日志接口调用总控提供的接口
This commit is contained in:
崔一鸣
@@ -8,18 +8,17 @@ bypass: drome: pme_new_fail: destroy_pme
|
||||
giveme: policy: destroy_pme + send_log
|
||||
dup_traffic: destroy_pme + send_log
|
||||
*/
|
||||
|
||||
#define __STDC_FORMAT_MACROS
|
||||
#include "kni_utils.h"
|
||||
#include "marsio.h"
|
||||
#include "MESA/stream_inc/sapp_inject.h"
|
||||
#include "kni_cmsg.h"
|
||||
#include "uuid/uuid.h"
|
||||
#include "cjson/cJSON.h"
|
||||
#include "kni_send_logger.h"
|
||||
#include <linux/if_ether.h>
|
||||
#include <signal.h>
|
||||
#include <inttypes.h>
|
||||
#include "tfe_mgr.h"
|
||||
#include "tsg_rule.h"
|
||||
#include "tsg_send_log.h"
|
||||
//#include "tsg_rule.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -55,20 +54,12 @@ enum intercept_error{
|
||||
|
||||
/* action
|
||||
0x00: none
|
||||
0x01: monitor
|
||||
0x02: intercept
|
||||
0x10: reject
|
||||
0x30: Manipulate
|
||||
0x60: steer
|
||||
0x80: bypass
|
||||
*/
|
||||
enum kni_action{
|
||||
KNI_ACTION_NONE = 0x00,
|
||||
KNI_ACTION_MONITOR = 0x01,
|
||||
KNI_ACTION_INTERCEPT = 0x02,
|
||||
KNI_ACTION_REJECT = 0x10,
|
||||
KNI_ACTION_MANIPULATE = 0x30,
|
||||
KNI_ACTION_STEER = 0x60,
|
||||
KNI_ACTION_BYPASS = 0x80
|
||||
};
|
||||
|
||||
@@ -102,7 +93,7 @@ struct pme_info{
|
||||
int tfe_id;
|
||||
pthread_mutex_t lock;
|
||||
enum intercept_error intcp_error;
|
||||
char stream_traceid[STREAM_TRACEID_LEN];
|
||||
char stream_traceid[24];
|
||||
//cjson check protocol
|
||||
union{
|
||||
char host[MAX_DOAMIN_LEN]; //http only
|
||||
@@ -113,19 +104,12 @@ struct pme_info{
|
||||
int tfe_release;
|
||||
int sapp_release;
|
||||
//kafka log
|
||||
struct layer_addr *addr;
|
||||
unsigned char dir;
|
||||
uint64_t server_bytes;
|
||||
uint64_t client_bytes;
|
||||
uint64_t server_pkts;
|
||||
uint64_t client_pkts;
|
||||
|
||||
struct timespec start_time;
|
||||
struct timespec end_time;
|
||||
uint64_t con_duration_ms;
|
||||
const struct streaminfo *stream;
|
||||
int maat_result_num;
|
||||
Maat_rule_t maat_result;
|
||||
//from tfe, kafka log
|
||||
uint64_t intercept_state;
|
||||
uint64_t pinningst; //defalut 0
|
||||
uint64_t ssl_intercept_state;
|
||||
uint64_t ssl_pinningst; //defalut 0
|
||||
uint64_t ssl_server_side_latency;
|
||||
uint64_t ssl_client_side_latency;
|
||||
char ssl_server_side_version[KNI_SYMBOL_MAX];
|
||||
@@ -134,7 +118,7 @@ struct pme_info{
|
||||
char ssl_error[KNI_STRING_MAX];
|
||||
|
||||
//for dup traffic detect
|
||||
int has_dup_traffic;
|
||||
uint64_t has_dup_traffic;
|
||||
int has_dup_syn;
|
||||
int has_dup_syn_ack;
|
||||
struct dup_traffic_dabloom_key *syn_packet;
|
||||
@@ -195,7 +179,6 @@ struct kni_handle{
|
||||
struct kni_send_logger *send_logger;
|
||||
MESA_htable_handle traceid2pme_htable;
|
||||
struct per_thread_handle *threads_handle;
|
||||
uint32_t local_ipv4;
|
||||
void *local_logger;
|
||||
struct tfe_mgr *_tfe_mgr;
|
||||
int thread_count;
|
||||
@@ -269,9 +252,6 @@ static void pme_info_destroy(void *data){
|
||||
struct pme_info *pmeinfo = (struct pme_info *)data;
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
if(pmeinfo != NULL){
|
||||
//free layer_addr
|
||||
layer_addr_free(pmeinfo->addr);
|
||||
pmeinfo->addr=NULL;
|
||||
//free lock
|
||||
pthread_mutex_destroy(&(pmeinfo->lock));
|
||||
//free syn/syn_ack
|
||||
@@ -289,15 +269,11 @@ static void pme_info_destroy(void *data){
|
||||
|
||||
static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stream, int thread_seq){
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
pmeinfo->stream = stream;
|
||||
pmeinfo->addr_type = (enum addr_type_t)stream->addr.addrtype;
|
||||
pmeinfo->ssl_cert_verify = -1;
|
||||
//uuid_t uu;
|
||||
//uuid_generate_random(uu);
|
||||
//uuid_unparse(uu, pmeinfo->stream_traceid);
|
||||
clock_gettime(CLOCK_REALTIME, &(pmeinfo->start_time));
|
||||
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%d%lld.%.9ld",
|
||||
thread_seq, (long long)pmeinfo->start_time.tv_sec, pmeinfo->start_time.tv_nsec);
|
||||
pmeinfo->addr = layer_addr_dup(&(stream->addr));
|
||||
uint64_t traceid = tsg_get_stream_id((struct streaminfo*)stream);
|
||||
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%" PRIu64 , traceid);
|
||||
if(pmeinfo->addr_type == ADDR_TYPE_IPV6){
|
||||
kni_addr_trans_v6(stream->addr.tuple4_v6, pmeinfo->stream_addr, sizeof(pmeinfo->stream_addr));
|
||||
}
|
||||
@@ -313,155 +289,78 @@ static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stre
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int log_generate(struct pme_info *pmeinfo, void *local_logger){
|
||||
//create cjson
|
||||
cJSON *log_obj = cJSON_CreateObject();
|
||||
//stream_traceid
|
||||
cJSON_AddStringToObject(log_obj, "stream_trace_id", pmeinfo->stream_traceid);
|
||||
//policy_id
|
||||
cJSON_AddNumberToObject(log_obj, "policy_id", pmeinfo->policy_id);
|
||||
//action
|
||||
cJSON_AddNumberToObject(log_obj, "action", pmeinfo->action);
|
||||
//service
|
||||
cJSON_AddNumberToObject(log_obj, "service", pmeinfo->service);
|
||||
//start_time
|
||||
cJSON_AddNumberToObject(log_obj, "start_time", pmeinfo->start_time.tv_sec);
|
||||
if(pmeinfo->intcp_error >= 0){
|
||||
//end_time
|
||||
cJSON_AddNumberToObject(log_obj, "end_time", pmeinfo->end_time.tv_sec);
|
||||
//con_duration_ms
|
||||
cJSON_AddNumberToObject(log_obj, "con_duration_ms", (pmeinfo->end_time.tv_sec - pmeinfo->start_time.tv_sec) * 1000
|
||||
+ (pmeinfo->end_time.tv_nsec - pmeinfo->start_time.tv_nsec) / 1000000);
|
||||
}
|
||||
//stream_info: addr_type, trans_proto, client_ip, client_port, server_ip, server_port
|
||||
const struct layer_addr *addr = pmeinfo->addr;
|
||||
char client_ip_str[INET6_ADDRSTRLEN] = "";
|
||||
char server_ip_str[INET6_ADDRSTRLEN] = "";
|
||||
switch(addr->addrtype){
|
||||
case ADDR_TYPE_IPV4:
|
||||
cJSON_AddNumberToObject(log_obj, "addr_type", 4);
|
||||
inet_ntop(AF_INET, &(addr->tuple4_v4->saddr), client_ip_str, sizeof(client_ip_str));
|
||||
inet_ntop(AF_INET, &(addr->tuple4_v4->daddr), server_ip_str, sizeof(server_ip_str));
|
||||
cJSON_AddStringToObject(log_obj, "client_ip", client_ip_str);
|
||||
cJSON_AddStringToObject(log_obj, "server_ip", server_ip_str);
|
||||
cJSON_AddNumberToObject(log_obj, "client_port", ntohs(addr->tuple4_v4->source));
|
||||
cJSON_AddNumberToObject(log_obj, "server_port", ntohs(addr->tuple4_v4->dest));
|
||||
cJSON_AddStringToObject(log_obj, "trans_proto", "IPv4_TCP");
|
||||
break;
|
||||
case ADDR_TYPE_IPV6:
|
||||
cJSON_AddNumberToObject(log_obj, "addr_type", 6);
|
||||
inet_ntop(AF_INET6, addr->tuple4_v6->saddr, client_ip_str, sizeof(client_ip_str));
|
||||
inet_ntop(AF_INET6, addr->tuple4_v6->daddr, server_ip_str, sizeof(server_ip_str));
|
||||
cJSON_AddStringToObject(log_obj, "client_ip", client_ip_str);
|
||||
cJSON_AddStringToObject(log_obj, "server_ip", server_ip_str);
|
||||
cJSON_AddNumberToObject(log_obj, "client_port", ntohs(addr->tuple4_v6->source));
|
||||
cJSON_AddNumberToObject(log_obj, "server_port", ntohs(addr->tuple4_v6->dest));
|
||||
cJSON_AddStringToObject(log_obj, "trans_proto", "IPv6_TCP");
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
//entrance_id: 0
|
||||
cJSON_AddNumberToObject(log_obj, "entrance_id", 0);
|
||||
//device_id: 0
|
||||
cJSON_AddNumberToObject(log_obj, "device_id", 0);
|
||||
//link_id: 0
|
||||
cJSON_AddNumberToObject(log_obj, "link_id", 0);
|
||||
//isp: null
|
||||
cJSON_AddStringToObject(log_obj, "isp", "");
|
||||
//encap_type: from sapp, 先填0
|
||||
cJSON_AddNumberToObject(log_obj, "encap_type", 0);
|
||||
|
||||
//pinning state: from tfe
|
||||
cJSON_AddNumberToObject(log_obj, "pinningst", pmeinfo->pinningst);
|
||||
//intercept state: from tfe
|
||||
cJSON_AddNumberToObject(log_obj, "intercept_state", pmeinfo->intercept_state);
|
||||
//ssl upstream latency: from tfe
|
||||
cJSON_AddNumberToObject(log_obj, "ssl_server_side_latency", pmeinfo->ssl_server_side_latency);
|
||||
//ssl downstream latency: from tfe
|
||||
cJSON_AddNumberToObject(log_obj, "ssl_client_side_latency", pmeinfo->ssl_client_side_latency);
|
||||
//ssl upstream version: from tfe
|
||||
cJSON_AddStringToObject(log_obj, "ssl_server_side_version", pmeinfo->ssl_server_side_version);
|
||||
//ssl downstream version: from tfe
|
||||
cJSON_AddStringToObject(log_obj, "ssl_client_side_version", pmeinfo->ssl_client_side_version);
|
||||
//ssl cert verify
|
||||
if(pmeinfo->ssl_cert_verify != -1){
|
||||
cJSON_AddNumberToObject(log_obj, "ssl_cert_verify", pmeinfo->ssl_cert_verify);
|
||||
}
|
||||
|
||||
//direction: 0
|
||||
cJSON_AddNumberToObject(log_obj, "direction", 0);
|
||||
//stream_dir: from sapp
|
||||
cJSON_AddNumberToObject(log_obj, "stream_dir", pmeinfo->dir);
|
||||
//cap_ip: kni ip
|
||||
char local_ipv4_str[INET6_ADDRSTRLEN];
|
||||
inet_ntop(AF_INET, &(g_kni_handle->local_ipv4), local_ipv4_str, sizeof(local_ipv4_str));
|
||||
cJSON_AddStringToObject(log_obj, "cap_ip", local_ipv4_str);
|
||||
//addr_list
|
||||
cJSON_AddStringToObject(log_obj, "addr_list", "");
|
||||
//host: http_only
|
||||
if(pmeinfo->protocol == PROTO_HTTP){
|
||||
cJSON_AddStringToObject(log_obj, "host", pmeinfo->domain.host);
|
||||
}
|
||||
//sni: ssl only
|
||||
if(pmeinfo->protocol == PROTO_SSL){
|
||||
cJSON_AddStringToObject(log_obj, "sni", pmeinfo->domain.sni);
|
||||
}
|
||||
//c2s_pkt_num
|
||||
cJSON_AddNumberToObject(log_obj, "c2s_pkt_num", pmeinfo->server_pkts);
|
||||
//s2c_pkt_num
|
||||
cJSON_AddNumberToObject(log_obj, "s2c_pkt_num", pmeinfo->client_pkts);
|
||||
//c2s_byte_num
|
||||
cJSON_AddNumberToObject(log_obj, "c2s_byte_num", pmeinfo->server_bytes);
|
||||
//s2c_byte_num
|
||||
cJSON_AddNumberToObject(log_obj, "s2c_byte_num", pmeinfo->client_bytes);
|
||||
/*keys:
|
||||
common: common_has_dup_traffic, common_stream_error
|
||||
http: http_host
|
||||
ssl: ssl_sni, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version,
|
||||
ssl_cert_verify
|
||||
*/
|
||||
static int log_generate(struct pme_info *pmeinfo){
|
||||
void *local_logger = g_kni_handle->local_logger;
|
||||
TLD_handle_t tld_handle = TLD_create(-1);
|
||||
//common
|
||||
//schema_type
|
||||
TLD_append(tld_handle, (char*)"common_schema_type", (void*)(pmeinfo->protocol == PROTO_SSL ? "SSL" : "HTTP"), TLD_TYPE_STRING);
|
||||
//dup_traffic
|
||||
cJSON_AddNumberToObject(log_obj, "has_dup_traffic", pmeinfo->has_dup_traffic);
|
||||
TLD_append(tld_handle, (char*)"common_has_dup_traffic", (void*)pmeinfo->has_dup_traffic, TLD_TYPE_LONG);
|
||||
//intercept_error
|
||||
if(pmeinfo->intcp_error < 0){
|
||||
char *stream_errmsg = stream_errmsg_session_record(pmeinfo->intcp_error);
|
||||
cJSON_AddStringToObject(log_obj, "intercept_error", stream_errmsg);
|
||||
TLD_append(tld_handle, (char*)"common_stream_error", (void*)stream_errmsg, TLD_TYPE_STRING);
|
||||
}
|
||||
int ret = -1;
|
||||
char *log_msg = cJSON_PrintUnformatted(log_obj);
|
||||
cJSON_Delete(log_obj);
|
||||
if(log_msg == NULL){
|
||||
KNI_LOG_ERROR(local_logger, "Failed at cJSON_Print, stream_treaceid = %s", pmeinfo->stream_traceid);
|
||||
goto error_out;
|
||||
|
||||
//ssl
|
||||
if(pmeinfo->protocol == PROTO_SSL){
|
||||
TLD_append(tld_handle, (char*)"ssl_sni", (void*)pmeinfo->domain.sni, TLD_TYPE_STRING);
|
||||
//pinning state: from tfe
|
||||
TLD_append(tld_handle, (char*)"ssl_pinningst", (void*)pmeinfo->ssl_pinningst, TLD_TYPE_LONG);
|
||||
//intercept state: from tfe
|
||||
TLD_append(tld_handle, (char*)"ssl_intercept_state", (void*)pmeinfo->ssl_intercept_state, TLD_TYPE_LONG);
|
||||
//ssl upstream latency: from tfe
|
||||
TLD_append(tld_handle, (char*)"ssl_server_side_latency", (void*)pmeinfo->ssl_server_side_latency, TLD_TYPE_LONG);
|
||||
//ssl downstream latency: from tfe
|
||||
TLD_append(tld_handle, (char*)"ssl_client_side_latency", (void*)pmeinfo->ssl_client_side_latency, TLD_TYPE_LONG);
|
||||
//ssl upstream version: from tfe
|
||||
TLD_append(tld_handle, (char*)"ssl_server_side_version", (void*)pmeinfo->ssl_server_side_version, TLD_TYPE_STRING);
|
||||
//ssl downstream version: from tfe
|
||||
TLD_append(tld_handle, (char*)"ssl_client_side_version", (void*)pmeinfo->ssl_client_side_version, TLD_TYPE_STRING);
|
||||
//ssl cert verify
|
||||
if(pmeinfo->ssl_cert_verify != -1){
|
||||
TLD_append(tld_handle, (char*)"ssl_cert_verify", (void*)pmeinfo->ssl_cert_verify, TLD_TYPE_LONG);
|
||||
}
|
||||
}
|
||||
//local log
|
||||
KNI_LOG_DEBUG(local_logger, "log_msg = %s\n", log_msg);
|
||||
//sendto kafka
|
||||
ret = kni_send_logger_sendlog(g_kni_handle->send_logger, log_msg, strlen(log_msg));
|
||||
//host
|
||||
if(pmeinfo->protocol == PROTO_HTTP){
|
||||
TLD_append(tld_handle, (char*)"http_host", (void*)pmeinfo->domain.host, TLD_TYPE_STRING);
|
||||
}
|
||||
tsg_log_t log_msg;
|
||||
memset(&log_msg, 0, sizeof(log_msg));
|
||||
log_msg.result_num = pmeinfo->maat_result_num;
|
||||
log_msg.result = &(pmeinfo->maat_result);
|
||||
log_msg.a_stream = (struct streaminfo*)pmeinfo->stream;
|
||||
int ret = tsg_send_log(g_tsg_log_instance, tld_handle, &log_msg, -1);
|
||||
if(ret < 0){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_FAIL], 0, FS_OP_ADD, 1);
|
||||
KNI_LOG_ERROR(local_logger, "Failed at sendlog_to_kafka, ret = %d, strem_traceid = %s",
|
||||
KNI_LOG_ERROR(local_logger, "Failed at sendlog, ret = %d, strem_traceid = %s",
|
||||
ret, pmeinfo->stream_traceid);
|
||||
goto error_out;
|
||||
}
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_SUCC], 0, FS_OP_ADD, 1);
|
||||
cJSON_free(log_msg);
|
||||
return 0;
|
||||
|
||||
error_out:
|
||||
if(log_msg != NULL){
|
||||
cJSON_free(log_msg);
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
static void stream_destroy(struct pme_info *pmeinfo, int do_log){
|
||||
static void stream_destroy(struct pme_info *pmeinfo){
|
||||
//sendlog
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
int ret;
|
||||
if(do_log == 1){
|
||||
ret = log_generate(pmeinfo, logger);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
}
|
||||
else{
|
||||
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
}
|
||||
int ret = log_generate(pmeinfo);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
}
|
||||
else{
|
||||
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
}
|
||||
//free pme
|
||||
pme_info_destroy(pmeinfo);
|
||||
@@ -1142,27 +1041,15 @@ static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){
|
||||
|
||||
/* action
|
||||
0x00: none
|
||||
0x01: monitor
|
||||
0x02: intercept
|
||||
0x10: reject
|
||||
0x30: Manipulate
|
||||
0x60: steer
|
||||
0x80: bypass
|
||||
*/
|
||||
char* kni_maat_action_trans(enum kni_action action){
|
||||
switch(action){
|
||||
case 0x00:
|
||||
return (char*)"none";
|
||||
case 0x01:
|
||||
return (char*)"monitor";
|
||||
case 0x02:
|
||||
return (char*)"intercept";
|
||||
case 0x10:
|
||||
return (char*)"reject";
|
||||
case 0x30:
|
||||
return (char*)"manipulate";
|
||||
case 0x60:
|
||||
return (char*)"steer";
|
||||
case 0x80:
|
||||
return (char*)"bypass";
|
||||
default:
|
||||
@@ -1233,11 +1120,10 @@ void next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
|
||||
char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){
|
||||
//first data packet, get action
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
struct Maat_rule_t result;
|
||||
int maat_hit = 0;
|
||||
int ret = 0;
|
||||
struct _identify_info identify_info;
|
||||
ret = tsg_pull_policy_result(stream, PULL_KNI_RESULT, &result, 1, &identify_info);
|
||||
ret = tsg_pull_policy_result(stream, PULL_KNI_RESULT, &(pmeinfo->maat_result), 1, &identify_info);
|
||||
//ret == 0, bypass and dropme
|
||||
if(ret == 0){
|
||||
pmeinfo->action = KNI_ACTION_NONE;
|
||||
@@ -1246,12 +1132,13 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
||||
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
|
||||
}
|
||||
else{
|
||||
pmeinfo->maat_result_num = 1;
|
||||
pmeinfo->protocol = identify_info.proto;
|
||||
pmeinfo->domain_len = MIN(identify_info.domain_len, (int)sizeof(pmeinfo->domain) - 1);
|
||||
strncpy(pmeinfo->domain.sni, identify_info.domain, pmeinfo->domain_len);
|
||||
pmeinfo->action = (enum kni_action)(result.action);
|
||||
pmeinfo->policy_id = result.config_id;
|
||||
pmeinfo->do_log = result.do_log;
|
||||
pmeinfo->action = (enum kni_action)(pmeinfo->maat_result.action);
|
||||
pmeinfo->policy_id = pmeinfo->maat_result.config_id;
|
||||
pmeinfo->do_log = pmeinfo->maat_result.do_log;
|
||||
maat_hit = 1;
|
||||
char *action_str = kni_maat_action_trans(pmeinfo->action);
|
||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
|
||||
@@ -1259,7 +1146,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
||||
}
|
||||
switch(pmeinfo->action){
|
||||
case KNI_ACTION_INTERCEPT:
|
||||
pmeinfo->intercept_state = 1;
|
||||
pmeinfo->ssl_intercept_state = 1;
|
||||
return first_data_intercept(stream, pmeinfo, pktinfo, thread_seq);
|
||||
default:
|
||||
//action != intercept,bypass and dropme
|
||||
@@ -1268,14 +1155,6 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
||||
}
|
||||
|
||||
static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, const void *a_packet, int thread_seq){
|
||||
//pmeinfo->tfe_release = 1: intercept, tfe end first. DO NOT droppkt and dropme
|
||||
if(pmeinfo->tfe_release == 1){
|
||||
pmeinfo->server_bytes=stream->ptcpdetail->serverbytes;
|
||||
pmeinfo->client_bytes=stream->ptcpdetail->clientbytes;
|
||||
pmeinfo->server_pkts=stream->ptcpdetail->serverpktnum;
|
||||
pmeinfo->client_pkts=stream->ptcpdetail->clientpktnum;
|
||||
pmeinfo->dir=stream->dir;
|
||||
}
|
||||
//parse ipv4/6 header
|
||||
struct pkt_info pktinfo;
|
||||
memset(&pktinfo, 0, sizeof(pktinfo));
|
||||
@@ -1320,12 +1199,6 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
|
||||
static char close_opstate(const struct streaminfo *stream, struct pme_info *pmeinfo, int thread_seq){
|
||||
//close: a_packet = null, do not sendto tfe
|
||||
clock_gettime(CLOCK_REALTIME, &(pmeinfo->end_time));
|
||||
pmeinfo->server_bytes=stream->ptcpdetail->serverbytes;
|
||||
pmeinfo->client_bytes=stream->ptcpdetail->clientbytes;
|
||||
pmeinfo->server_pkts=stream->ptcpdetail->serverpktnum;
|
||||
pmeinfo->client_pkts=stream->ptcpdetail->clientpktnum;
|
||||
pmeinfo->dir=stream->dir;
|
||||
switch(pmeinfo->action){
|
||||
case KNI_ACTION_INTERCEPT:
|
||||
//reset clock: when sapp end, start clock
|
||||
@@ -1418,23 +1291,23 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
||||
if((ret & APP_STATE_DROPME)){
|
||||
if(pmeinfo->action != KNI_ACTION_INTERCEPT){
|
||||
if(pmeinfo != NULL){
|
||||
stream_destroy(pmeinfo, 0);
|
||||
stream_destroy(pmeinfo);
|
||||
}
|
||||
}
|
||||
else{
|
||||
if(pmeinfo->intcp_error < 0){
|
||||
pmeinfo->intercept_state = 0;
|
||||
pmeinfo->ssl_intercept_state = 0;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_INTCPERR], 0, FS_OP_ADD, 1);
|
||||
if(pmeinfo != NULL){
|
||||
//pmeinfo->policy_id = -1;
|
||||
stream_destroy(pmeinfo, 1);
|
||||
stream_destroy(pmeinfo);
|
||||
}
|
||||
}
|
||||
else{
|
||||
can_destroy = judge_stream_can_destroy(pmeinfo, CALLER_SAPP);
|
||||
if(can_destroy == 1){
|
||||
traceid2pme_htable_del(pmeinfo);
|
||||
stream_destroy(pmeinfo, pmeinfo->do_log);
|
||||
stream_destroy(pmeinfo);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1587,7 +1460,7 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg,
|
||||
switch(type)
|
||||
{
|
||||
case TFE_CMSG_SSL_INTERCEPT_STATE:
|
||||
memcpy((char*)&(pmeinfo->intercept_state), value, value_size);
|
||||
memcpy((char*)&(pmeinfo->ssl_intercept_state), value, value_size);
|
||||
break;
|
||||
case TFE_CMSG_SSL_UPSTREAM_LATENCY:
|
||||
memcpy((char*)&(pmeinfo->ssl_server_side_latency), value, value_size);
|
||||
@@ -1602,7 +1475,7 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg,
|
||||
memcpy(pmeinfo->ssl_client_side_version, value, value_size);
|
||||
break;
|
||||
case TFE_CMSG_SSL_PINNING_STATE:
|
||||
memcpy((char*)&(pmeinfo->pinningst), value, value_size);
|
||||
memcpy((char*)&(pmeinfo->ssl_pinningst), value, value_size);
|
||||
break;
|
||||
case TFE_CMSG_SSL_CERT_VERIFY:
|
||||
memcpy((char*)&(pmeinfo->ssl_cert_verify), value, value_size);
|
||||
@@ -1623,20 +1496,19 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size
|
||||
struct pme_info *pmeinfo = (struct pme_info*)data;
|
||||
int can_destroy;
|
||||
if(pmeinfo != NULL){
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, sizeof(pmeinfo->intercept_state), logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, sizeof(pmeinfo->ssl_intercept_state), logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_UPSTREAM_LATENCY, sizeof(pmeinfo->ssl_server_side_latency), logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_DOWNSTREAM_LATENCY, sizeof(pmeinfo->ssl_client_side_latency), logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_UPSTREAM_VERSION, sizeof(pmeinfo->ssl_server_side_version) - 1, logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_DOWNSTREAM_VERSION, sizeof(pmeinfo->ssl_client_side_version) - 1, logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_PINNING_STATE, sizeof(pmeinfo->pinningst), logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_PINNING_STATE, sizeof(pmeinfo->ssl_pinningst), logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_CERT_VERIFY, sizeof(pmeinfo->ssl_cert_verify), logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger);
|
||||
clock_gettime(CLOCK_REALTIME, &(pmeinfo->end_time));
|
||||
KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
can_destroy = judge_stream_can_destroy(pmeinfo, CALLER_TFE);
|
||||
if(can_destroy == 1){
|
||||
traceid2pme_htable_del(pmeinfo);
|
||||
stream_destroy(pmeinfo, pmeinfo->do_log);
|
||||
stream_destroy(pmeinfo);
|
||||
}
|
||||
}
|
||||
kni_cmsg_destroy(cmsg);
|
||||
@@ -1976,7 +1848,7 @@ static int traceid2pme_htable_expire_notify_cb(void *data, int eliminate_type){
|
||||
if(can_destroy == 1){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_ID2PME_DEL_SUCC], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_ID2PME_CNT], 0, FS_OP_ADD, -1);
|
||||
stream_destroy(pmeinfo, pmeinfo->do_log);
|
||||
stream_destroy(pmeinfo);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
@@ -2042,7 +1914,6 @@ extern "C" int kni_init(){
|
||||
char log_path[KNI_PATH_MAX] = "";
|
||||
int tfe_node_count = 1;
|
||||
char manage_eth[KNI_SYMBOL_MAX] = "";
|
||||
struct kni_send_logger *send_logger = NULL;
|
||||
struct kni_field_stat_handle *fs_handle = NULL;
|
||||
void *local_logger = NULL;
|
||||
int log_level = -1;
|
||||
@@ -2173,21 +2044,6 @@ extern "C" int kni_init(){
|
||||
}
|
||||
g_kni_fs_handle = fs_handle;
|
||||
|
||||
//init local_ipv4
|
||||
ret = kni_ipv4_addr_get_by_eth(manage_eth, &(g_kni_handle->local_ipv4));
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(local_logger, "Failed at get bind ipv4 addr, eth = %s", manage_eth);
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
//init kni_send_logger
|
||||
send_logger = kni_send_logger_init(profile, local_logger);
|
||||
if(send_logger == NULL){
|
||||
KNI_LOG_ERROR(local_logger, "Failed at init kni_send_logger", manage_eth);
|
||||
goto error_out;
|
||||
}
|
||||
g_kni_handle->send_logger = send_logger;
|
||||
|
||||
//init traceid2pme_htable
|
||||
struct kni_htable_opt opt;
|
||||
memset(&opt, 0, sizeof(opt));
|
||||
|
||||
Reference in New Issue
Block a user