tango-kni/kni_comm.c

#include <stdio.h>   
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <ctype.h>
#include <stdarg.h>
#include <assert.h>
#include <arpa/inet.h>
#include "stream.h"
#include "MESA_prof_load.h"
#include "MESA_handle_logger.h"
#include "field_stat2.h"
#include "kni_entry.h"
#include "kni_comm.h"



char* kni_memncasemem(const char *strsrc,int len1,const char *substr,int len2)
{
		
	char *p1,*p2,*pend;
	unsigned char *p;
	unsigned char *substrS;
	int i,lenth;

	if((strsrc==NULL)||substr==NULL)
		return NULL;
	if(len1<len2) return NULL;

	lenth=len2;
	substrS=(unsigned char *)malloc(sizeof(unsigned char)*(lenth+1));
	if(substrS==NULL)
		return NULL;
	for(i=0;i<lenth;i++)
	{
		substrS[i]=tolower(*(substr+i));
	}
	substrS[lenth]=0;

	lenth=len1;
	pend =(char *)strsrc + lenth;
	for(p1 =(char *) strsrc; p1 != pend;p1++)
	{
		for(p2 = p1,p = substrS;*p != '\0'&& p2 != pend;p++,p2++)
		{
			if(tolower(*p2) != *p)
				break;
		}
		if(*p == '\0')
		{
			free(substrS);
			return p1;
		}
	}

	free(substrS);
	return NULL;
}	



int kni_log_info(char* module,const struct layer_addr* addr,unsigned short protocol,char* domain,char* scan_result,char* action,struct kni_pme_info* pmeinfo)
{
	unsigned short sport=0;
	unsigned short dport=0;
	char saddr_str[INET6_ADDRSTRLEN ]={0};
	char daddr_str[INET6_ADDRSTRLEN ]={0};


	if(addr->addrtype == ADDR_TYPE_IPV4)
	{
		sport = ntohs(addr->tuple4_v4->source);
		dport = ntohs(addr->tuple4_v4->dest);
		inet_ntop(AF_INET, (void *)&(addr->tuple4_v4->saddr), saddr_str, INET_ADDRSTRLEN);
		inet_ntop(AF_INET, (void *)&(addr->tuple4_v4->daddr), daddr_str, INET_ADDRSTRLEN);
	}
	else if(addr->addrtype == ADDR_TYPE_IPV6)
	{
		sport = ntohs(addr->tuple4_v6->source);
		dport = ntohs(addr->tuple4_v6->dest);
		inet_ntop(AF_INET6, (void *)&(addr->tuple4_v6->saddr), saddr_str, INET6_ADDRSTRLEN);
		inet_ntop(AF_INET6, (void *)&(addr->tuple4_v6->daddr), daddr_str, INET6_ADDRSTRLEN);
	}
	else
	{
		MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr->type is %d",addr->addrtype);
		return -1;
	}
	
	
	
	if(protocol==KNI_FLAG_HTTP) 
	{
		MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,%s,domain:%s,%s,%s,config_id:%d,keyring_id:%d,c_fd:%d,s_fd:%d",
									saddr_str,sport,daddr_str,dport,"HTTP",domain,scan_result,action,pmeinfo->cfg_id,pmeinfo->keyring_id,pmeinfo->client_fd,pmeinfo->server_fd);
	}
	else if(protocol==KNI_FLAG_SSL)
	{
		MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,%s,domain:%s,%s,%s,config_id:%d,keyring_id:%d,c_fd:%d,s_fd:%d",
									saddr_str,sport,daddr_str,dport,"SSL",domain+5,scan_result,action,pmeinfo->cfg_id,pmeinfo->keyring_id,pmeinfo->client_fd,pmeinfo->server_fd);
	}
	else
	{
		MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,domain:%s,%s,%s,config_id:%d",saddr_str,sport,daddr_str,dport,domain,scan_result,action,pmeinfo->cfg_id);
	}


	return 0;

}





int kni_log_debug(int level,char* module,const void* a_packet,const char* format,...)
{
	if((a_packet == NULL) || (level<g_kni_comminfo.logger_level))
	{
		return 0;
	}

	
	unsigned short sport=0;
	unsigned short dport=0;
	char saddr_str[INET6_ADDRSTRLEN ]={0};
	char daddr_str[INET6_ADDRSTRLEN ]={0};

	struct ip* ipv4_hdr = (struct ip*)a_packet;
    struct kni_ipv6_hdr* ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
	struct tcphdr* tcphdr = NULL;


	char buf[4096] = {0};
	va_list list;

	va_start(list, format);
	vsnprintf(buf, 4069, format, list);
	va_end(list);

	

	if(ipv4_hdr->ip_v==4)
	{
		tcphdr=(struct tcphdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));

		inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_src).s_addr), saddr_str, INET_ADDRSTRLEN);
		inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_dst).s_addr), daddr_str, INET_ADDRSTRLEN);

	}
	else if((ipv6_hdr->ip6_flags[0] & 0xF0) == 0x60)
	{
		if(ipv6_hdr->ip6_nex_hdr != NEXTHDR_TCP)
		{
			return -1;
		}
	
		tcphdr =(struct tcphdr*)( (unsigned char*)ipv6_hdr + sizeof(struct kni_ipv6_hdr));

		inet_ntop(AF_INET6, (void *)&(ipv6_hdr->ip6_src), saddr_str, INET6_ADDRSTRLEN);
		inet_ntop(AF_INET6, (void *)&(ipv6_hdr->ip6_dst), daddr_str, INET6_ADDRSTRLEN);
		
	}
	
	sport=ntohs(tcphdr->source);
	dport=ntohs(tcphdr->dest);
	

	MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"addr:%s,%d,%s,%d %s",saddr_str,sport,daddr_str,dport,buf);

	return 0;

}




int kni_log_debug_bak(int level,char* module,const void* a_packet,char* content)
{
	unsigned short sport=0;
	unsigned short dport=0;
	char saddr_str[INET6_ADDRSTRLEN ]={0};
	char daddr_str[INET6_ADDRSTRLEN ]={0};

	struct ip* ipv4_hdr = (struct ip*)a_packet;
    struct kni_ipv6_hdr* ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
	struct tcphdr* tcphdr = NULL;

	if(ipv4_hdr->ip_v==4)
	{
		tcphdr=(struct tcphdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));

		inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_src).s_addr), saddr_str, INET_ADDRSTRLEN);
		inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_dst).s_addr), daddr_str, INET_ADDRSTRLEN);

	}
	else if((ipv6_hdr->ip6_flags[0] & 0xF0) == 0x60)
	{
		if(ipv6_hdr->ip6_nex_hdr != NEXTHDR_TCP)
		{
			return -1;
		}
	
		tcphdr =(struct tcphdr*)( (unsigned char*)ipv6_hdr + sizeof(struct kni_ipv6_hdr));

		inet_ntop(AF_INET, (void *)&(ipv6_hdr->ip6_src), saddr_str, INET6_ADDRSTRLEN);
		inet_ntop(AF_INET, (void *)&(ipv6_hdr->ip6_dst), daddr_str, INET6_ADDRSTRLEN);
		
	}
	
	sport=ntohs(tcphdr->source);
	dport=ntohs(tcphdr->dest);
	

	MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"addr:%s,%d,%s,%d %s",saddr_str,sport,daddr_str,dport,content);

	return 0;

}


/****************************************************************************
if(sport<dport)								server=s
else if((sport==dport)&&(sip<dip))			server=s
else										server=d
****************************************************************************/
int kni_get_ipaddr_v4(void* a_packet,struct stream_tuple4_v4* ipaddr)
{
	int reverse_flag=0;
	
	unsigned short sport=0;
	unsigned short dport =0;
	
	struct ip* iphdr=(struct ip*)a_packet;
	struct tcphdr* tcphdr=NULL;

	iphdr=(struct ip*)a_packet;
	tcphdr=(struct tcphdr*)((char*)iphdr+4*(iphdr->ip_hl));

	sport=ntohs(tcphdr->source);
	dport=ntohs(tcphdr->dest);

	if((sport<dport)||((sport==dport)&&(ntohl((iphdr->ip_src).s_addr)<ntohl((iphdr->ip_dst).s_addr))))
	{
		reverse_flag=1;
	}

	if(reverse_flag==1)
	{
		ipaddr->saddr=(iphdr->ip_dst).s_addr;
		ipaddr->daddr=(iphdr->ip_src).s_addr;
		ipaddr->source=tcphdr->dest;
		ipaddr->dest=tcphdr->source;
	}
	else
	{
		ipaddr->saddr=(iphdr->ip_src).s_addr;
		ipaddr->daddr=(iphdr->ip_dst).s_addr;
		ipaddr->source=tcphdr->source;
		ipaddr->dest=tcphdr->dest;
	}


	return reverse_flag;
}



/****************************************************************************
if(sport<dport)								server=s
else if((sport==dport)&&(sip<dip))			server=s
else										server=d
****************************************************************************/
int kni_get_ipaddr_v6(void* a_packet,struct stream_tuple4_v6* ipaddr)
{
	int reverse_flag=0;
	
	unsigned short sport=0;
	unsigned short dport =0;
	
	struct kni_ipv6_hdr* ipv6_hdr=(struct kni_ipv6_hdr*)a_packet;
	struct tcphdr* tcphdr=(struct tcphdr*)((unsigned char*)a_packet+sizeof(struct kni_ipv6_hdr));
	
	sport=ntohs(tcphdr->source);
	dport=ntohs(tcphdr->dest);

	if(sport<dport)
	{
		reverse_flag=1;
	}

	if(reverse_flag==1)
	{
		memcpy(ipaddr->saddr, ipv6_hdr->ip6_dst.s6_addr32, sizeof(ipaddr->saddr));
		memcpy(ipaddr->daddr, ipv6_hdr->ip6_src.s6_addr32, sizeof(ipaddr->daddr));
		ipaddr->source=tcphdr->dest;
		ipaddr->dest=tcphdr->source;
	}
	else
	{
		memcpy(ipaddr->saddr, ipv6_hdr->ip6_src.s6_addr32, sizeof(ipaddr->saddr));
		memcpy(ipaddr->daddr, ipv6_hdr->ip6_dst.s6_addr32, sizeof(ipaddr->daddr));
		ipaddr->source=tcphdr->source;
		ipaddr->dest=tcphdr->dest;
	}


	return reverse_flag;
}

int kni_get_tcpinfo(struct kni_wndpro_reply_info* lastpkt_info,struct kni_tcp_hdr* tcphdr,int tcplen)
{
	lastpkt_info->seq=ntohl(tcphdr->th_seq);
	lastpkt_info->ack=ntohl(tcphdr->th_ack);
	lastpkt_info->len=tcplen;
	lastpkt_info->wndsize=ntohs(tcphdr->th_win);

	if(tcphdr->th_flags&TH_SYN)
	{
		lastpkt_info->syn_flag=1;
	}

	return 0;
}

int kni_get_tcpopt(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len,unsigned short* mss,unsigned char* winscale,unsigned char* scak,unsigned char* timestamps)
{

	*mss=KNI_DEFAULT_MSS;
	*winscale=KNI_DEFAULT_WINSCLE;


	int remain_len=tcp_hdr_len;
	struct kni_tcp_opt_format* tcp_opt=NULL;

	if((tcp_hdr_len<=20)||(tcp_hdr_len>64))
	{
		return 0;
	}

	tcp_opt=(struct kni_tcp_opt_format*)((char*)tcphdr+TCPHDR_DEFAULT_LEN);
	remain_len-=TCPHDR_DEFAULT_LEN;

	while(remain_len)
	{
		if(tcp_opt->type==KNI_TCPOPT_MSS)			//MSS
		{
			remain_len-=tcp_opt->len;
			*mss=htons(*(unsigned short*)(tcp_opt->content));
			tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len);

			continue;
		}
		else if(tcp_opt->type==KNI_TCPOPT_WINSCALE)			//winscale
		{
			remain_len-=tcp_opt->len;
			*winscale=*(unsigned char*)(tcp_opt->content);
			tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len);

			continue;
		}
		else if(tcp_opt->type==KNI_TCPOPT_SACKOK)			//scak
		{
			remain_len-=tcp_opt->len;
			*scak=1;
			tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len);

			continue;
		}
		else if(tcp_opt->type==KNI_TCPOPT_TIMESTAMP)			//timestamp
		{
			remain_len-=tcp_opt->len;
			*timestamps=1;
			tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len);

			continue;
		}
		else if((tcp_opt->type==0)||(tcp_opt->type==1))
		{
			remain_len-=1;
			tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+1);

			continue;
			
		}
		else
		{
			remain_len-=tcp_opt->len;
			tcp_opt=(struct kni_tcp_opt_format*)((char*)tcp_opt+tcp_opt->len);

			continue;
			
		}
	}

	return 0;

}

char* kni_get_payload(const struct streaminfo* pstream,int* datalen)
{
	char* data=NULL;

	if(pstream->type==STREAM_TYPE_TCP)
	{
		data=(char*)(pstream->ptcpdetail->pdata);
		*datalen=pstream->ptcpdetail->datalen;
	}
	else if(pstream->type==STREAM_TYPE_UDP)
	{
		data=(char*)(pstream->pudpdetail->pdata);
		*datalen=pstream->pudpdetail->datalen;
	}
	else
	{
		data=NULL;
		*datalen=0;
	}

	return data;
	
	
}




int kni_filestate2_set(int thread_seq,enum kni_FS_COLUME colum_index,int bytes,int pktnum)
{
	g_kni_fs2_info.column_value_pkt[thread_seq][colum_index]+=pktnum;
	g_kni_fs2_info.column_value_bytes[thread_seq][colum_index]+=bytes;

	return 0;

}


int kni_filestate2_init()
{	
//	int i=0;
//	int j=0;
	int value=1;
	unsigned int fs2_sport=0;
	char fs2_filename[KNI_MAX_BUFLEN]={0};
	char fs2_sip[KNI_MAX_BUFLEN]={0};

	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_FS_MODE,(char*)"filestat2_filename",fs2_filename,KNI_MAX_BUFLEN,(char*)"./log/kni_fs2.log");
	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_FS_MODE,(char*)"filestat2_sip",fs2_sip,KNI_MAX_BUFLEN,(char*)"0.0.0.0");
	MESA_load_profile_uint_def((char*)KNI_CONF_FILENAME,(char*)KNI_FS_MODE,(char*)"filestat2_sport",(unsigned int*)&fs2_sport,0);

	g_kni_fs2_info.handler=FS_create_handle();

	FS_set_para(g_kni_fs2_info.handler, OUTPUT_DEVICE,fs2_filename, strlen(fs2_filename)+1);
	FS_set_para(g_kni_fs2_info.handler, PRINT_MODE, &value, sizeof(value));
	FS_set_para(g_kni_fs2_info.handler, STAT_CYCLE, &value, sizeof(value));
	FS_set_para(g_kni_fs2_info.handler, CREATE_THREAD, &value, sizeof(value));
	FS_set_para(g_kni_fs2_info.handler, APP_NAME, FS2_APPNAME, strlen(FS2_APPNAME)+1);

	if(fs2_sport!=0)
	{
		FS_set_para(g_kni_fs2_info.handler, STATS_SERVER_IP, fs2_sip, strlen(fs2_sip)+1);
		FS_set_para(g_kni_fs2_info.handler, STATS_SERVER_PORT,&fs2_sport,sizeof(int));
	}


	g_kni_fs2_info.field_id[FS_PENDING]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_pending");
	g_kni_fs2_info.field_id[FS_CLOSE_TIMEOUT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_cls_to");
	g_kni_fs2_info.field_id[FS_CLOSE_FIN]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_cls_fin");
	g_kni_fs2_info.field_id[FS_CLOSE_DROPME]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_cls_dropme");
	g_kni_fs2_info.field_id[FS_HTTP]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_http");
	g_kni_fs2_info.field_id[FS_SSL]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_ssl");
	g_kni_fs2_info.field_id[FS_CLIENT_HELLO]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_hello");
	g_kni_fs2_info.field_id[FS_SNI]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_sni");
	g_kni_fs2_info.field_id[FS_NOT_HTTP_SSL]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_not_identify");
	g_kni_fs2_info.field_id[FS_WHITELIST]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_whitelist");
	g_kni_fs2_info.field_id[FS_INTERCEPT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_intercept");
	g_kni_fs2_info.field_id[FS_REDIRECT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_redirect");
	g_kni_fs2_info.field_id[FS_REDIRECT_REPLY]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_redirect_reply");
	g_kni_fs2_info.field_id[FS_RATELIMIT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_ratelimit");
	g_kni_fs2_info.field_id[FS_NOT_HIT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_not_hit");
	g_kni_fs2_info.field_id[FS_RATELIMIT_UDP]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"ratelimit_udp_pkt");
	g_kni_fs2_info.field_id[FS_REPLACE_UDP]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"replace_udp_pkt");
	g_kni_fs2_info.field_id[FS_REPAIR_TOTAL]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_total");
	g_kni_fs2_info.field_id[FS_REPAIR_SOCK_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_sock_err");
	g_kni_fs2_info.field_id[FS_REPAIR_SET_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_set_err");
	g_kni_fs2_info.field_id[FS_REPAIR_JOINLQ_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_e_joinq");
	g_kni_fs2_info.field_id[FS_REPAIR_SEND_SUCC]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_send");
	g_kni_fs2_info.field_id[FS_REPAIR_SEND_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_send_err");
	g_kni_fs2_info.field_id[FS_PKT_ADD_LQ_SUCC]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pkt_qin");
	g_kni_fs2_info.field_id[FS_PKT_ADD_LQ_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pkt_qin_err");
	g_kni_fs2_info.field_id[FS_PKT_GET_LQ_SUCC]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pkt_qout");
	g_kni_fs2_info.field_id[FS_PKT_GET_LQ_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pkt_qout_err");
	g_kni_fs2_info.field_id[FS_WR_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"wr_pkts");
	g_kni_fs2_info.field_id[FS_WR_ERR_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"wr_err_pkts");
	g_kni_fs2_info.field_id[FS_WR_BYTES]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"wr_bytes");
	g_kni_fs2_info.field_id[FS_RD_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"rd_pkts");
	g_kni_fs2_info.field_id[FS_RD_BYTES]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"rd_bytes");
	g_kni_fs2_info.field_id[FS_RX_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"rx_pkts");
	g_kni_fs2_info.field_id[FS_RX_BYTES]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"rx_bytes");
	g_kni_fs2_info.field_id[FS_TX_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"tx_pkts");
	g_kni_fs2_info.field_id[FS_TX_BYTES]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"tx_bytes");
	g_kni_fs2_info.field_id[FS_DROP_IPV6OPT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_ipv6_opt");
	g_kni_fs2_info.field_id[FS_DROP_NOTIN_HTABLE]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_notin_htab");
	g_kni_fs2_info.field_id[FS_DROP_NOTIPV46_SAPP]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_not_ipv46_s");
	g_kni_fs2_info.field_id[FS_DROP_NOTIPV46_TUN]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_not_ipv46_t");
	g_kni_fs2_info.field_id[FS_DROP_ADDHTABLE_ERROR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_add_htal_err");
	g_kni_fs2_info.field_id[FS_PMENUM]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pme_num");
	g_kni_fs2_info.field_id[FS_REPLAY_WINDOW]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"replay_win");
	g_kni_fs2_info.field_id[FS_HTABLE_ADD]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"add_htab");
	g_kni_fs2_info.field_id[FS_HTABLE_DEL]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"del_htab");






	g_kni_fs2_info.metric_tun_read=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "tun_read(us)" ,1,1000000,2);
	g_kni_fs2_info.metric_forward=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "forward(us)" ,1,1000000,2);
	g_kni_fs2_info.metric_sapp_proc=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "sapp_proc(us)" ,1,1000000,2);
	g_kni_fs2_info.metric_tcprepair=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "tcprepair(us)" ,1,1000000,2);
	g_kni_fs2_info.metric_tun_write=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "tun_write(us)" ,1,1000000,2);
	g_kni_fs2_info.metric_sendfd=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "send_fds(us)" ,1,1000000,2);
	g_kni_fs2_info.metric_qout_fd=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "q_out_fds(us)" ,1,1000000,2);
	g_kni_fs2_info.metric_qout_pkt=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "q_out_pkts(us)" ,1,1000000,2);


	FS_start(g_kni_fs2_info.handler);

	return 0;
}


void* kni_filestat2(void* arg)
{
	int i=0;
	int j=0;

	unsigned long long column_value[FS2_COLUMN_NUM];

	kni_filestate2_init();

	while(1)
	{
		for(i=0;i<FS2_COLUMN_NUM;i++)
		{
			column_value[i]=0;
		
			for(j=0;j<g_iThreadNum;j++)
			{
				column_value[i]+=g_kni_fs2_info.column_value_pkt[j][i];
			}
		
			FS_operate(g_kni_fs2_info.handler,g_kni_fs2_info.field_id[i], 0,FS_OP_SET,column_value[i]);
		}

		sleep(1);
	}

	return NULL;
}




int kni_order_action(int old_action,int new_action)
{
	if((old_action == KNI_ACTION_WHITELIST) || (new_action == KNI_ACTION_WHITELIST))
	{
		return KNI_ACTION_WHITELIST;
	}
	else if((old_action == KNI_ACTION_MONITOR) || (new_action == KNI_ACTION_MONITOR))
	{
		return KNI_ACTION_MONITOR;
	}
	else if((old_action == KNI_ACTION_REDIRECT) || (new_action == KNI_ACTION_REDIRECT))
	{
		return KNI_ACTION_REDIRECT;
	}
	else if((old_action == KNI_ACTION_REPLACE) || (new_action == KNI_ACTION_REPLACE))
	{
		return KNI_ACTION_REPLACE;
	}
	else if((old_action == KNI_ACTION_RATELIMIT) || (new_action == KNI_ACTION_RATELIMIT))
	{
		return KNI_ACTION_RATELIMIT;
	}


	return KNI_ACTION_NONE;

}

int kni_get_service_defined(int new_action,struct Maat_rule_t* maat_result,struct kni_pme_info* pmeinfo)
{
//	if((new_action == KNI_ACTION_REPLACE) || (new_action == KNI_ACTION_RATELIMIT))
	{
		if(maat_result->serv_def_len > KNI_SERVICE_LEN)
		{
			pmeinfo->ser_def_len = 0;
			
			MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,(char*)"get_service_defined",
					"maat_result->serv_def_len is %d,large than KNI_SERVICE_LEN %d",maat_result->serv_def_len,KNI_SERVICE_LEN);

			return -1;
		}

		pmeinfo->cfg_id = maat_result->config_id;
		pmeinfo->ser_def_len = maat_result->serv_def_len;
		assert((int)sizeof(pmeinfo->service_defined) > maat_result->serv_def_len);
		memcpy(pmeinfo->service_defined,maat_result->service_defined,maat_result->serv_def_len);
	}
	
	return 0;
}




int kni_get_keyring(struct kni_pme_info* pmeinfo)
{
	char* tmp = NULL;
	
	tmp = kni_memncasemem(pmeinfo->service_defined, pmeinfo->ser_def_len,(char*)"keyring_id=", strlen("keyring_id="));
	if(tmp == NULL)
	{		
		MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,"KEYRING_ID","there is no keyring id!cfg_id:%d,region:%s",pmeinfo->cfg_id,pmeinfo->service_defined);
		return -1;
	}

	tmp += strlen("keyring_id=");

	pmeinfo->keyring_id= atoi(tmp);

	return 0;
	
}


int kni_process_maatresult(int result_num,struct Maat_rule_t* maat_result,struct kni_pme_info* pmeinfo)
{
	
	int i=0;
	int cur_action = KNI_ACTION_NONE;
	int old_action = pmeinfo->action;

	int keyring_id_old = 0;


	for(i=0;i<result_num;i++)
	{
		cur_action = abs(maat_result[i].action);
		if(cur_action == KNI_ACTION_WHITELIST)
		{
			pmeinfo->action=cur_action;
			pmeinfo->cfg_id=maat_result[i].config_id;
			
			return 0;
		}

		old_action = pmeinfo->action;
		pmeinfo->action= kni_order_action(old_action,cur_action);

		if(old_action != pmeinfo->action)
		{
			kni_get_service_defined(cur_action,&maat_result[i],pmeinfo);
		}

		if((pmeinfo->ipsscan_action!= KNI_ACTION_MONITOR) && (pmeinfo->action == KNI_ACTION_MONITOR))
		{
			keyring_id_old = pmeinfo->keyring_id;
			kni_get_keyring(pmeinfo);	

			pmeinfo->keyring_id = pmeinfo->keyring_id>keyring_id_old ? pmeinfo->keyring_id : keyring_id_old;
		}
	}

	
	if((result_num == -2) && (pmeinfo->action == KNI_ACTION_NONE))
	{
		pmeinfo->action = KNI_ACTION_HALFHIT;
	}

	

	return 0;

}