common/include/tfe_cmsg.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

#pragma once

#include <stdint.h>
#include <stddef.h>

struct tfe_cmsg;
struct tfe_cmsg_serialize_header;


enum tfe_cmsg_errno
{
	TFE_CMSG_INVALID_FORMAT = -1,
	TFE_CMSG_BUFF_NOT_ENOUGH = -2,
	TFE_CMSG_INVALID_TYPE = -3,
};

enum tfe_cmsg_tlv_type
{
    /* TCP restore information */
    TFE_CMSG_TCP_RESTORE_SEQ = 0x0,
    TFE_CMSG_TCP_RESTORE_ACK = 0x1,
    TFE_CMSG_TCP_RESTORE_MSS_CLIENT = 0x2,
    TFE_CMSG_TCP_RESTORE_MSS_SERVER = 0x3,
    TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT = 0x4,
    TFE_CMSG_TCP_RESTORE_WSACLE_SERVER = 0x5,
    TFE_CMSG_TCP_RESTORE_SACK_CLIENT = 0x6,
    TFE_CMSG_TCP_RESTORE_SACK_SERVER = 0x7,
    TFE_CMSG_TCP_RESTORE_TS_CLIENT = 0x8,
    TFE_CMSG_TCP_RESTORE_TS_SERVER = 0x9,
    TFE_CMSG_TCP_RESTORE_PROTOCOL = 0xa,
    TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT = 0xb,
    TFE_CMSG_TCP_RESTORE_WINDOW_SERVER = 0xc,
    TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR = 0xd,
    TFE_CMSG_TCP_RESTORE_TS_CLIENT_VAL = 0xe,
    TFE_CMSG_TCP_RESTORE_TS_SERVER_VAL = 0xf,

    TFE_CMSG_POLICY_ID = 0x10,          // size uuid_t
    TFE_CMSG_STREAM_TRACE_ID = 0x11,
    TFE_CMSG_TCP_OPTION_PROFILE_ID,     // size uuid_t
    TFE_CMSG_DECRYPTION_PROFILE_ID,     // size uuid_t
    TFE_CMSG_KEYRING_FOR_TRUSTED_ID,    // size uuid_t
    TFE_CMSG_KEYRING_FOR_UNTRUSTED,     // size uuid_t

    TFE_CMSG_SSL_INTERCEPT_STATE,       // size uint8_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
    TFE_CMSG_SSL_SERVER_SIDE_LATENCY,   // size uint64_t, milisecond
    TFE_CMSG_SSL_CLIENT_SIDE_LATENCY,   // size uint64_t, milisecond
    TFE_CMSG_SSL_SERVER_SIDE_VERSION,   // string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
    TFE_CMSG_SSL_CLIENT_SIDE_VERSION,
    TFE_CMSG_SSL_PINNING_STATE,         // size uint8_t, 0-not pinning 1-pinning 2-maybe pinning
    TFE_CMSG_SSL_CERT_VERIFY,           // size uint8_t
    TFE_CMSG_SSL_ERROR,                 // string

    /* Original Traffic's src & dst MAC address */
    TFE_CMSG_SRC_MAC,
    TFE_CMSG_DST_MAC,

    /* TCP option information */
    TFE_CMSG_DOWNSTREAM_TCP_MSS_ENABLE,
    TFE_CMSG_DOWNSTREAM_TCP_MSS_VALUE,
    TFE_CMSG_DOWNSTREAM_TCP_NODELAY,
    TFE_CMSG_DOWNSTREAM_TCP_TTL,
    TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE,
    TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT,
    TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE,
    TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL,
    TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT,

    TFE_CMSG_UPSTREAM_TCP_MSS_ENABLE,
    TFE_CMSG_UPSTREAM_TCP_MSS_VALUE,
    TFE_CMSG_UPSTREAM_TCP_NODELAY,
    TFE_CMSG_UPSTREAM_TCP_TTL,
    TFE_CMSG_UPSTREAM_TCP_KEEPALIVE,
    TFE_CMSG_UPSTREAM_TCP_KEEPCNT,
    TFE_CMSG_UPSTREAM_TCP_KEEPIDLE,
    TFE_CMSG_UPSTREAM_TCP_KEEPINTVL,
    TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT,

    TFE_CMSG_HIT_NO_INTERCEPT,          // size uint8_t
    TFE_CMSG_TCP_PASSTHROUGH,
    TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING,

    TFE_CMSG_SRC_SUB_ID,                // string max size 256

    /* SSL ja3 fingerprint */
    TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT,// string max size 32

    // according to KNI -> MESA_dir_link_to_human()
    // 'E' or 'e': 表示发包方向是从Internal to External.
    // 'I' or 'i': 表示发包方向是从External to Internal.
    TFE_CMSG_COMMON_DIRECTION,          // unsigned int
    TFE_CMSG_SSL_PASSTHROUGH_REASON,    // string max size 32
    TFE_CMSG_POLICY_VSYS_ID,            // unsigned int
    TFE_CMSG_POLICY_DO_LOG,             // unsigned int

    TFE_CMSG_INCOMING_LINK_ID,          // uint16_t
    TFE_CMSG_OUTGOING_LINK_ID,          // uint16_t

    TFE_CMSG_SRC_IMSI_STR,              // string max size 256
    TFE_CMSG_SRC_IMEI_STR,              // string max size 256
    TFE_CMSG_SRC_PHONE_NUM_STR,         // string max size 256
    TFE_CMSG_SRC_APN_STR,               // string max size 256

    TFE_CMSG_SRC_IP_TAGS_IDS_STR,       // string max size 21 * 128 = 2688, example: "1,2,3,4,5"
    TFE_CMSG_DST_IP_TAGS_IDS_STR,       // string max size 21 * 128 = 2688, example: "1,2,3,4,5"
    TFE_CMSG_FQDN_TAGS_IDS_STR,         // string max size 21 * 128 = 2688, example: "1,2,3,4,5"

    /* Add new cmsg here */
    /* Add new cmsg here */
    /* Add new cmsg here */

    /* MAX cmsg num */
    TFE_CMSG_TLV_NR_MAX
};

#define TFE_CMSG_FLAG_INIT  0x0
#define TFE_CMSG_FLAG_USER0 0x1     // 1 << 0
#define TFE_CMSG_FLAG_USER1 0x2     // 1 << 1

struct tfe_cmsg* tfe_cmsg_init();
void tfe_cmsg_destroy(struct tfe_cmsg **cmsg);

void tfe_cmsg_dup(struct tfe_cmsg *cmsg);
void tfe_cmsg_set_flag(struct tfe_cmsg *cmsg, uint8_t flag);
uint8_t tfe_cmsg_get_flag(struct tfe_cmsg *cmsg);

int tfe_cmsg_get_value(struct tfe_cmsg * cmsg, enum tfe_cmsg_tlv_type type, unsigned char * out_value,
    size_t sz_out_value_buf, uint16_t * out_size);
int tfe_cmsg_set(struct tfe_cmsg * cmsg, enum tfe_cmsg_tlv_type type, const unsigned char * value, uint16_t size);
uint16_t tfe_cmsg_serialize_size_get(struct tfe_cmsg *cmsg);
int tfe_cmsg_serialize(struct tfe_cmsg *cmsg, unsigned char *buff, uint16_t bufflen, uint16_t *serialize_len);
int tfe_cmsg_deserialize(const unsigned char *data, uint16_t len, struct tfe_cmsg** pcmsg);