN] = {0};
+ const struct location_info *client_location = srt_attribute_get_client_ip_location(session_attr);
+ const struct location_info *server_location = srt_attribute_get_server_ip_location(session_attr);
+
+ do{
+ if(client_location == NULL)
{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
}
else
{
- if(session_attribute->client_location->country_full == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)session_attribute->client_location->country_full, strlen(session_attribute->client_location->country_full), pmeinfo);
- }
+ client_location->country_full == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)client_location->country_full, strlen(client_location->country_full), pmeinfo);
if(ret < 0) break;
- if(session_attribute->client_location->province_full == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)session_attribute->client_location->province_full, strlen(session_attribute->client_location->province_full), pmeinfo);
- }
+
+ client_location->province_full == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)client_location->province_full, strlen(client_location->province_full), pmeinfo);
if(ret < 0) break;
- if(session_attribute->client_location->city_full == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)session_attribute->client_location->city_full, strlen(session_attribute->client_location->city_full), pmeinfo);
- }
+
+ client_location->city_full == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)client_location->city_full, strlen(client_location->city_full), pmeinfo);
if(ret < 0) break;
- if(session_attribute->client_location->subdivision_addr == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)session_attribute->client_location->subdivision_addr, strlen(session_attribute->client_location->subdivision_addr), pmeinfo);
- }
+
+ client_location->subdivision_addr == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)client_location->subdivision_addr, strlen(client_location->subdivision_addr), pmeinfo);
if(ret < 0) break;
}
- if(session_attribute->server_location == NULL)
+ if(server_location == NULL)
{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
if(ret < 0) break;
}
else
{
- if(session_attribute->server_location->country_full == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)session_attribute->server_location->country_full, strlen(session_attribute->server_location->country_full), pmeinfo);
- }
+ server_location->country_full == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)server_location->country_full, strlen(server_location->country_full), pmeinfo);
if(ret < 0) break;
- if(session_attribute->server_location->province_full == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)session_attribute->server_location->province_full, strlen(session_attribute->server_location->province_full), pmeinfo);
- }
+
+ server_location->province_full == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)server_location->province_full, strlen(server_location->province_full), pmeinfo);
if(ret < 0) break;
- if(session_attribute->server_location->city_full == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)session_attribute->server_location->city_full, strlen(session_attribute->server_location->city_full), pmeinfo);
- }
+
+ server_location->city_full == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)server_location->city_full, strlen(server_location->city_full), pmeinfo);
if(ret < 0) break;
- if(session_attribute->server_location->subdivision_addr == NULL){
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }else{
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)session_attribute->server_location->subdivision_addr, strlen(session_attribute->server_location->subdivision_addr), pmeinfo);
- }
+
+ server_location->subdivision_addr == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)server_location->subdivision_addr, strlen(server_location->subdivision_addr), pmeinfo);
if(ret < 0) break;
}
- if(session_attribute->ja3_fingerprint == NULL)
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- else
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)session_attribute->ja3_fingerprint, strlen(session_attribute->ja3_fingerprint), pmeinfo);
+ }while(0);
+ return ret;
+}
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_CAT_ID_NUM, (const unsigned char*)&(session_attribute->fqdn_category_id_num), sizeof(unsigned int), pmeinfo);
- if(session_attribute->fqdn_category_id_num <= 0 || session_attribute->fqdn_category_id_num > 8)
- {
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_CAT_ID_VAL, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
- }
- else
+static int session_attr_ja3_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
+{
+ int ret = 0;
+ char empty_arr[MAX_STR_FIELD_LEN] = {0};
+
+ const char *ja3_fingerprint = srt_attribute_get_ja3_fingerprint(session_attr);
+
+ ja3_fingerprint == NULL
+ ?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
+ :ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)ja3_fingerprint, strlen(ja3_fingerprint), pmeinfo);
+
+ return ret;
+}
+
+
+
+static int session_attr_fqdn_category_id_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
+{
+ int ret = 0;
+ size_t n_category_ids = 0;
+ unsigned int category_ids[8] = {0};
+ char fqdn_val[sizeof(int) * 8] = {0};
+ char empty_arr[MAX_STR_FIELD_LEN] = {0};
+
+ n_category_ids = srt_attribute_get_category_ids((const struct session_runtime_attribute *)pmeinfo->session_attribute, category_ids, sizeof(category_ids)/sizeof(category_ids[0]));
+
+ if(n_category_ids <= 0 || n_category_ids > 8)
+ {
+ ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_FQDN_CAT_ID_VAL, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
+ }
+ else
+ {
+ for(int i = 0 ; i < (int)n_category_ids; i++)
{
- char fqdn_val[sizeof(session_attribute->fqdn_category_id)] = {0};
- for(int i = 0 ; i < session_attribute->fqdn_category_id_num; i ++)
- {
- memcpy((void *)(fqdn_val + i * (sizeof(unsigned int))), (void *)&(session_attribute->fqdn_category_id[i]), sizeof(unsigned int));
- }
- ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_CAT_ID_VAL, (const unsigned char*)fqdn_val,session_attribute->fqdn_category_id_num *sizeof(unsigned int) , pmeinfo);
+ memcpy((void *)(fqdn_val + i * (sizeof(unsigned int))), (void *)&(category_ids[i]), sizeof(unsigned int));
}
-
+ ret = wrapped_kni_cmsg_set(cmsg ,TFE_CMSG_FQDN_CAT_ID_VAL, (const unsigned char*)fqdn_val, n_category_ids * sizeof(unsigned int) , pmeinfo);
+ }
+ return ret;
+}
+
+
+
+static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
+{
+ int ret = 0;
+ struct session_runtime_attribute *session_attr = pmeinfo->session_attribute;
+
+ if(session_attr == NULL)
+ {
+ return -1;
+ }
+ do {
+ ret = session_attr_subscribe_id_cmsg_set(session_attr, cmsg, pmeinfo);
+ if(ret < 0) break;
+
+ ret = session_attr_asn_cmsg_set(session_attr, cmsg, pmeinfo);
+ if(ret < 0) break;
+
+ ret = session_attr_ip_location_cmsg_set(session_attr, cmsg, pmeinfo);
+ if(ret < 0) break;
+
+ ret = session_attr_ja3_cmsg_set(session_attr, cmsg, pmeinfo);
+ if(ret < 0) break;
+
+ ret = session_attr_fqdn_category_id_cmsg_set(session_attr, cmsg, pmeinfo);
+ if(ret < 0) break;
}while(0);
return ret;
}
@@ -1085,124 +1152,133 @@ static int dabloom_add(struct pkt_info *pktinfo, int thread_seq){
return ret;
}
-static struct session_attribute_label * kni_pull_session_attribute_results(struct streaminfo *a_stream,struct pme_info *pmeinfo)
+static struct session_runtime_attribute * kni_pull_session_attribute_results(struct streaminfo *a_stream, struct pme_info *pmeinfo)
{
- struct session_attribute_label *session_attribute = NULL;
+ const struct session_runtime_attribute *session_attr = NULL;
void *logger = g_kni_handle->local_logger;
- session_attribute = (struct session_attribute_label *)project_req_get_struct(a_stream, g_kni_handle->session_attribute_id);
- if(session_attribute != NULL)
+ session_attr = session_runtime_attribute_get(a_stream);
+ if(session_attr == NULL)
{
- KNI_LOG_DEBUG(logger, "share-session-attribute: Success to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
+ KNI_LOG_ERROR(logger, "share-session-attribute: Failed to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
+ return NULL;
+ }
+ KNI_LOG_DEBUG(logger, "share-session-attribute: Success to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
+
+ const char *client_subscribe_id = srt_attribute_get_client_subscriber_id(session_attr);
+ if(client_subscribe_id == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is NULL,stream traceid = %s", pmeinfo->stream_traceid);
+ else
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is: %s,stream traceid = %s", client_subscribe_id, pmeinfo->stream_traceid);
+
+ const char *server_subscribe_id = srt_attribute_get_server_subscriber_id(session_attr);
+ if(server_subscribe_id == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is NULL,stream traceid = %s", pmeinfo->stream_traceid);
+ else
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is: %s,stream traceid = %s", server_subscribe_id, pmeinfo->stream_traceid);
- if(session_attribute->client_subscribe_id == NULL)
- KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ const struct asn_info *client_asn = srt_attribute_get_client_ip_asn(session_attr);
+ if(client_asn == NULL)
+ {
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source asn and organization is NULL,stream traceid = %s", pmeinfo->stream_traceid);
+ }
+ else
+ {
+ if(client_asn->asn_id == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is NULL,stream traceid = %s", pmeinfo->stream_traceid);
else
- KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is: %s,stream traceid = %s",session_attribute->client_subscribe_id->subscribe_id,pmeinfo->stream_traceid);
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is: %s,stream traceid = %s", client_asn->asn_id, pmeinfo->stream_traceid);
- if(session_attribute->server_subscribe_id == NULL)
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ if(client_asn->organization == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: NULL,stream traceid = %s", pmeinfo->stream_traceid);
else
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is: %s,stream traceid = %s",session_attribute->server_subscribe_id->subscribe_id,pmeinfo->stream_traceid);
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: %s,stream traceid = %s", client_asn->organization, pmeinfo->stream_traceid);
+ }
- if(session_attribute->client_asn == NULL)
- KNI_LOG_DEBUG(logger, "share-session-attribute: source asn and organization is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ const struct asn_info *server_asn = srt_attribute_get_server_ip_asn(session_attr);
+ if(server_asn == NULL)
+ {
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn and organization is NULL,stream traceid = %s", pmeinfo->stream_traceid);
+ }
+ else
+ {
+ if(server_asn->asn_id == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn: NULL,stream traceid = %s",pmeinfo->stream_traceid);
else
- {
- if(session_attribute->client_asn->asn_id == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is NULL,stream traceid = %s", pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is: %s,stream traceid = %s",session_attribute->client_asn->asn_id, pmeinfo->stream_traceid);
- }
- if(session_attribute->client_asn->organization == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: %s,stream traceid = %s",session_attribute->client_asn->organization, pmeinfo->stream_traceid);
- }
- }
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn:%s,stream traceid = %s", server_asn->asn_id, pmeinfo->stream_traceid);
- if(session_attribute->server_asn == NULL)
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn and organization is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ if(server_asn->organization == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization NULL,stream traceid = %s",pmeinfo->stream_traceid);
else
- {
- if(session_attribute->server_asn->asn_id == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn: NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn:%s,stream traceid = %s",session_attribute->server_asn->asn_id,pmeinfo->stream_traceid);
- }
- if(session_attribute->server_asn->organization == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization:%s,stream traceid = %s",session_attribute->server_asn->organization,pmeinfo->stream_traceid);
- }
- }
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization:%s,stream traceid = %s", server_asn->organization, pmeinfo->stream_traceid);
+ }
- if(session_attribute->client_location == NULL)
- KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ const struct location_info *client_location = srt_attribute_get_client_ip_location(session_attr);
+ if(client_location == NULL)
+ {
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ }
+ else
+ {
+ if(client_location->country_full == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is NULL,stream traceid = %s",pmeinfo->stream_traceid);
else
- {
- if(session_attribute->client_location->country_full == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is: %s,stream traceid = %s",session_attribute->client_location->country_full,pmeinfo->stream_traceid);
- }
- if(session_attribute->client_location->province_full == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }
- else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is: %s,stream traceid = %s",session_attribute->client_location->province_full,pmeinfo->stream_traceid);
- }
- if(session_attribute->client_location->city_full == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is: %s,stream traceid = %s",session_attribute->client_location->city_full,pmeinfo->stream_traceid);
- }
- }
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is: %s,stream traceid = %s",client_location->country_full,pmeinfo->stream_traceid);
- if(session_attribute->server_location == NULL)
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ if(client_location->province_full == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is NULL,stream traceid = %s", pmeinfo->stream_traceid);
else
- {
- if(session_attribute->server_location->country_full == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is: %s,stream traceid = %s",session_attribute->server_location->country_full,pmeinfo->stream_traceid);
- }
- if(session_attribute->server_location->province_full == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is: %s,stream traceid = %s",session_attribute->server_location->province_full,pmeinfo->stream_traceid);
- }
- if(session_attribute->server_location->city_full == NULL){
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is NULL,stream traceid = %s",pmeinfo->stream_traceid);
- }else{
- KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is: %s,stream traceid = %s",session_attribute->server_location->city_full,pmeinfo->stream_traceid);
- }
- }
- if(session_attribute->ja3_fingerprint == NULL)
- KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is: %s,stream traceid = %s", client_location->province_full, pmeinfo->stream_traceid);
+
+ if(client_location->city_full == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is NULL,stream traceid = %s", pmeinfo->stream_traceid);
else
- KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is %s,stream traceid = %s",session_attribute->ja3_fingerprint,pmeinfo->stream_traceid);
+ KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is: %s,stream traceid = %s", client_location->city_full, pmeinfo->stream_traceid);
+ }
+ const struct location_info *server_location = srt_attribute_get_server_ip_location(session_attr);
+ if(server_location == NULL)
+ {
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ }
+ else
+ {
+ if(server_location->country_full == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ else
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is: %s,stream traceid = %s",server_location->country_full, pmeinfo->stream_traceid);
- if(session_attribute->fqdn_category_id_num < 0 || session_attribute->fqdn_category_id_num > 8)
- {
- KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id_num out of range( 0 <= value <= 8), value = %d,stream traceid = %s",session_attribute->fqdn_category_id_num,pmeinfo->stream_traceid);
- }
+ if(server_location->province_full == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is NULL,stream traceid = %s",pmeinfo->stream_traceid);
else
- {
- for(int i= 0; i < session_attribute->fqdn_category_id_num; i ++)
- {
- KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id[%d] = %u,stream traceid = %s",i,session_attribute->fqdn_category_id[i],pmeinfo->stream_traceid);
- }
- }
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is: %s,stream traceid = %s", server_location->province_full, pmeinfo->stream_traceid);
+ if(server_location->city_full == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is NULL,stream traceid = %s",pmeinfo->stream_traceid);
+ else
+ KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is: %s,stream traceid = %s", server_location->city_full, pmeinfo->stream_traceid);
}
+
+ const char *ja3_fingerprint = srt_attribute_get_ja3_fingerprint(session_attr);
+ if(ja3_fingerprint == NULL)
+ KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is NULL,stream traceid = %s",pmeinfo->stream_traceid);
else
+ KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is %s,stream traceid = %s", ja3_fingerprint, pmeinfo->stream_traceid);
+
+ unsigned int category_ids[8] = {0};
+ int n_category_ids = srt_attribute_set_category_ids(a_stream, category_ids, sizeof(category_ids)/sizeof(category_ids[0]));
+ if(n_category_ids < 0 || n_category_ids > 8)
{
- KNI_LOG_ERROR(logger, "share-session-attribute: Failed to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
+ KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id_num out of range( 0 <= value <= 8), value = %d,stream traceid = %s", n_category_ids, pmeinfo->stream_traceid);
+ }
+ else
+ {
+ for(int i= 0; i < n_category_ids; i ++)
+ {
+ KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id[%d] = %u,stream traceid = %s",i, category_ids[i],pmeinfo->stream_traceid);
+ }
}
- return session_attribute;
+ return (struct session_runtime_attribute *)session_attr;
}
@@ -1334,7 +1410,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
}
//intercept_error: no tfe
- if(tsg_diagnose_judge_streamshunt(pmeinfo->maat_result.config_id,pmeinfo) == 0) // tsg diagnose shunt
+ if(tsg_diagnose_judge_streamshunt(pmeinfo->maat_rule.rule_id, pmeinfo) == 0) // tsg diagnose shunt
pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
else
pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq]));
@@ -1613,30 +1689,44 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
//first data packet, get action
void *logger = g_kni_handle->local_logger;
int maat_hit = 0;
- int ret = 0;
- struct identify_info _identify_info;
- ret = tsg_pull_policy_result(stream, PULL_KNI_RESULT, &(pmeinfo->maat_result), 1, &_identify_info);
+ size_t n_hit_rule = 0;
+ n_hit_rule = session_matched_rules_copy(stream, TSG_SERVICE_INTERCEPT, &pmeinfo->maat_rule, 1);
+ //ret = tsg_pull_policy_result(stream, PULL_KNI_RESULT, &(pmeinfo->maat_result), 1, &_identify_info);
//ret == 0, bypass and dropme
- if(ret == 0){
+ if(n_hit_rule == 0){
pmeinfo->action = KNI_ACTION_NONE;
maat_hit = 0;
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s",
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
}
- else{
- pmeinfo->maat_result_num = 1;
- pmeinfo->protocol = _identify_info.proto;
- pmeinfo->domain_len = MIN(_identify_info.domain_len, (int)sizeof(pmeinfo->domain) - 1);
- strncpy(pmeinfo->domain.sni, _identify_info.domain, pmeinfo->domain_len);
- pmeinfo->action = (enum kni_action)(pmeinfo->maat_result.action);
- pmeinfo->policy_id = pmeinfo->maat_result.config_id;
- pmeinfo->do_log = pmeinfo->maat_result.do_log;
+ else
+ {
+ const struct session_runtime_process_context *session_context = session_runtime_process_context_get((const struct streaminfo *)stream);
+ pmeinfo->n_maat_rule = 1;
+ pmeinfo->protocol = srt_process_context_get_protocol(session_context);
+
+ const char *domain = srt_process_context_get_domain(session_context);
+ pmeinfo->domain_len = MIN(strlen(domain), (int)sizeof(pmeinfo->domain) - 1);
+
+ if(pmeinfo->protocol == PROTO_HTTP)
+ {
+ strncpy(pmeinfo->domain.host, domain, pmeinfo->domain_len);
+ }
+ if(pmeinfo->protocol == PROTO_SSL)
+ {
+ strncpy(pmeinfo->domain.sni, domain, pmeinfo->domain_len);
+ }
+
+ pmeinfo->action = KNI_ACTION_INTERCEPT;
+ //pmeinfo->action = (enum kni_action)(pmeinfo->maat_result.action);
+ pmeinfo->policy_id = pmeinfo->maat_rule.rule_id;
+ pmeinfo->do_log = pmeinfo->maat_rule.do_log;
pmeinfo->thread_seq = thread_seq;
pmeinfo->is_dynamic_bypass = 0;
pmeinfo->session_attribute = kni_pull_session_attribute_results(stream,pmeinfo);
maat_hit = 1;
char *action_str = kni_maat_action_trans(pmeinfo->action);
- KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
+ KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, rule_id = %d, action = %d(%s), stream traceid = %s",
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
}
switch(pmeinfo->action){
@@ -1646,12 +1736,15 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
pmeinfo->tld_handle = TLD_create(-1);
if(g_kni_handle->pxy_tcp_option_enable == 1)
{
- KNI_LOG_DEBUG(logger, "Proxy-tcp-option: before scan status:%d ( 1 is has been scanned, other value not scan),stream traceid = %s", pmeinfo->pxy_tcp_option_is_scan,pmeinfo->stream_traceid);
+ pxy_tcp_option_param_get(pmeinfo, logger);
+/*
+* temp comment in version 23.04
if(pmeinfo->pxy_tcp_option_is_scan != 1)
{
- pxy_tcp_option_get_param(g_tsg_maat_feather,(const struct streaminfo *)stream,pmeinfo,logger);
+ //pxy_tcp_option_get_param(g_tsg_maat_feather,(const struct streaminfo *)stream,pmeinfo,logger);
pmeinfo->pxy_tcp_option_is_scan = 1;
}
+*/
}
return first_data_intercept(stream, pmeinfo, pktinfo, thread_seq);
default:
@@ -2601,7 +2694,7 @@ extern "C" int kni_init(){
struct thread_tfe_cmsg_receiver_args *cmsg_receiver_args;
MESA_htable_handle traceid2pme_htable = NULL;
struct tfe_mgr *_tfe_mgr = NULL;
- char label_buff[MAX_STRING_LEN*4]={0};
+ //char label_buff[MAX_STRING_LEN*4]={0};
tfe_cmsg_enum_to_string();
int ret = MESA_load_profile_string_nodef(profile, section, "log_path", log_path, sizeof(log_path));
if(ret < 0){
@@ -2893,7 +2986,7 @@ extern "C" int kni_init(){
KNI_LOG_ERROR(local_logger, "Failed at init pxy_tcp_option_rule");
goto error_out;
}
-
+/*
//register customer for share session attribute
MESA_load_profile_string_def(profile, "share_session_attribute", "SESSION_ATTRIBUTE_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL");
g_kni_handle->session_attribute_id = project_customer_register(label_buff, PROJECT_VAL_TYPE_STRUCT);
@@ -2902,7 +2995,7 @@ extern "C" int kni_init(){
KNI_LOG_ERROR(local_logger,"Register %s failed; please check :%s ",label_buff,profile);
return -1;
}
-
+*/
//init tfe_mgr
_tfe_mgr = tfe_mgr_init(tfe_node_count, profile, g_kni_handle->deploy_mode, local_logger);
if(_tfe_mgr == NULL){
diff --git a/entry/src/kni_pxy_tcp_option.cpp b/entry/src/kni_pxy_tcp_option.cpp
index 5f59271..25dd28e 100644
--- a/entry/src/kni_pxy_tcp_option.cpp
+++ b/entry/src/kni_pxy_tcp_option.cpp
@@ -346,7 +346,6 @@ void pxy_tcp_option_default_param_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_
int pxy_tcp_option_rule_init(const char* conffile, void *logger)
{
- int i = 0;
int pxy_tcp_option_enable = 1;
int pxy_tcp_option_enable_override = 0;
char section[KNI_SYMBOL_MAX] = "proxy_tcp_option";
@@ -357,7 +356,9 @@ int pxy_tcp_option_rule_init(const char* conffile, void *logger)
MESA_load_profile_string_def(conffile, section, "maat_table_fqdn", g_kni_handle->maat_table_name[TABLE_SSL_FQDN], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN");
KNI_LOG_ERROR(logger, "Proxy-tcp-option: MESA_prof_load, [%s]:\n enabled: %d,enable_override:%d", section, pxy_tcp_option_enable,pxy_tcp_option_enable_override);
g_kni_handle->pxy_tcp_option_enable = pxy_tcp_option_enable;
- g_kni_handle->pxy_tcp_option_enable_override = pxy_tcp_option_enable_override;
+ //g_kni_handle->pxy_tcp_option_enable_override = pxy_tcp_option_enable_override;
+ //temp comment in version 23.04.
+ g_kni_handle->pxy_tcp_option_enable_override = 1;
MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable), 0);
MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg), 1460);
@@ -397,6 +398,7 @@ int pxy_tcp_option_rule_init(const char* conffile, void *logger)
KNI_LOG_ERROR(logger, "Proxy-tcp-option: Turn off tcp option");
return 0;
}
+/* temp comment in version 23.04
if(pxy_tcp_option_enable_override == 0)
{
KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration read from maat");
@@ -422,11 +424,11 @@ int pxy_tcp_option_rule_init(const char* conffile, void *logger)
return -1;
}
}
-
+*/
return 0;
}
-
+/*
static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct streaminfo *a_stream, Maat_rule_t *result, int result_num,scan_status_t *mid,struct pme_info *pmeinfo, void *logger)
{
struct ipaddr t_addr;
@@ -496,7 +498,11 @@ static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct str
return hit_num;
}
+*/
+
+/*
+* temp comment in version 23.04
static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t *result, int result_num,scan_status_t *mid, struct pme_info *pmeinfo, void *logger)
{
int hit_num = 0, maat_ret = 0;
@@ -535,7 +541,9 @@ static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t *
}
return hit_num;
}
+*/
+/*
static struct Maat_rule_t *pxy_tcp_option_decision_criteria(Maat_rule_t *result, int result_num)
{
int i=0;
@@ -560,7 +568,19 @@ static struct Maat_rule_t *pxy_tcp_option_decision_criteria(Maat_rule_t *result,
}
return p_result;
}
+*/
+int pxy_tcp_option_param_get(struct pme_info *pmeinfo, void *logger)
+{
+ struct proxy_tcp_option *pxy_tcpop = &pmeinfo->pxy_tcp_option;
+
+ memcpy((void *)pxy_tcpop, (const void *)&g_kni_handle->pxy_tcp_option, sizeof(g_kni_handle->pxy_tcp_option));
+ KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Using override configuration, streamid = %s", pmeinfo->stream_traceid);
+ return 0;
+}
+
+/*
+* Temp comment in version 23.04
int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo *a_stream,struct pme_info *pmeinfo, void *logger)
{
int scan_ret = 0, hit_num = 0, is_not_default = 0, ret = 0;
@@ -627,7 +647,7 @@ int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo
}
return ret;
}
-
+*/
void pxy_tcp_option_modify_mss(struct pme_info *pmeinfo,void *logger)
{
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 17:18:51 +0000