gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix:修改使用PRINTADDR导致kni coredump问题

Browse Source
This commit is contained in:
fumingwei
2021-07-23 18:19:19 +08:00
parent 8cff5b288a
commit 7431a6837f
2 changed files with 38 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
entry/include/kni_entry.h
View File

@@ -18,9 +18,6 @@
#define TSG_DIAGNOSE_POLICY_CNT 32
#ifndef PRINTADDR
#define PRINTADDR(stream_info, log_level) ((log_level)<RLOG_LV_FATAL ? printaddr(&(stream_info->addr), stream_info->threadnum) : "")
#endif
enum intercept_error{
INTERCEPT_ERROR_ASYM_ROUTING = -1,
@@ -100,6 +97,7 @@ struct proxy_tcp_option{
struct pme_info{
addr_type_t addr_type;
char stream_addr[KNI_ADDR_MAX];
int do_log;
int policy_id;
tsg_protocol_t protocol;

72
entry/src/kni_entry.cpp
View File

@@ -156,10 +156,12 @@ static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stre
pmeinfo->ssl_cert_verify = -1;
uint64_t traceid = tsg_get_stream_id((struct streaminfo*)stream);
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%" PRIu64 , traceid);
if(g_kni_handle->log_level < RLOG_LV_FATAL)
printaddr_r(&(stream->addr), pmeinfo->stream_addr, KNI_ADDR_MAX);
//init pme_lock
int ret = pthread_mutex_init(&(pmeinfo->lock), NULL);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at init pthread mutex, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_ERROR(logger, "Failed at init pthread mutex, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
abort();
}
return 0;
@@ -254,10 +256,10 @@ static void stream_destroy(struct pme_info *pmeinfo){
if(pmeinfo->action == KNI_ACTION_INTERCEPT){
int ret = log_generate(pmeinfo);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
else{
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
}
//free pme
@@ -290,11 +292,11 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch
void *logger = g_kni_handle->local_logger;
int ret = kni_cmsg_set(cmsg, type, value, size);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type, tfe_cmsg_tlv_type_to_string[type],pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type, tfe_cmsg_tlv_type_to_string[type],pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
else
{
KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
return ret;
@@ -597,7 +599,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
ret = kni_cmsg_serialize(cmsg, buff, bufflen, &serialize_len);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at serialize cmsg, ret = %d, stream traceid = %s, stream addr = %s",
ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
goto error_out;
}
*len = serialize_len;
@@ -1079,23 +1081,23 @@ static int tsg_diagnose_judge_streamshunt(int maat_rule_config_id,struct pme_inf
void *logger = g_kni_handle->local_logger;
if(g_kni_handle->tsg_diagnose_enable == 0){
KNI_LOG_DEBUG(logger, "Tsg diagnose: enabled is 0, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Tsg diagnose: enabled is 0, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
return 0;
}
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num == 0){
KNI_LOG_DEBUG(logger, "Tsg diagnose: no security policy from profile to shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Tsg diagnose: no security policy from profile to shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
return 0;
}
for(i = 0; i < g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num; i ++){
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == 0){
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy 0 is not allowd shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy 0 is not allowd shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
continue;
}
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == maat_rule_config_id){
ret = 1;
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy id %d shunt, stream traceid = %s, stream addr = %s", maat_rule_config_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy id %d shunt, stream traceid = %s, stream addr = %s", maat_rule_config_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
break;
}
}
@@ -1118,14 +1120,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len);
if(ret == 0){
if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){
KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN], 0, FS_OP_ADD, 1);
goto error_out;
}
}
else{
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR], 0, FS_OP_ADD, 1);
goto error_out;
@@ -1134,14 +1136,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
ret=MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len);
if(ret == 0){
if(stream_tunnel_type != STREAM_TUNNLE_NON){
KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_STREAM_TUNNLE_TYPE;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE], 0, FS_OP_ADD, 1);
goto error_out;
}
}
else{
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR], 0, FS_OP_ADD, 1);
goto error_out;
@@ -1149,7 +1151,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
//intercept_error: not double dir
if(stream->dir != DIR_DOUBLE){
KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_ASYM_ROUTING], 0, FS_OP_ADD, 1);
pmeinfo->intcp_error = INTERCEPT_ERROR_ASYM_ROUTING;
goto error_out;
@@ -1157,7 +1159,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
//intercept_error: no syn
if(pmeinfo->has_syn == 0){
KNI_LOG_DEBUG(logger, "Intercept error: no syn, stream traceid = %s, stream addr = %s",
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->stream_traceid, pmeinfo->stream_addr);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN], 0, FS_OP_ADD, 1);
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN;
goto error_out;
@@ -1165,7 +1167,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
//intercept_error: no syn/ack
if(pmeinfo->has_syn_ack == 0){
KNI_LOG_DEBUG(logger, "Intercept error: no syn/ack, stream traceid = %s, stream addr = %s",
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->stream_traceid, pmeinfo->stream_addr);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN_ACK], 0, FS_OP_ADD, 1);
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN_ACK;
goto error_out;
@@ -1173,7 +1175,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
if(pktinfo->parse_failed == 1){
pmeinfo->intcp_error = INTERCEPT_ERROR_INVALID_IP_HDR;
KNI_LOG_DEBUG(logger, "Intercept error: invalid ip header, stream traceid = %s, stream addr = %s",
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->stream_traceid, pmeinfo->stream_addr);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
goto error_out;
}
@@ -1181,7 +1183,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
pmeinfo->intcp_error = INTERCEPT_ERROR_EXCEED_MTU;
KNI_LOG_DEBUG(logger, "Intercept error: first data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->stream_traceid, pmeinfo->stream_addr);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_EXCEED_MTU], 0, FS_OP_ADD, 1);
goto error_out;
}
@@ -1192,7 +1194,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
else
pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq]));
if(pmeinfo->tfe_id < 0){
KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_TFE;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_TFE], 0, FS_OP_ADD, 1);
goto error_out;
@@ -1207,7 +1209,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
if(pmeinfo->has_dup_traffic == 1){
if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Intercept error: stream has dup traffic, dup_traffic_action = bypass, "
"stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
"stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1);
pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_TRAFFIC;
goto error_out;
@@ -1218,14 +1220,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
// get HAVE_DUP_PKT field
ret=MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&has_dup_traffic, &have_dup_pkt_len);
if(ret != 0){
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, FS_OP_ADD, 1);
goto error_out;
}
else{
if(has_dup_traffic == -2){
KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_PKT_NOT_SURE_ERR;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_PKT_NOT_SURE_ERR], 0, FS_OP_ADD, 1);
goto error_out;
@@ -1291,7 +1293,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len);
if(buff == NULL){
KNI_LOG_DEBUG(logger, "Intercept error: failed at add cmsg to packet, stream traceid = %s, stream addr = %s",
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_CMSG_ADD_FAIL;
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1);
goto error_out;
@@ -1301,7 +1303,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
if(ret < 0){
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1);
KNI_LOG_DEBUG(logger, "Intercept error: tuple2stm add fail, stream traceid = %s, stream addr = %s",
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->stream_traceid, pmeinfo->stream_addr);
pmeinfo->intcp_error = INTERCEPT_ERROR_TUPLE2STM_ADD_FAIL;
goto error_out;
}
@@ -1311,7 +1313,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
if(ret < 0){
KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
pmeinfo->intcp_error = INTERCEPT_ERROR_SENDTO_TFE_FAIL;
tuple2stream_htable_del(stream, thread_seq);
@@ -1320,7 +1322,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
}
else{
KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
//fs stat
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1);
@@ -1438,7 +1440,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
}
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
KNI_LOG_DEBUG(logger, "Next data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->stream_traceid, pmeinfo->stream_addr);
return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
}
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
@@ -1451,7 +1453,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
ret = send_to_tfe((char*)a_packet, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s, stream addr = %s",
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
}
//else{
@@ -1472,7 +1474,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
pmeinfo->action = KNI_ACTION_NONE;
maat_hit = 0;
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s",
PRINTADDR(pmeinfo->stream,g_kni_handle->log_level), (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
}
else{
pmeinfo->maat_result_num = 1;
@@ -1488,7 +1490,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
maat_hit = 1;
char *action_str = kni_maat_action_trans(pmeinfo->action);
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
PRINTADDR(pmeinfo->stream,g_kni_handle->log_level), (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
}
switch(pmeinfo->action){
case KNI_ACTION_INTERCEPT:
@@ -1683,7 +1685,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
ret = APP_STATE_FAWPKT | APP_STATE_GIVEME;
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1);
KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid = %s, stream addr = %s",
stream->pktstate, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
stream->pktstate, pmeinfo->stream_traceid, pmeinfo->stream_addr);
break;
}
//sapp release: bypass or intercept
@@ -1870,13 +1872,13 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg,
if(ret < 0){
if(ret == KNI_CMSG_INVALID_TYPE){
KNI_LOG_ERROR(logger, "Failed at kni_cmsg_get: type = %d, ret = %d, stream traceid = %s, stream addr = %s",
type, ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
type, ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
}
return -1;
}
if(value_size > value_size_max){
KNI_LOG_ERROR(logger, "kni_cmsg_get: type = %d, size = %d, which should <= %d, stream traceid = %s, stream addr = %s",
type, value_size, value_size_max, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
type, value_size, value_size_max, pmeinfo->stream_traceid, pmeinfo->stream_addr);
return -1;
}
switch(type)
@@ -1929,7 +1931,7 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_CERT_VERIFY, sizeof(pmeinfo->ssl_cert_verify), logger);
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger);
KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d ,pinning state = %d",
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level),pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst);
pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst);
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
ssl_dynamic_bypass_htable_add(pmeinfo);