From 5b38353c613d59457396a9a42f73719156f5dd86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B4=94=E4=B8=80=E9=B8=A3?= Date: Wed, 19 Jun 2019 16:15:11 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=AF=BB=E5=8F=96do=5Flog?= =?UTF-8?q?=E5=AD=97=E6=AE=B5,=20=E4=BF=AE=E6=94=B9fs2=E7=BB=9F=E8=AE=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common/include/kni_utils.h | 40 +++++++------- entry/include/kni_maat.h | 3 +- entry/src/kni_entry.cpp | 108 +++++++++++++++++++++---------------- entry/src/kni_maat.cpp | 6 ++- 4 files changed, 91 insertions(+), 66 deletions(-) diff --git a/common/include/kni_utils.h b/common/include/kni_utils.h index b9d58a1..ca4ece5 100644 --- a/common/include/kni_utils.h +++ b/common/include/kni_utils.h @@ -63,37 +63,41 @@ struct kni_tcpopt_info{ //field_stat #define KNI_FIELD_MAX 64 enum kni_field{ - KNI_FIELD_TOT_PKT = 0, - KNI_FIELD_BYP_PKT, - KNI_FIELD_INTCP_PKT, - KNI_FIELD_IPV6_PKT, - KNI_FIELD_NULL_PKT, - KNI_FIELD_NO_SYN_EXP, - KNI_FIELD_NO_SA_EXP, - KNI_FIELD_UNKNOWN_STATE_EXP, - KNI_FIELD_TOT_STM, - KNI_FIELD_BYP_STM, KNI_FIELD_INTCP_STM, + KNI_FIELD_BYP_STM, + KNI_FIELD_POLICY_BYP, + KNI_FIELD_PME_NEW_FAIL, + KNI_FIELD_NO_TFE, + KNI_FIELD_STATE_UNKNOWN, + KNI_FIELD_STM_ERR, + KNI_FIELD_NO_SYN, + KNI_FIELD_SINGLE_DIR, + KNI_FIELD_PROTO_UNKNOWN, + KNI_FIELD_NO_SA, + KNI_FIELD_ACTION_INVALID, + KNI_FIELD_NO_DATA, + KNI_FIELD_IPV4HDR_PARSE_FAIL, + KNI_FIELD_IPV6HDR_PARSE_FAIL, + KNI_FIELD_KA_ADD_FAIL, + KNI_FIELD_EXCEED_MTU, + KNI_FIELD_SENDTO_TFE_FAIL, + //others + KNI_FIELD_NULL_PKT, + KNI_FIELD_IPV4_STM, + KNI_FIELD_IPV6_STM, KNI_FIELD_SSL_STM, KNI_FIELD_HTTP_STM, KNI_FIELD_SENDLOG_SUCC, KNI_FIELD_SENDLOG_FAIL, - KNI_FIELD_UNKNOWN_STM, - KNI_FIELD_STM_NO_DATA, - KNI_FIELD_PME_NEW, + KNI_FIELD_PME_NEW_SUCC, KNI_FIELD_PME_FREE, KNI_FIELD_ID2PME_ADD_SUCC, KNI_FIELD_ID2PME_ADD_FAIL, KNI_FIELD_ID2PME_DEL_SUCC, KNI_FIELD_ID2PME_DEL_FAIL, - KNI_FIELD_IPV4HDR_PARSE_FAIL, - KNI_FIELD_IPV6HDR_PARSE_FAIL, KNI_FIELD_KEEPALIVE_REPLAY_ADD_SUCC, - KNI_FIELD_KEEPALIVE_REPLAY_ADD_FAIL, KNI_FIELD_KEEPALIVE_REPLAY_DEL_SUCC, KNI_FIELD_KEEPALIVE_REPLAY_DEL_FAIL, - KNI_FIELD_EXCEED_MTU, - KNI_FIELD_SENDTO_TFE_FAIL, //KNI_FIELD_TFE_STATUS_BASE must be last KNI_FIELD_TFE_STATUS_BASE, }; diff --git a/entry/include/kni_maat.h b/entry/include/kni_maat.h index 98be2fc..e9846bb 100644 --- a/entry/include/kni_maat.h +++ b/entry/include/kni_maat.h @@ -27,5 +27,6 @@ enum kni_action{ struct kni_maat_handle* kni_maat_init(const char* profile, void *logger); void kni_maat_destroy(struct kni_maat_handle *handle); -enum kni_action intercept_policy_scan(struct kni_maat_handle* handle, struct ipaddr *addr, char *domain, int domain_len, int thread_seq, int *policy_id, int *is_hit_policy); +enum kni_action intercept_policy_scan(struct kni_maat_handle* handle, struct ipaddr *addr, char *domain, int domain_len, + int thread_seq, int *policy_id, int *do_log, int *is_hit_policy); char* kni_maat_action_trans(enum kni_action action); diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index 7c13630..7195cc1 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -51,6 +51,7 @@ struct http_project{ struct pme_info{ addr_type_t addr_type; int protocol; + int do_log; int policy_id; int maat_hit; enum kni_action action; @@ -250,7 +251,7 @@ error_out: return NULL; } -static int sendlog_to_kafka(struct pme_info *pmeinfo, void *local_logger){ +static int log_generate(struct pme_info *pmeinfo, void *local_logger){ //create cjson cJSON *log_obj = cJSON_CreateObject(); //stream_traceid @@ -355,13 +356,17 @@ static int sendlog_to_kafka(struct pme_info *pmeinfo, void *local_logger){ KNI_LOG_ERROR(local_logger, "Failed at cJSON_Print, stream_treaceid is %s", pmeinfo->stream_traceid); goto error_out; } + //local log KNI_LOG_DEBUG(local_logger, "log_msg is %s\n", log_msg); + //sendto kafka ret = kni_send_logger_sendlog(g_kni_handle->send_logger, log_msg, strlen(log_msg)); if(ret < 0){ + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_FAIL], 0, FS_OP_ADD, 1); KNI_LOG_ERROR(local_logger, "Failed at knisend_logger_sendlog, ret is %d, strem_traceid is %s", ret, pmeinfo->stream_traceid); goto error_out; } + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_SUCC], 0, FS_OP_ADD, 1); cJSON_free(log_msg); return 0; @@ -435,6 +440,7 @@ static void keepalive_replay_htable_del(struct pme_info *pmeinfo){ } static void judge_pme_destroy(struct pme_info *pmeinfo, int caller){ void *logger = g_kni_handle->local_logger; + int ret; if(pmeinfo != NULL){ void *logger = g_kni_handle->local_logger; pthread_mutex_lock(&(pmeinfo->lock)); @@ -450,14 +456,14 @@ static void judge_pme_destroy(struct pme_info *pmeinfo, int caller){ } if(pmeinfo->sapp_release == 1 && pmeinfo->tfe_release == 1){ //sendlog - int ret = sendlog_to_kafka(pmeinfo, logger); - if(ret < 0){ - KNI_LOG_ERROR(logger, "Failed at sendlog to kafka, stream traceid is %s", pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_FAIL], 0, FS_OP_ADD, 1); - } - else{ - KNI_LOG_INFO(logger, "Succeed sendlog to kafka, stream traceid is %s", pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_SUCC], 0, FS_OP_ADD, 1); + if(pmeinfo->do_log == 1){ + ret = log_generate(pmeinfo, logger); + if(ret < 0){ + KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid is %s", pmeinfo->stream_traceid); + } + else{ + KNI_LOG_INFO(logger, "Succeed at log_generate, stream traceid is %s", pmeinfo->stream_traceid); + } } //only intercetp stream need del htable if(pmeinfo->action == KNI_ACTION_INTERCEPT){ @@ -752,7 +758,7 @@ static char pending_opstate(const struct streaminfo *stream, struct pme_info *pm if(!pktinfo.tcphdr->syn){ //pending_opstate not syn, bypass and dropme //KNI_LOG_DEBUG(logger, "pending opstate: not syn, stream traceid is %s", pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NO_SYN_EXP], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NO_SYN], 0, FS_OP_ADD, 1); pmeinfo->error = STREAM_ERROR_PENDING_NO_SYN; return APP_STATE_FAWPKT | APP_STATE_DROPME; } @@ -784,7 +790,7 @@ int keepalive_replay_htable_add(const struct streaminfo *stream, struct pme_info KNI_LOG_ERROR(logger, "MESA_htable: Failed at add, table is keepalive_replay_htable, " "dir is c2s, key is %s, key_size is %d, ret is %d", stream_addr, key_size, ret); } - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_KEEPALIVE_REPLAY_ADD_FAIL], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_KA_ADD_FAIL], 0, FS_OP_ADD, 1); pmeinfo->error = STREAM_ERROR_KA_REPLAY_ADD_FAIL; *sapp_ret = APP_STATE_FAWPKT | APP_STATE_DROPME; return -1; @@ -819,7 +825,7 @@ int keepalive_replay_htable_add(const struct streaminfo *stream, struct pme_info if(ret < 0){ KNI_LOG_ERROR(logger, "MESA_htable: Failed at add, table is keepalive_replay_htable, " "dir is s2c, key is %s, key_size is %d, ret is %d", stream_addr, key_size, ret); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_KEEPALIVE_REPLAY_ADD_FAIL], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_KA_ADD_FAIL], 0, FS_OP_ADD, 1); } else{ //KNI_LOG_DEBUG(logger, "MESA_htable: Succeed at add, table is keepalive_replay_htable, " @@ -868,7 +874,6 @@ static int first_data_intercept(const struct streaminfo *stream, struct pme_info KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid is %s", pmeinfo->tfe_id, pmeinfo->stream_traceid); } FREE(&buff); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_PKT], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1); return APP_STATE_DROPPKT | APP_STATE_GIVEME; } @@ -907,10 +912,8 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid is %s", pmeinfo->tfe_id, pmeinfo->stream_traceid); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1); } - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_PKT], 0, FS_OP_ADD, 1); return APP_STATE_DROPPKT | APP_STATE_GIVEME; case KNI_ACTION_BYPASS: - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1); return APP_STATE_FAWPKT | APP_STATE_GIVEME; default: assert(0); @@ -942,6 +945,7 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein //not double dir, bypass and dropme if(stream->dir != DIR_DOUBLE){ //KNI_LOG_DEBUG(logger, "dir is %d, bypass, stream addr is %s", stream->dir, stream_addr); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SINGLE_DIR], 0, FS_OP_ADD, 1); pmeinfo->error = STREAM_ERROR_SINGLE_DIR; return APP_STATE_FAWPKT | APP_STATE_DROPME; } @@ -954,7 +958,7 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein case KNI_PROTOCOL_UNKNOWN: KNI_LOG_DEBUG(logger, "Failed at protocol_identify, bypass and dropme, stream addr is %s\n", pmeinfo->protocol, stream_addr); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_UNKNOWN_STM], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_PROTO_UNKNOWN], 0, FS_OP_ADD, 1); pmeinfo->error = STREAM_ERROR_PROTOCOL_UNKNOWN; return APP_STATE_FAWPKT | APP_STATE_DROPME; case KNI_PROTOCOL_SSL: @@ -970,7 +974,7 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein } pmeinfo->action = intercept_policy_scan(g_kni_handle->maat_handle, (struct ipaddr*)(&stream->addr), protocol_identify_res.domain, protocol_identify_res.domain_len, - thread_seq, &(pmeinfo->policy_id), &(pmeinfo->maat_hit)); + thread_seq, &(pmeinfo->policy_id), &(pmeinfo->do_log), &(pmeinfo->maat_hit)); //policy scan log char *action_str = kni_maat_action_trans(pmeinfo->action); KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, policy_id = %d, action = %d(%s), maat_hit = %d, stream traceid is %s", @@ -979,13 +983,13 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein if(pmeinfo->client_tcpopt == NULL || pmeinfo->server_tcpopt == NULL){ KNI_LOG_ERROR(logger, "Failed at intercept, %s, %s, stream traceid is %s", pmeinfo->client_tcpopt == NULL ? "no syn" : "have syn", pmeinfo->server_tcpopt == NULL ? "no syn/ack" : "have syn/ack", pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NO_SA_EXP], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NO_SA], 0, FS_OP_ADD, 1); pmeinfo->error = STREAM_ERROR_NO_SYN_ACK; return APP_STATE_FAWPKT | APP_STATE_DROPME; } switch(pmeinfo->action){ case KNI_ACTION_BYPASS: - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_PKT], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_POLICY_BYP], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1); return APP_STATE_FAWPKT | APP_STATE_GIVEME; case KNI_ACTION_INTERCEPT: @@ -994,6 +998,7 @@ static char data_opstate(const struct streaminfo *stream, struct pme_info *pmein //action != intercept && action != bypass,bypass and dropme KNI_LOG_ERROR(logger, "Action %d(%s) is invalid, bypass(dropme): policy_id is %d, stream addr is %s, domain is ", pmeinfo->action, action_str, pmeinfo->policy_id, stream_addr, protocol_identify_res.domain); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_ACTION_INVALID], 0, FS_OP_ADD, 1); pmeinfo->error = STREAM_ERROR_INVALID_ACTION; return APP_STATE_FAWPKT | APP_STATE_DROPME; } @@ -1022,7 +1027,7 @@ static char close_opstate(const struct streaminfo *stream, struct pme_info *pmei default: char *action_str = kni_maat_action_trans(pmeinfo->action); pmeinfo->error = STREAM_ERROR_NO_DATA; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STM_NO_DATA], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NO_DATA], 0, FS_OP_ADD, 1); KNI_LOG_DEBUG(logger, "close_opstate: action %d(%s) is abnormal, stream_traceid is %s", pmeinfo->action, action_str, pmeinfo->stream_traceid); return APP_STATE_FAWPKT | APP_STATE_DROPME; @@ -1035,11 +1040,12 @@ extern "C" char kni_tcpall_entry(const struct streaminfo *stream, void** pme, in void *logger = g_kni_handle->local_logger; int ret; struct pme_info *pmeinfo = *(struct pme_info **)pme; - //TODO: ipv6 if(stream->addr.addrtype == ADDR_TYPE_IPV6){ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_PKT], 0, FS_OP_ADD, 1); - //return APP_STATE_FAWPKT | APP_STATE_DROPME; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1); } + else{ + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1); + } /* a_packet == NULL && not op_state_close, continue close: a_packet may be null, if a_packet = null, do not send to tfe @@ -1054,13 +1060,17 @@ extern "C" char kni_tcpall_entry(const struct streaminfo *stream, void** pme, in *pme = pmeinfo = pme_info_new(stream, thread_seq); if(pmeinfo == NULL){ KNI_LOG_ERROR(logger, "Failed at new pmeinfo, bypass and dropme"); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_PME_NEW_FAIL], 0, FS_OP_ADD, 1); return APP_STATE_FAWPKT | APP_STATE_DROPME; } - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_PME_NEW], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_PME_NEW_SUCC], 0, FS_OP_ADD, 1); pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq); - printf("tfe_id is %d\n", pmeinfo->tfe_id); + //printf("tfe_id is %d\n", pmeinfo->tfe_id); if(pmeinfo->tfe_id < 0){ KNI_LOG_ERROR(logger, "No alive tfe available, bypass and dropme"); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NO_TFE], 0, FS_OP_ADD, 1); pme_info_destroy(pmeinfo); return APP_STATE_FAWPKT | APP_STATE_DROPME; } @@ -1085,7 +1095,7 @@ extern "C" char kni_tcpall_entry(const struct streaminfo *stream, void** pme, in break; default: ret = APP_STATE_FAWPKT | APP_STATE_GIVEME; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_UNKNOWN_STATE_EXP], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1); KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid is %s", stream->pktstate, pmeinfo->stream_traceid); break; } @@ -1099,6 +1109,8 @@ extern "C" char kni_tcpall_entry(const struct streaminfo *stream, void** pme, in error_out: char *stream_errmsg = stream_errmsg_get(pmeinfo->error); KNI_LOG_DEBUG(logger, "stream error is %s, bypass and dropme, stream traceid is %s", stream_errmsg, pmeinfo->stream_traceid); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STM_ERR], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1); if(pmeinfo != NULL){ pme_info_destroy(pmeinfo); } @@ -1662,42 +1674,48 @@ static struct kni_field_stat_handle * fs_init(const char *profile){ FS_set_para(handle, MAX_STAT_FIELD_NUM, &value, sizeof(value)); fs_handle = ALLOC(struct kni_field_stat_handle, 1); fs_handle->handle = handle; - //fs_handle->fields[KNI_FIELD_TOT_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tot_pkt"); - fs_handle->fields[KNI_FIELD_BYP_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_pkt"); - fs_handle->fields[KNI_FIELD_INTCP_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_pkt"); - fs_handle->fields[KNI_FIELD_IPV6_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv6_pkt"); - fs_handle->fields[KNI_FIELD_NULL_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "null_pkt"); - fs_handle->fields[KNI_FIELD_NO_SYN_EXP] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "no_syn_pkt"); - fs_handle->fields[KNI_FIELD_UNKNOWN_STATE_EXP] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "unknown_state"); - fs_handle->fields[KNI_FIELD_NO_SA_EXP] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "no_s/a_pkt"); - //fs_handle->fields[KNI_FIELD_TOT_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tot_stm"); - fs_handle->fields[KNI_FIELD_BYP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_stm"); fs_handle->fields[KNI_FIELD_INTCP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_stm"); + fs_handle->fields[KNI_FIELD_BYP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_stm"); + fs_handle->fields[KNI_FIELD_POLICY_BYP] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "policy_byp"); + fs_handle->fields[KNI_FIELD_PME_NEW_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new_fail"); + fs_handle->fields[KNI_FIELD_NO_TFE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "no_tfe"); + fs_handle->fields[KNI_FIELD_STATE_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "state_unknown"); + fs_handle->fields[KNI_FIELD_STM_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "stm_err"); + //stream error + fs_handle->fields[KNI_FIELD_NO_SYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "no_syn"); + fs_handle->fields[KNI_FIELD_SINGLE_DIR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "single_dir"); + fs_handle->fields[KNI_FIELD_PROTO_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "proto_unknow"); + fs_handle->fields[KNI_FIELD_NO_SA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "no_s/a"); + fs_handle->fields[KNI_FIELD_ACTION_INVALID] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "action_invalid"); + fs_handle->fields[KNI_FIELD_NO_DATA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "no_data"); + fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "v4_parse_fail"); + fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "v6_parse_fail"); + fs_handle->fields[KNI_FIELD_KA_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ka_add_fail"); + fs_handle->fields[KNI_FIELD_EXCEED_MTU] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "exceed_mtu"); + fs_handle->fields[KNI_FIELD_SENDTO_TFE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendtfe_fail"); + //others + fs_handle->fields[KNI_FIELD_NULL_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "null_pkt"); + fs_handle->fields[KNI_FIELD_IPV4_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv4_stm"); + fs_handle->fields[KNI_FIELD_IPV6_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv6_stm"); fs_handle->fields[KNI_FIELD_SSL_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ssl_stm"); fs_handle->fields[KNI_FIELD_HTTP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "http_stm"); fs_handle->fields[KNI_FIELD_SENDLOG_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_succ"); fs_handle->fields[KNI_FIELD_SENDLOG_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_fail"); - fs_handle->fields[KNI_FIELD_UNKNOWN_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "unknown_stm"); - fs_handle->fields[KNI_FIELD_STM_NO_DATA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "stm_no_data"); - fs_handle->fields[KNI_FIELD_PME_NEW] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new"); + fs_handle->fields[KNI_FIELD_PME_NEW_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new"); fs_handle->fields[KNI_FIELD_PME_FREE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_free"); + //htable fs_handle->fields[KNI_FIELD_ID2PME_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_add_succ"); fs_handle->fields[KNI_FIELD_ID2PME_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_add_fail"); fs_handle->fields[KNI_FIELD_ID2PME_DEL_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_del_succ"); fs_handle->fields[KNI_FIELD_ID2PME_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_del_fail"); - fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "v4_parse_fail"); - fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "v6_parse_fail"); - fs_handle->fields[KNI_FIELD_KEEPALIVE_REPLAY_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ka_add_fail"); fs_handle->fields[KNI_FIELD_KEEPALIVE_REPLAY_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ka_add_succ"); fs_handle->fields[KNI_FIELD_KEEPALIVE_REPLAY_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ka_del_fail"); fs_handle->fields[KNI_FIELD_KEEPALIVE_REPLAY_DEL_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ka_del_succ"); - fs_handle->fields[KNI_FIELD_EXCEED_MTU] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "exceed_mtu"); - fs_handle->fields[KNI_FIELD_SENDTO_TFE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendto_tfe_fail"); for(int i = 0; i < g_kni_handle->marsio_handle->tfe_enabled_node_count; i++){ int tfe_id = g_kni_handle->marsio_handle->tfe_enabled_nodes[i].tfe_id; char tfe_status[KNI_SYMBOL_MAX] = ""; snprintf(tfe_status, sizeof(tfe_status), "tfe%d", tfe_id); - fs_handle->fields[KNI_FIELD_TFE_STATUS_BASE + i] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, tfe_status); + fs_handle->fields[KNI_FIELD_TFE_STATUS_BASE + i] = FS_register(handle, FS_STYLE_STATUS, FS_CALC_CURRENT, tfe_status); } fs_handle->handle = handle; FS_start(handle); diff --git a/entry/src/kni_maat.cpp b/entry/src/kni_maat.cpp index 267b115..786cde9 100644 --- a/entry/src/kni_maat.cpp +++ b/entry/src/kni_maat.cpp @@ -197,7 +197,8 @@ static int index_of_enforce_policy(struct Maat_rule_t* result, size_t size) return ret_intercept_idx; } -enum kni_action intercept_policy_scan(struct kni_maat_handle* handle, struct ipaddr *addr, char *domain, int domain_len, int thread_seq, int *policy_id, int *is_hit_policy){ +enum kni_action intercept_policy_scan(struct kni_maat_handle* handle, struct ipaddr *addr, char *domain, int domain_len, + int thread_seq, int *policy_id, int *do_log, int *is_hit_policy){ //return KNI_ACTION_INTERCEPT; Maat_feather_t maat_feather=handle->feather; int table_intercept_ip=handle->tableid_intercept_ip; @@ -225,7 +226,8 @@ enum kni_action intercept_policy_scan(struct kni_maat_handle* handle, struct ipa if(hit_policy_cnt>0) { enforced_policy_idx=index_of_enforce_policy(result, hit_policy_cnt); - *policy_id=result[enforced_policy_idx].config_id; + *policy_id = result[enforced_policy_idx].config_id; + *do_log = result[enforced_policy_idx].do_log; *is_hit_policy=1; unsigned char action = (unsigned char)result[enforced_policy_idx].action; return (enum kni_action)action;