diff --git a/entry/include/tfe_mgr.h b/entry/include/tfe_mgr.h index d9ab994..e90756f 100644 --- a/entry/include/tfe_mgr.h +++ b/entry/include/tfe_mgr.h @@ -5,4 +5,5 @@ struct tfe_mgr; struct tfe_mgr* tfe_mgr_init(int tfe_node_count, const char* profile, enum kni_deploy_mode depoly_mode, void *logger); void tfe_mgr_destroy(struct tfe_mgr* mgr); -int tfe_mgr_alive_node_get(struct tfe_mgr *mgr, int thread_seq); \ No newline at end of file +int tfe_mgr_alive_node_get(struct tfe_mgr *mgr, int thread_seq); +int tfe_mgr_alive_node_RR_get(struct tfe_mgr *mgr,int *last_tfe_id_index); \ No newline at end of file diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index 4a32636..4def400 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -33,6 +33,9 @@ extern "C" { struct kni_handle *g_kni_handle = NULL; struct kni_field_stat_handle *g_kni_fs_handle = NULL; +int *arr_last_tfe_dispatch_index = NULL; + + #define BURST_MAX 1 #define CALLER_SAPP 0 @@ -189,6 +192,8 @@ struct kni_handle{ enum kni_deploy_mode deploy_mode; char src_mac_addr[6]; char dst_mac_addr[6]; + int *arr_last_tfe_dispatch_index; + int secpolicyid_evenflow_self_check; }; struct traceid2pme_search_cb_args{ @@ -914,7 +919,10 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei char *buff = NULL; int ret, len; //intercept_error: no tfe - pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq); + if( g_kni_handle->secpolicyid_evenflow_self_check == -1 || pmeinfo->maat_result.config_id != g_kni_handle->secpolicyid_evenflow_self_check) // even flow for self test + pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq); + else + pmeinfo->tfe_id = tfe_mgr_alive_node_RR_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq])); if(pmeinfo->tfe_id < 0){ KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); pmeinfo->intcp_error = INTERCEPT_ERROR_NO_TFE; @@ -2154,6 +2162,14 @@ extern "C" int kni_init(){ goto error_out; } + //init array last_tfe_dispatch_index and read security policy id for self test even flow + g_kni_handle->arr_last_tfe_dispatch_index = ALLOC(int,g_kni_handle->thread_count); + g_kni_handle->secpolicyid_evenflow_self_check = -1; + ret = MESA_load_profile_int_nodef(profile, "self_test", "sec_policy_id", &g_kni_handle->secpolicyid_evenflow_self_check); + if(ret < 0){ + KNI_LOG_ERROR(local_logger, "Fail get sec_policy_id for self_test, Now sec_policy_id = -1"); + } + //init tfe_mgr _tfe_mgr = tfe_mgr_init(tfe_node_count, profile, g_kni_handle->deploy_mode, local_logger); if(_tfe_mgr == NULL){ @@ -2175,6 +2191,8 @@ extern "C" int kni_init(){ return 0; error_out: + if(g_kni_handle->arr_last_tfe_dispatch_index) + FREE(&(g_kni_handle->arr_last_tfe_dispatch_index)); kni_destroy(g_kni_handle); exit(0); } diff --git a/entry/src/tfe_mgr.cpp b/entry/src/tfe_mgr.cpp index 2fa46bb..2e8f85f 100644 --- a/entry/src/tfe_mgr.cpp +++ b/entry/src/tfe_mgr.cpp @@ -407,3 +407,21 @@ int tfe_mgr_alive_node_get(struct tfe_mgr *mgr, int thread_seq){ return tfe_id; } +int tfe_mgr_alive_node_RR_get(struct tfe_mgr *mgr,int *last_tfe_id_index){ + int tfe_id = -1; + if(mgr->watch_dog_switch == 0){ + if(mgr->tfe_enabled_node_count > 0){ + int i = (*last_tfe_id_index + 1) % mgr->tfe_enabled_node_count; + *last_tfe_id_index = i; + tfe_id = mgr->tfe_enabled_nodes[i].tfe_id; + } + return tfe_id; + } + pthread_rwlock_rdlock(&(mgr->rwlock)); + if(mgr->tfe_alive_node_count > 0){ + int i = (*last_tfe_id_index + 1) % mgr->tfe_alive_node_count; + *last_tfe_id_index = i; + tfe_id = mgr->tfe_alive_nodes[i]; + } +} +