diff --git a/ci/travis.sh b/ci/travis.sh index eeaefc4..03c0ff4 100644 --- a/ci/travis.sh +++ b/ci/travis.sh @@ -34,7 +34,7 @@ env | sort : "${COMPILER_IS_GNUCXX:=OFF}" # Install dependency from YUM -yum install -y mrzcpd numactl-devel zlib-devel librdkafka-devel systemd-devel libMESA_handle_logger-devel libMESA_htable-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel libmaatframe-devel +yum install -y mrzcpd numactl-devel zlib-devel librdkafka-devel systemd-devel libMESA_handle_logger-devel libMESA_htable-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel libmaatframe-devel tsg_master-devel mkdir build || true cd build diff --git a/common/include/kni_cmsg.h b/common/include/kni_cmsg.h index c71c378..3bb9d5e 100644 --- a/common/include/kni_cmsg.h +++ b/common/include/kni_cmsg.h @@ -52,7 +52,7 @@ enum tfe_cmsg_tlv_type TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE, TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL, TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT, - TFE_CMSG_UPSTREAM_TCP_NODELAY , + TFE_CMSG_UPSTREAM_TCP_NODELAY, TFE_CMSG_UPSTREAM_TCP_TTL, TFE_CMSG_UPSTREAM_TCP_KEEPALIVE, TFE_CMSG_UPSTREAM_TCP_KEEPCNT, @@ -78,6 +78,8 @@ enum tfe_cmsg_tlv_type KNI_CMSG_TLV_NR_MAX, }; +extern const char * tfe_cmsg_tlv_type_to_string[KNI_CMSG_TLV_NR_MAX]; + struct kni_cmsg* kni_cmsg_init(); void kni_cmsg_destroy(struct kni_cmsg *cmsg); int kni_cmsg_get(struct kni_cmsg *cmsg, uint16_t type, uint16_t *size, unsigned char **pvalue); @@ -85,3 +87,5 @@ int kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *valu uint16_t kni_cmsg_serialize_size_get(struct kni_cmsg *cmsg); int kni_cmsg_serialize(struct kni_cmsg *cmsg, unsigned char *buff, uint16_t bufflen, uint16_t *serialize_len); int kni_cmsg_deserialize(const unsigned char *data, uint16_t len, struct kni_cmsg** pcmsg); + +void tfe_cmsg_enum_to_string(); \ No newline at end of file diff --git a/common/src/kni_cmsg.cpp b/common/src/kni_cmsg.cpp index 2a194c8..4ec0fde 100644 --- a/common/src/kni_cmsg.cpp +++ b/common/src/kni_cmsg.cpp @@ -1,6 +1,8 @@ #include "kni_utils.h" #include "kni_cmsg.h" +const char * tfe_cmsg_tlv_type_to_string[KNI_CMSG_TLV_NR_MAX]; + struct kni_cmsg_tlv { uint16_t type; @@ -185,3 +187,64 @@ error_out: kni_cmsg_destroy(cmsg); return KNI_CMSG_INVALID_FORMAT; } + + + +void tfe_cmsg_enum_to_string() +{ + memset(tfe_cmsg_tlv_type_to_string, 0 ,sizeof(tfe_cmsg_tlv_type_to_string)); + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_SEQ] = "TFE_CMSG_TCP_RESTORE_SEQ"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_ACK] = "TFE_CMSG_TCP_RESTORE_ACK"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_MSS_CLIENT] = "TFE_CMSG_TCP_RESTORE_MSS_CLIENT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_MSS_SERVER] = "TFE_CMSG_TCP_RESTORE_MSS_SERVER"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT] = "TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_WSACLE_SERVER] = "TFE_CMSG_TCP_RESTORE_WSACLE_SERVER"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_SACK_CLIENT] = "TFE_CMSG_TCP_RESTORE_SACK_CLIENT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_SACK_SERVER] = "TFE_CMSG_TCP_RESTORE_SACK_SERVER"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_TS_CLIENT] = "TFE_CMSG_TCP_RESTORE_TS_CLIENT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_TS_SERVER] = "TFE_CMSG_TCP_RESTORE_TS_SERVER"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_PROTOCOL] = "TFE_CMSG_TCP_RESTORE_PROTOCOL"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT] = "TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_WINDOW_SERVER] = "TFE_CMSG_TCP_RESTORE_WINDOW_SERVER"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR] = "TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_POLICY_ID] = "TFE_CMSG_POLICY_ID"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_STREAM_TRACE_ID] = "TFE_CMSG_STREAM_TRACE_ID"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_INTERCEPT_STATE] = "TFE_CMSG_SSL_INTERCEPT_STATE"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_UPSTREAM_LATENCY] = "TFE_CMSG_SSL_UPSTREAM_LATENCY"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_DOWNSTREAM_LATENCY] = "TFE_CMSG_SSL_DOWNSTREAM_LATENCY"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_UPSTREAM_VERSION] = "TFE_CMSG_SSL_UPSTREAM_VERSION"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_DOWNSTREAM_VERSION] = "TFE_CMSG_SSL_DOWNSTREAM_VERSION"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_PINNING_STATE] = "TFE_CMSG_SSL_PINNING_STATE"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_CERT_VERIFY] = "TFE_CMSG_SSL_CERT_VERIFY"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_ERROR] = "TFE_CMSG_SSL_ERROR"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_MAC] = "TFE_CMSG_SRC_MAC"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_MAC] = "TFE_CMSG_DST_MAC"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_NODELAY] = "TFE_CMSG_DOWNSTREAM_TCP_NODELAY"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_TTL] = "TFE_CMSG_DOWNSTREAM_TCP_TTL"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE] = "TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT] = "TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE] = "TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL] = "TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT] = "TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_NODELAY] = "TFE_CMSG_UPSTREAM_TCP_NODELAY"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_TTL] = "TFE_CMSG_UPSTREAM_TCP_TTL"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_KEEPALIVE] = "TFE_CMSG_UPSTREAM_TCP_KEEPALIVE"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_KEEPCNT] = "TFE_CMSG_UPSTREAM_TCP_KEEPCNT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_KEEPIDLE] = "TFE_CMSG_UPSTREAM_TCP_KEEPIDLE"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_KEEPINTVL] = "TFE_CMSG_UPSTREAM_TCP_KEEPINTVL"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT] = "TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_PASSTHROUGH] = "TFE_CMSG_TCP_PASSTHROUGH"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_SUB_ID] = "TFE_CMSG_SRC_SUB_ID"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_SUB_ID] = "TFE_CMSG_DST_SUB_ID"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_ASN] = "TFE_CMSG_SRC_ASN"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_ASN] = "TFE_CMSG_DST_ASN"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_ORGANIZATION] = "TFE_CMSG_SRC_ORGANIZATION"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_ORGANIZATION] = "TFE_CMSG_DST_ORGANIZATION"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_IP_LOCATION_COUNTRY] = "TFE_CMSG_SRC_IP_LOCATION_COUNTRY"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_IP_LOCATION_COUNTRY] = "TFE_CMSG_DST_IP_LOCATION_COUNTRY"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_IP_LOCATION_PROVINE] = "TFE_CMSG_SRC_IP_LOCATION_PROVINE"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_IP_LOCATION_PROVINE] = "TFE_CMSG_DST_IP_LOCATION_PROVINE"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_IP_LOCATION_CITY] = "TFE_CMSG_SRC_IP_LOCATION_CITY"; + tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_IP_LOCATION_CITY] = "TFE_CMSG_DST_IP_LOCATION_CITY"; +} + diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h index 087f623..2a4e347 100644 --- a/entry/include/kni_entry.h +++ b/entry/include/kni_entry.h @@ -4,9 +4,9 @@ #include "tsg/tsg_rule.h" #include "kni_utils.h" -#include "tsg/tsg_statistic.h" +#include #include "tfe_mgr.h" -#include "tsg/tsg_label.h" +#include #define BURST_MAX 1 #define CALLER_SAPP 0 diff --git a/entry/include/tsg/tsg_label.h b/entry/include/tsg/tsg_label.h deleted file mode 100644 index 3c82412..0000000 --- a/entry/include/tsg/tsg_label.h +++ /dev/null @@ -1,60 +0,0 @@ -#ifndef __TSG_LABEL_H__ -#define __TSG_LABEL_H__ - -#include "tsg_rule.h" -#define MAX_STR_FIELD_LEN 64 - - -struct _asn_info_t -{ - int ref_cnt; - int addr_type; - int table_id; - char start_ip[MAX_STR_FIELD_LEN]; - char end_ip[MAX_STR_FIELD_LEN]; - char asn[MAX_STR_FIELD_LEN]; - char organization[MAX_STR_FIELD_LEN*4]; -}; - -struct _location_info_t -{ - int geoname_id; - int table_id; - int ref_cnt; - int addr_type; - double latitude; - double longitude; - double coords; - char start_ip[MAX_STR_FIELD_LEN]; - char end_ip[MAX_STR_FIELD_LEN]; - char language[MAX_STR_FIELD_LEN]; - char continent_abbr[MAX_STR_FIELD_LEN*4]; - char continent_full[MAX_STR_FIELD_LEN*4]; - char country_abbr[MAX_STR_FIELD_LEN*4]; - char country_full[MAX_STR_FIELD_LEN*4]; - char province_abbr[MAX_STR_FIELD_LEN*4]; - char province_full[MAX_STR_FIELD_LEN*4]; - char city_full[MAX_STR_FIELD_LEN*4]; - char time_zone[MAX_STR_FIELD_LEN*4]; -}; - -struct _subscribe_id_info_t -{ - int ref_cnt; - int table_id; - char subscribe_id[MAX_STR_FIELD_LEN*4]; -}; - -struct _session_attribute_label_t -{ - tsg_protocol_t proto; - long establish_latency_ms; - struct _asn_info_t *client_asn; - struct _asn_info_t *server_asn; - struct _location_info_t *client_location; - struct _location_info_t *server_location; - struct _subscribe_id_info_t *client_subscribe_id; - struct _subscribe_id_info_t *server_subscribe_id; -}; - -#endif diff --git a/entry/include/tsg/tsg_rule.h b/entry/include/tsg/tsg_rule.h deleted file mode 100644 index 1b9192a..0000000 --- a/entry/include/tsg/tsg_rule.h +++ /dev/null @@ -1,83 +0,0 @@ -#ifndef __TSG_RULE_H__ -#define __TSG_RULE_H__ - -#include - -#define TSG_ACTION_NONE 0x00 -#define TSG_ACTION_MONITOR 0x01 -#define TSG_ACTION_INTERCEPT 0x02 -#define TSG_ACTION_DENY 0x10 -#define TSG_ACTION_MANIPULATE 0x30 -#define TSG_ACTION_BYPASS 0x80 -#define TSG_ACTION_MAX 0x80 - -enum TSG_ETHOD_TYPE -{ - TSG_METHOD_TYPE_UNKNOWN=0, - TSG_METHOD_TYPE_DROP, - TSG_METHOD_TYPE_REDIRECTION, - TSG_METHOD_TYPE_BLOCK, - TSG_METHOD_TYPE_RESET, - TSG_METHOD_TYPE_MAX -}; - - -typedef enum _tsg_protocol -{ - PROTO_UNKONWN=0, - PROTO_IPv4=1, - PROTO_IPv6, - PROTO_TCP, - PROTO_UDP, - PROTO_HTTP, - PROTO_MAIL, - PROTO_DNS, - PROTO_FTP, - PROTO_SSL, - PROTO_SIP, - PROTO_BGP, - PROTO_STREAMING_MEDIA, - PROTO_SSH, - PROTO_MAX -}tsg_protocol_t; - - -#define MAX_RESULT_NUM 8 -#define MAX_DOAMIN_LEN 2048 - -struct _identify_info -{ - tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) - int domain_len; - char domain[MAX_DOAMIN_LEN]; -}; - -typedef enum _PULL_RESULT_TYPE -{ - PULL_KNI_RESULT, - PULL_FW_RESULT -}PULL_RESULT_TYPE; - -#define TSG_DOMAIN_MAX 256 - -extern Maat_feather_t g_tsg_maat_feather; - -int tsg_rule_init(const char *conffile, void *logger); - -int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); - -//return 0 if failed, return >0 on success; -int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info); - -//return -1 if failed, return 0 on success; -int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger); - -//return value: -1: failed, 0: not hit, >0: hit count -int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq); - -//return NULL if none exists, otherwise return one deny rule; -struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num); - -int tsg_get_method_id(char *method); - -#endif diff --git a/entry/include/tsg/tsg_send_log.h b/entry/include/tsg/tsg_send_log.h deleted file mode 100644 index 3223f36..0000000 --- a/entry/include/tsg/tsg_send_log.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef __TSG_SEND_LOG_H__ -#define __TSG_SEND_LOG_H__ - -#include - - -typedef struct _tsg_log -{ - int result_num; - Maat_rule_t *result; - struct streaminfo *a_stream; -}tsg_log_t; - -typedef enum _tld_type -{ - TLD_TYPE_UNKNOWN=0, - TLD_TYPE_LONG=1, - TLD_TYPE_STRING, - TLD_TYPE_FILE, - TLD_TYPE_MAX -}TLD_TYPE; - - -struct TLD_handle_t; -struct tsg_log_instance_t; - -extern struct tsg_log_instance_t *g_tsg_log_instance; - -struct TLD_handle_t *TLD_create(int thread_id); -int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE type); -int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream); -int TLD_cancel(struct TLD_handle_t *handle); - -int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id); - -unsigned long long tsg_get_stream_id(struct streaminfo *a_stream); - - -#endif diff --git a/entry/include/tsg/tsg_statistic.h b/entry/include/tsg/tsg_statistic.h deleted file mode 100644 index be746a4..0000000 --- a/entry/include/tsg/tsg_statistic.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef __TSG_STATISTIC_H__ -#define __TSG_STATISTIC_H__ - -enum _STATISTIC_OPT_TYPE -{ - OPT_TYPE_ALERT_BYTES, - OPT_TYPE_BLOCK_BYTES, - OPT_TYPE_PINNING_YES, - OPT_TYPE_PINNING_MAYBE, - OPT_TYPE_PINNING_NOT, - _OPT_TYPE_MAX -}; - -struct _traffic_info -{ - long long con_num; - long long in_bytes; - long long out_bytes; - long long in_packets; - long long out_packets; -}; - -int tsg_set_policy_flow(struct streaminfo *a_stream, Maat_rule_t *p_result, int thread_seq); -int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_info, int thread_seq); -int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq); - -#endif diff --git a/entry/include/tsg_rule.h b/entry/include/tsg_rule.h deleted file mode 100644 index 1b9192a..0000000 --- a/entry/include/tsg_rule.h +++ /dev/null @@ -1,83 +0,0 @@ -#ifndef __TSG_RULE_H__ -#define __TSG_RULE_H__ - -#include - -#define TSG_ACTION_NONE 0x00 -#define TSG_ACTION_MONITOR 0x01 -#define TSG_ACTION_INTERCEPT 0x02 -#define TSG_ACTION_DENY 0x10 -#define TSG_ACTION_MANIPULATE 0x30 -#define TSG_ACTION_BYPASS 0x80 -#define TSG_ACTION_MAX 0x80 - -enum TSG_ETHOD_TYPE -{ - TSG_METHOD_TYPE_UNKNOWN=0, - TSG_METHOD_TYPE_DROP, - TSG_METHOD_TYPE_REDIRECTION, - TSG_METHOD_TYPE_BLOCK, - TSG_METHOD_TYPE_RESET, - TSG_METHOD_TYPE_MAX -}; - - -typedef enum _tsg_protocol -{ - PROTO_UNKONWN=0, - PROTO_IPv4=1, - PROTO_IPv6, - PROTO_TCP, - PROTO_UDP, - PROTO_HTTP, - PROTO_MAIL, - PROTO_DNS, - PROTO_FTP, - PROTO_SSL, - PROTO_SIP, - PROTO_BGP, - PROTO_STREAMING_MEDIA, - PROTO_SSH, - PROTO_MAX -}tsg_protocol_t; - - -#define MAX_RESULT_NUM 8 -#define MAX_DOAMIN_LEN 2048 - -struct _identify_info -{ - tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) - int domain_len; - char domain[MAX_DOAMIN_LEN]; -}; - -typedef enum _PULL_RESULT_TYPE -{ - PULL_KNI_RESULT, - PULL_FW_RESULT -}PULL_RESULT_TYPE; - -#define TSG_DOMAIN_MAX 256 - -extern Maat_feather_t g_tsg_maat_feather; - -int tsg_rule_init(const char *conffile, void *logger); - -int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); - -//return 0 if failed, return >0 on success; -int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info); - -//return -1 if failed, return 0 on success; -int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger); - -//return value: -1: failed, 0: not hit, >0: hit count -int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq); - -//return NULL if none exists, otherwise return one deny rule; -struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num); - -int tsg_get_method_id(char *method); - -#endif diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index ba67d24..fe03dab 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -17,8 +17,8 @@ bypass: drome: pme_new_fail: destroy_pme #include #include #include "tfe_mgr.h" -#include "tsg/tsg_rule.h" -#include "tsg/tsg_send_log.h" +#include +#include #include "ssl_utils.h" #ifdef __cplusplus @@ -29,7 +29,7 @@ extern "C" { } #endif #include "kni_tun.h" -#include "tsg/tsg_statistic.h" +#include #include #include "kni_entry.h" #include "kni_pxy_tcp_option.h" @@ -258,6 +258,11 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch if(ret < 0){ KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d, stream traceid = %s, stream addr = %s", type, pmeinfo->stream_traceid, pmeinfo->stream_addr); } + else + { + KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, pmeinfo->stream_addr); + } + return ret; } @@ -296,7 +301,7 @@ static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pm if(session_attribute_label->server_asn == NULL) { - ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo); + ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo); if(ret < 0) break; ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo); if(ret < 0) break; @@ -486,6 +491,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st if(ret < 0) goto error_out; bufflen = kni_cmsg_serialize_size_get(cmsg); + KNI_LOG_DEBUG(logger, "Successd set cmsg size:%d, stream traceid = %s", bufflen, pmeinfo->stream_traceid); buff = (unsigned char*)ALLOC(char, bufflen); serialize_len = 0; ret = kni_cmsg_serialize(cmsg, buff, bufflen, &serialize_len); @@ -508,9 +514,11 @@ error_out: static char* add_cmsg_to_packet(struct pme_info *pmeinfo, struct streaminfo *stream, struct pkt_info *pktinfo, int *len){ //tcp option: kind 88, len 4, control_info_len + void * logger = g_kni_handle->local_logger; char *new_pkt = (char*)ALLOC(struct wrapped_packet, 1); int offset = 0; //iphdr + KNI_LOG_ERROR(logger, "Kni add cmsg to packet malloc buffer size:%d",sizeof(struct wrapped_packet)); if(pmeinfo->addr_type == ADDR_TYPE_IPV6){ memcpy(new_pkt, (void*)pktinfo->iphdr.v6, pktinfo->iphdr_len); } @@ -539,10 +547,12 @@ static char* add_cmsg_to_packet(struct pme_info *pmeinfo, struct streaminfo *str uint16_t header_len = 0; unsigned char* header = kni_cmsg_serialize_header_new(pmeinfo, stream, pktinfo, &header_len); if(header == NULL){ + KNI_LOG_ERROR(logger, "Kni add cmsg to packet: serialize_header failed"); goto error_out; } memcpy(new_pkt + offset, (void*)header, header_len); offset += header_len; + KNI_LOG_DEBUG(logger, "Kni add cmsg to packet:offset=%d,header_len=%d, tcp_data_len=%d",offset,header_len,pktinfo->data_len); FREE(&header); //ipv6 if(pmeinfo->addr_type == ADDR_TYPE_IPV6){ @@ -2511,7 +2521,7 @@ extern "C" int kni_init(){ MESA_htable_handle sslinfo2bypass_htable = NULL; struct tfe_mgr *_tfe_mgr = NULL; char label_buff[MAX_STRING_LEN*4]={0}; - + tfe_cmsg_enum_to_string(); int ret = MESA_load_profile_string_nodef(profile, section, "log_path", log_path, sizeof(log_path)); if(ret < 0){ printf("MESA_prof_load: log_path not set, profile = %s, section = %s", profile, section);