#include #include "kni_pxy_tcp_option.h" #include "kni_utils.h" #include "kni_cmsg.h" extern struct kni_handle *g_kni_handle; extern int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *value, uint16_t size, struct pme_info *pmeinfo); int pxy_tcp_option_parse_json(const struct Maat_rule_t* rule, const char* srv_def_large,struct proxy_tcp_option *pxy_tcpop, void *logger) { int ret = 0; cJSON *json=NULL, *item=NULL, *client_side = NULL, *server_side = NULL, *client_side_keepalive = NULL, *server_side_keepalive = NULL, *client_tcp_maxseg = NULL, *server_tcp_maxseg = NULL; json=cJSON_Parse(srv_def_large); if(json==NULL) { KNI_LOG_ERROR(logger, "Data format error,please check it: id = %d", rule->config_id); return 0; } do{ client_side = cJSON_GetObjectItem(json, "client_side_conn_param"); if(client_side == NULL) { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param"); break; } else { client_tcp_maxseg = cJSON_GetObjectItem(client_side, "tcp_maxseg"); if(client_tcp_maxseg == NULL) { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.tcp_maxseg"); break; } else { item = cJSON_GetObjectItem(client_tcp_maxseg, "enable"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_maxseg_enable = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.tcp_maxseg.enable"); break; } item = cJSON_GetObjectItem(client_tcp_maxseg, "maxseg"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_maxseg = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.tcp_maxseg.maxseg"); break; } } client_side_keepalive = cJSON_GetObjectItem(client_side, "keep_alive"); if(client_side_keepalive == NULL) { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.keep_alive"); break; } else { item=cJSON_GetObjectItem(client_side_keepalive,"enable"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_keepalive_enable = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.keep_alive.enable"); break; } item=cJSON_GetObjectItem(client_side_keepalive,"tcp_keepcnt"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_keepalive_keepcnt = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.keep_alive.tcp_keepcnt"); break; } item=cJSON_GetObjectItem(client_side_keepalive,"tcp_keepidle"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_keepalive_keepidle = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.keep_alive.tcp_keepidle"); break; } item=cJSON_GetObjectItem(client_side_keepalive,"tcp_keepintvl"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_keepalive_keepintvl = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.keep_alive.tcp_keepintvl"); break; } } item=cJSON_GetObjectItem(client_side,"nodelay"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_nodelay = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.nodelay"); break; } item=cJSON_GetObjectItem(client_side,"ttl"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_ttl = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.ttl"); break; } item=cJSON_GetObjectItem(client_side,"user_timeout"); if(item && item->type==cJSON_Number) { pxy_tcpop->client_tcp_user_timeout = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = client_side_conn_param.user_timeout"); break; } } server_side = cJSON_GetObjectItem(json, "server_side_conn_param"); if(server_side == NULL) { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param"); break; } else { server_tcp_maxseg = cJSON_GetObjectItem(server_side, "tcp_maxseg"); if(server_tcp_maxseg == NULL) { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.tcp_maxseg"); break; } else { item = cJSON_GetObjectItem(server_tcp_maxseg, "enable"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_maxseg_enable = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.tcp_maxseg.enable"); break; } item = cJSON_GetObjectItem(server_tcp_maxseg, "maxseg"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_maxseg = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.tcp_maxseg.maxseg"); break; } } server_side_keepalive = cJSON_GetObjectItem(server_side, "keep_alive"); if(server_side_keepalive == NULL) { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.keep_alive"); break; } else { item=cJSON_GetObjectItem(server_side_keepalive,"enable"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_keepalive_enable = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.keep_alive.enable"); break; } item=cJSON_GetObjectItem(server_side_keepalive,"tcp_keepcnt"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_keepalive_keepcnt = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.keep_alive.tcp_keepcnt"); break; } item=cJSON_GetObjectItem(server_side_keepalive,"tcp_keepidle"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_keepalive_keepidle = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.keep_alive.tcp_keepidle"); break; } item=cJSON_GetObjectItem(server_side_keepalive,"tcp_keepintvl"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_keepalive_keepintvl = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.keep_alive.tcp_keepintvl"); break; } } item=cJSON_GetObjectItem(server_side,"nodelay"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_nodelay = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.nodelay"); break; } item=cJSON_GetObjectItem(server_side,"ttl"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_ttl = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.ttl"); break; } item=cJSON_GetObjectItem(server_side,"user_timeout"); if(item && item->type==cJSON_Number) { pxy_tcpop->server_tcp_user_timeout = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = server_side_conn_param.user_timeout"); break; } } item = cJSON_GetObjectItem(json, "bypass_duplicated_packet"); if(item && item->type==cJSON_Number) { pxy_tcpop->bypass_duplicated_packet = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = bypass_duplicated_packet"); break; } item = cJSON_GetObjectItem(json, "tcp_passthrough"); if(item && item->type==cJSON_Number) { pxy_tcpop->tcp_passthrough = item->valueint; } else { KNI_LOG_ERROR(logger, "Failed to parse json data, json key = tcp_passthrough"); break; } ret = 1; } while(0); cJSON_Delete(json); return ret; } void pxy_tcp_option_default_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,MAAT_RULE_EX_DATA* ad, long argl, void *argp) { void *logger = argp; struct proxy_tcp_option pxy_tcp_option; int ret = 0; if( rule->service_id == 0) return; if((unsigned int)rule->serv_def_lenpxy_tcp_option, (const void *)&pxy_tcp_option, sizeof(pxy_tcp_option)); KNI_LOG_INFO(logger, "Proxy tcp option default Policy: %s", srv_def_large); } else{ KNI_LOG_ERROR(logger, "Fail to get proxy tcp option default policy, Error: json data parse fail"); assert(ret == 1); } return; } void pxy_tcp_option_default_param_free_cb(int table_id, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp) { void *logger = argp; if( rule->service_id == 1) { KNI_LOG_ERROR(logger, "Call pxy_tcp_option_default_param_free_cb when the default proxy tcp policy change or add"); } return; } void pxy_tcp_option_default_param_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp) { void *logger = argp; KNI_LOG_ERROR(logger, "Call pxy_tcp_option_default_param_dup when the default proxy tcp policy change or add"); return; } int pxy_tcp_option_rule_init(const char* conffile, void *logger) { int i = 0; int pxy_tcp_option_enable = 1; int pxy_tcp_option_enable_override = 0; char section[KNI_SYMBOL_MAX] = "proxy_tcp_option"; MESA_load_profile_int_def(conffile, section, "enabled", &pxy_tcp_option_enable, 1); MESA_load_profile_int_def(conffile, section, "enable_override", &pxy_tcp_option_enable_override, 1); MESA_load_profile_string_def(conffile, section, "maat_table_compile", g_kni_handle->maat_table_name[TABLE_COMPILE], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_COMPILE"); MESA_load_profile_string_def(conffile, section, "maat_table_addr", g_kni_handle->maat_table_name[TABLE_IP_ADDR], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_ADDR"); MESA_load_profile_string_def(conffile, section, "maat_table_fqdn", g_kni_handle->maat_table_name[TABLE_SSL_FQDN], _MAX_MAAT_TABLE_NAME_LEN, "PXY_TCP_OPTION_SERVER_FQDN"); KNI_LOG_ERROR(logger, "Proxy-tcp-option: MESA_prof_load, [%s]:\n enabled: %d,enable_override:%d", section, pxy_tcp_option_enable,pxy_tcp_option_enable_override); g_kni_handle->pxy_tcp_option_enable = pxy_tcp_option_enable; g_kni_handle->pxy_tcp_option_enable_override = pxy_tcp_option_enable_override; MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable), 0); MESA_load_profile_int_def(conffile, section, "client_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.client_tcp_maxseg), 1460); MESA_load_profile_int_def(conffile, section, "client_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.client_tcp_nodelay), 1); MESA_load_profile_int_def(conffile, section, "client_tcp_ttl", &(g_kni_handle->pxy_tcp_option.client_tcp_ttl),70); MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable), 1); MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt), 8); MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle), 30); MESA_load_profile_int_def(conffile, section, "client_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl), 15); MESA_load_profile_int_def(conffile, section, "client_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.client_tcp_user_timeout), 600); MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable), 0); MESA_load_profile_int_def(conffile, section, "server_tcp_maxseg", &(g_kni_handle->pxy_tcp_option.server_tcp_maxseg), 1460); MESA_load_profile_int_def(conffile, section, "server_tcp_nodelay", &(g_kni_handle->pxy_tcp_option.server_tcp_nodelay), 1); MESA_load_profile_int_def(conffile, section, "server_tcp_ttl", &(g_kni_handle->pxy_tcp_option.server_tcp_ttl), 75); MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_enable", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable), 1); MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepcnt", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt), 8); MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepidle", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle), 30); MESA_load_profile_int_def(conffile, section, "server_tcp_keepalive_keepintvl", &(g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl), 15); MESA_load_profile_int_def(conffile, section, "server_tcp_user_timeout", &(g_kni_handle->pxy_tcp_option.server_tcp_user_timeout), 600); MESA_load_profile_int_def(conffile, section, "bypass_duplicated_packet", &(g_kni_handle->pxy_tcp_option.bypass_duplicated_packet), 0); MESA_load_profile_int_def(conffile, section, "tcp_passthrough", &(g_kni_handle->pxy_tcp_option.tcp_passthrough), 0); KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration override by profile: %s ,value:[client_tcp_maxseg_enable:%d,client_tcp_maxseg:%d,client_tcp_nodelay:%d," "client_tcp_ttl:%d,client_tcp_keepalive_enable:%d,client_tcp_keepalive_keepcnt:%d,client_tcp_keepalive_keepidle:%d,client_tcp_keepalive_keepintvl:%d," "client_tcp_user_timeout:%d,server_tcp_maxseg_enable:%d,server_tcp_maxseg:%d,server_tcp_nodelay:%d,server_tcp_ttl:%d,server_tcp_keepalive_enable:%d," "server_tcp_keepalive_keepcnt:%d,server_tcp_keepalive_keepidle:%d,server_tcp_keepalive_keepintvl:%d,server_tcp_user_timeout:%d,bypass_duplicated_packet:%d," "tcp_passthrough:%d", conffile, g_kni_handle->pxy_tcp_option.client_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.client_tcp_maxseg,g_kni_handle->pxy_tcp_option.client_tcp_nodelay, g_kni_handle->pxy_tcp_option.client_tcp_ttl,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepcnt, g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.client_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.client_tcp_user_timeout, g_kni_handle->pxy_tcp_option.server_tcp_maxseg_enable,g_kni_handle->pxy_tcp_option.server_tcp_maxseg,g_kni_handle->pxy_tcp_option.server_tcp_nodelay, g_kni_handle->pxy_tcp_option.server_tcp_ttl,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_enable,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepcnt, g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepidle,g_kni_handle->pxy_tcp_option.server_tcp_keepalive_keepintvl,g_kni_handle->pxy_tcp_option.server_tcp_user_timeout, g_kni_handle->pxy_tcp_option.bypass_duplicated_packet,g_kni_handle->pxy_tcp_option.tcp_passthrough); if(pxy_tcp_option_enable == 0) { KNI_LOG_ERROR(logger, "Proxy-tcp-option: Turn off tcp option"); return 0; } if(pxy_tcp_option_enable_override == 0) { KNI_LOG_ERROR(logger, "Proxy-tcp-option: Using configuration read from maat"); for(i=0; imaat_table_id[i]=Maat_table_register(g_tsg_maat_feather, g_kni_handle->maat_table_name[i]); if(g_kni_handle->maat_table_id[i]<0) { KNI_LOG_ERROR(logger, "Proxy-tcp-option: Maat_table_register %s failed, Please check %s", g_kni_handle->maat_table_name[i], conffile); return -1; } } g_kni_handle->maat_table_id[TABLE_COMPILE] = Maat_rule_get_ex_new_index(g_tsg_maat_feather, g_kni_handle->maat_table_name[TABLE_COMPILE], pxy_tcp_option_default_param_new, pxy_tcp_option_default_param_free_cb, pxy_tcp_option_default_param_dup, 0, logger); if(g_kni_handle->maat_table_id[TABLE_COMPILE] < 0) { KNI_LOG_ERROR(logger, "Proxy-tcp-option: Maat_rule_get_ex_new_index %s failed, Please check %s", g_kni_handle->maat_table_id[TABLE_COMPILE],conffile); return -1; } } return 0; } static int pxy_tcp_option_scan_addr(Maat_feather_t maat_feather,const struct streaminfo *a_stream, Maat_rule_t *result, int result_num,scan_status_t *mid,struct pme_info *pmeinfo, void *logger) { struct ipaddr t_addr; struct ipaddr* p_addr=NULL; int hit_num=0; int is_scan_addr=1, maat_ret=0; const struct streaminfo *cur_stream = a_stream; if(a_stream==NULL || maat_feather==NULL || result_num <=0 || result == NULL) { KNI_LOG_ERROR(logger,"Proxy-tcp-option: SCAN_ADDR a_stream==NULL || maat_feather==NULL || result_num <= 0 || result == NULL ,streamid=%s ", pmeinfo->stream_traceid); return 0; } do { if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4 || cur_stream->addr.addrtype == ADDR_TYPE_IPV4 || cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V6 || cur_stream->addr.addrtype == ADDR_TYPE_IPV6) { is_scan_addr = 1; if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4 || cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V6) { memcpy(&t_addr, &cur_stream->addr, sizeof(t_addr)); if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4) t_addr.addrtype = ADDR_TYPE_IPV4; else t_addr.addrtype = ADDR_TYPE_IPV6; p_addr = &t_addr; } else { p_addr = (struct ipaddr *)&cur_stream->addr; } } else { is_scan_addr = 0; p_addr = NULL; } if(is_scan_addr==1 && p_addr!=NULL) { maat_ret=Maat_scan_addr(maat_feather, g_kni_handle->maat_table_id[TABLE_IP_ADDR], p_addr, result+hit_num, result_num-hit_num, mid, cur_stream->threadnum); if(maat_ret > 0) { KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_IP,Hit streamid: %s",pmeinfo->stream_traceid); hit_num+=maat_ret; } else { KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_IP,Not hit streamid: %s,scan ret: %d", pmeinfo->stream_traceid, maat_ret); } } cur_stream = cur_stream->pfather; }while(cur_stream != NULL && hit_num < result_num); return hit_num; } static int pxy_tcp_option_scan_domain(Maat_feather_t maat_feather, Maat_rule_t *result, int result_num,scan_status_t *mid, struct pme_info *pmeinfo, void *logger) { int hit_num = 0, maat_ret = 0; if(pmeinfo->protocol != PROTO_HTTP && pmeinfo->protocol != PROTO_SSL) { KNI_LOG_DEBUG(logger,"Proxy-tcp-option: NOT SCAN DOMAIN, streamid: %s,stream protocol: %d",pmeinfo->stream_traceid,pmeinfo->protocol); return hit_num; } if(hit_num < result_num) { maat_ret = Maat_full_scan_string(maat_feather, g_kni_handle->maat_table_id[TABLE_SSL_FQDN], CHARSET_UTF8, (const char *)&pmeinfo->domain, pmeinfo->domain_len, result, NULL, result_num - hit_num, mid, pmeinfo->thread_seq); if(maat_ret > 0) { KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_DOMAIN,Hit streamid: %s, domain: %s", pmeinfo->stream_traceid, (char*)&(pmeinfo->domain)); hit_num += maat_ret; } else { KNI_LOG_DEBUG(logger,"Proxy-tcp-option: SCAN_DOMAIN,Not hit stream_traceid: %s ,domain :%s scan ret: %d", pmeinfo->stream_traceid, (char*)&(pmeinfo->domain), maat_ret); } } return hit_num; } static struct Maat_rule_t *pxy_tcp_option_decision_criteria(Maat_rule_t *result, int result_num) { int i=0; Maat_rule_t *p_result=NULL; if(result==NULL || result_num <= 0) { return NULL; } for(i = 0; i < result_num; i ++) { if(p_result==NULL) { p_result=&result[i]; continue; } if( result[i].config_id > p_result->config_id ) { p_result = &result[i]; } } return p_result; } int pxy_tcp_option_get_param(Maat_feather_t maat_feather,const struct streaminfo *a_stream,struct pme_info *pmeinfo, void *logger) { int scan_ret = 0, hit_num = 0, is_not_default = 0, ret = 0; scan_status_t mid=NULL; Maat_rule_t *p_result=NULL; Maat_rule_t all_result[MAX_RESULT_NUM]; struct proxy_tcp_option *pxy_tcpop = &pmeinfo->pxy_tcp_option; char *tmp_buff=NULL; if(g_kni_handle->pxy_tcp_option_enable_override == 1) { memcpy((void *)pxy_tcpop, (const void *)&g_kni_handle->pxy_tcp_option, sizeof(g_kni_handle->pxy_tcp_option)); KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Using override configuration, streamid = %s", pmeinfo->stream_traceid); return 0; } scan_ret = pxy_tcp_option_scan_addr(maat_feather,a_stream, all_result + hit_num, MAX_RESULT_NUM - hit_num, &mid, pmeinfo, logger); if(scan_ret > 0) { hit_num += scan_ret; } scan_ret = pxy_tcp_option_scan_domain(maat_feather, all_result + hit_num, MAX_RESULT_NUM - hit_num,&mid,pmeinfo,logger); if(scan_ret > 0) { hit_num += scan_ret; } p_result = pxy_tcp_option_decision_criteria(all_result, hit_num); do { if(p_result == NULL) { KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan not hit, using default param, streamid = %s", pmeinfo->stream_traceid); break; } KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan hit, hit_num = %d, streamid = %s", hit_num, pmeinfo->stream_traceid); tmp_buff=(char *)calloc(sizeof(char), p_result->serv_def_len+1); Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, tmp_buff, p_result->serv_def_len); if( strlen(tmp_buff) < strlen("{}") + 1) { KNI_LOG_DEBUG(logger, "Proxy-tcp-option: Scan hit, Get extra data error: No json data or data is null,streamid = %s", pmeinfo->stream_traceid); break; } ret = pxy_tcp_option_parse_json((const struct Maat_rule_t*)p_result, (const char*)tmp_buff, pxy_tcpop, logger); if(ret != 1) { KNI_LOG_DEBUG(logger,"Proxy-tcp-option: Scan hit, json parse error,using default param,streamid = %s", pmeinfo->stream_traceid); break; } KNI_LOG_DEBUG(logger, "Proxy-tcp-option: Scan hit, streamid: %s, param: %s", pmeinfo->stream_traceid,tmp_buff); is_not_default = 1; free(tmp_buff); tmp_buff = NULL; } while(0); if(is_not_default != 1) { memcpy((void *)pxy_tcpop, (const void *)&g_kni_handle->pxy_tcp_option, sizeof(g_kni_handle->pxy_tcp_option)); KNI_LOG_DEBUG(logger, "Proxy-tcp-option: streamid: %s, Using default policy", pmeinfo->stream_traceid); } if(mid!=NULL) { Maat_clean_status(&mid); mid=NULL; } return ret; } void pxy_tcp_option_modify_mss(struct pme_info *pmeinfo,void *logger) { KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, origin client side mss:%u,origin server side mss:%u", pmeinfo->stream_traceid,pmeinfo->client_tcpopt.mss, pmeinfo->server_tcpopt.mss); if(pmeinfo->pxy_tcp_option.client_tcp_maxseg_enable == 1) { pmeinfo->client_tcpopt.mss = pmeinfo->pxy_tcp_option.client_tcp_maxseg; KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, modified client side mss:%u", pmeinfo->stream_traceid,pmeinfo->client_tcpopt.mss); } else { KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, modify client side mss enable=%d,origin client side mss:%u", pmeinfo->stream_traceid,pmeinfo->pxy_tcp_option.client_tcp_maxseg_enable,pmeinfo->client_tcpopt.mss); } if(pmeinfo->pxy_tcp_option.server_tcp_maxseg_enable == 1) { pmeinfo->server_tcpopt.mss = pmeinfo->pxy_tcp_option.server_tcp_maxseg; KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, modified server mss:%u", pmeinfo->stream_traceid, pmeinfo->server_tcpopt.mss); } else { KNI_LOG_DEBUG(logger, "Proxy-tcp-option: stream id: %s, modify server side mss enable=%d,origin server side mss:%u", pmeinfo->stream_traceid,pmeinfo->pxy_tcp_option.server_tcp_maxseg_enable,pmeinfo->server_tcpopt.mss); } } int pxy_tcp_option_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo){ int ret = 0; do { ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_nodelay), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_ttl), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_enable), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepcnt), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepidle), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_keepalive_keepintvl), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.client_tcp_user_timeout), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_NODELAY, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_nodelay), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_TTL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_ttl), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_enable), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPCNT , (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepcnt), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPIDLE, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepidle), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_keepalive_keepintvl), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT, (const unsigned char*)&(pmeinfo->pxy_tcp_option.server_tcp_user_timeout), sizeof(int), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char*)&(pmeinfo->pxy_tcp_option.tcp_passthrough), sizeof(int), pmeinfo); if(ret < 0) break; } while (0); return ret; }