bugfix:修改使用PRINTADDR导致kni coredump问题
This commit is contained in:
fumingwei
@@ -18,9 +18,6 @@
|
|||||||
|
|
||||||
#define TSG_DIAGNOSE_POLICY_CNT 32
|
#define TSG_DIAGNOSE_POLICY_CNT 32
|
||||||
|
|
||||||
#ifndef PRINTADDR
|
|
||||||
#define PRINTADDR(stream_info, log_level) ((log_level)<RLOG_LV_FATAL ? printaddr(&(stream_info->addr), stream_info->threadnum) : "")
|
|
||||||
#endif
|
|
||||||
|
|
||||||
enum intercept_error{
|
enum intercept_error{
|
||||||
INTERCEPT_ERROR_ASYM_ROUTING = -1,
|
INTERCEPT_ERROR_ASYM_ROUTING = -1,
|
||||||
@@ -100,6 +97,7 @@ struct proxy_tcp_option{
|
|||||||
|
|
||||||
struct pme_info{
|
struct pme_info{
|
||||||
addr_type_t addr_type;
|
addr_type_t addr_type;
|
||||||
|
char stream_addr[KNI_ADDR_MAX];
|
||||||
int do_log;
|
int do_log;
|
||||||
int policy_id;
|
int policy_id;
|
||||||
tsg_protocol_t protocol;
|
tsg_protocol_t protocol;
|
||||||
|
|||||||
@@ -156,10 +156,12 @@ static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stre
|
|||||||
pmeinfo->ssl_cert_verify = -1;
|
pmeinfo->ssl_cert_verify = -1;
|
||||||
uint64_t traceid = tsg_get_stream_id((struct streaminfo*)stream);
|
uint64_t traceid = tsg_get_stream_id((struct streaminfo*)stream);
|
||||||
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%" PRIu64 , traceid);
|
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%" PRIu64 , traceid);
|
||||||
|
if(g_kni_handle->log_level < RLOG_LV_FATAL)
|
||||||
|
printaddr_r(&(stream->addr), pmeinfo->stream_addr, KNI_ADDR_MAX);
|
||||||
//init pme_lock
|
//init pme_lock
|
||||||
int ret = pthread_mutex_init(&(pmeinfo->lock), NULL);
|
int ret = pthread_mutex_init(&(pmeinfo->lock), NULL);
|
||||||
if(ret < 0){
|
if(ret < 0){
|
||||||
KNI_LOG_ERROR(logger, "Failed at init pthread mutex, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_ERROR(logger, "Failed at init pthread mutex, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
abort();
|
abort();
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@@ -254,10 +256,10 @@ static void stream_destroy(struct pme_info *pmeinfo){
|
|||||||
if(pmeinfo->action == KNI_ACTION_INTERCEPT){
|
if(pmeinfo->action == KNI_ACTION_INTERCEPT){
|
||||||
int ret = log_generate(pmeinfo);
|
int ret = log_generate(pmeinfo);
|
||||||
if(ret < 0){
|
if(ret < 0){
|
||||||
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//free pme
|
//free pme
|
||||||
@@ -290,11 +292,11 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch
|
|||||||
void *logger = g_kni_handle->local_logger;
|
void *logger = g_kni_handle->local_logger;
|
||||||
int ret = kni_cmsg_set(cmsg, type, value, size);
|
int ret = kni_cmsg_set(cmsg, type, value, size);
|
||||||
if(ret < 0){
|
if(ret < 0){
|
||||||
KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type, tfe_cmsg_tlv_type_to_string[type],pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type, tfe_cmsg_tlv_type_to_string[type],pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@@ -597,7 +599,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
|||||||
ret = kni_cmsg_serialize(cmsg, buff, bufflen, &serialize_len);
|
ret = kni_cmsg_serialize(cmsg, buff, bufflen, &serialize_len);
|
||||||
if(ret < 0){
|
if(ret < 0){
|
||||||
KNI_LOG_ERROR(logger, "Failed at serialize cmsg, ret = %d, stream traceid = %s, stream addr = %s",
|
KNI_LOG_ERROR(logger, "Failed at serialize cmsg, ret = %d, stream traceid = %s, stream addr = %s",
|
||||||
ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
*len = serialize_len;
|
*len = serialize_len;
|
||||||
@@ -1079,23 +1081,23 @@ static int tsg_diagnose_judge_streamshunt(int maat_rule_config_id,struct pme_inf
|
|||||||
void *logger = g_kni_handle->local_logger;
|
void *logger = g_kni_handle->local_logger;
|
||||||
|
|
||||||
if(g_kni_handle->tsg_diagnose_enable == 0){
|
if(g_kni_handle->tsg_diagnose_enable == 0){
|
||||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: enabled is 0, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Tsg diagnose: enabled is 0, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num == 0){
|
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num == 0){
|
||||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: no security policy from profile to shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Tsg diagnose: no security policy from profile to shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
for(i = 0; i < g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num; i ++){
|
for(i = 0; i < g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num; i ++){
|
||||||
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == 0){
|
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == 0){
|
||||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy 0 is not allowd shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy 0 is not allowd shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == maat_rule_config_id){
|
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == maat_rule_config_id){
|
||||||
ret = 1;
|
ret = 1;
|
||||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy id %d shunt, stream traceid = %s, stream addr = %s", maat_rule_config_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy id %d shunt, stream traceid = %s, stream addr = %s", maat_rule_config_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1118,14 +1120,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len);
|
ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len);
|
||||||
if(ret == 0){
|
if(ret == 0){
|
||||||
if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){
|
if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN;
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR;
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1134,14 +1136,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
ret=MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len);
|
ret=MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len);
|
||||||
if(ret == 0){
|
if(ret == 0){
|
||||||
if(stream_tunnel_type != STREAM_TUNNLE_NON){
|
if(stream_tunnel_type != STREAM_TUNNLE_NON){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_STREAM_TUNNLE_TYPE;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_STREAM_TUNNLE_TYPE;
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR;
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1149,7 +1151,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
|
|
||||||
//intercept_error: not double dir
|
//intercept_error: not double dir
|
||||||
if(stream->dir != DIR_DOUBLE){
|
if(stream->dir != DIR_DOUBLE){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_ASYM_ROUTING], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_ASYM_ROUTING], 0, FS_OP_ADD, 1);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_ASYM_ROUTING;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_ASYM_ROUTING;
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1157,7 +1159,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
//intercept_error: no syn
|
//intercept_error: no syn
|
||||||
if(pmeinfo->has_syn == 0){
|
if(pmeinfo->has_syn == 0){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: no syn, stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Intercept error: no syn, stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN], 0, FS_OP_ADD, 1);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN;
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1165,7 +1167,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
//intercept_error: no syn/ack
|
//intercept_error: no syn/ack
|
||||||
if(pmeinfo->has_syn_ack == 0){
|
if(pmeinfo->has_syn_ack == 0){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: no syn/ack, stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Intercept error: no syn/ack, stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN_ACK], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN_ACK], 0, FS_OP_ADD, 1);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN_ACK;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN_ACK;
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1173,7 +1175,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
if(pktinfo->parse_failed == 1){
|
if(pktinfo->parse_failed == 1){
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_INVALID_IP_HDR;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_INVALID_IP_HDR;
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: invalid ip header, stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Intercept error: invalid ip header, stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
@@ -1181,7 +1183,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
|
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_EXCEED_MTU;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_EXCEED_MTU;
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: first data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Intercept error: first data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_EXCEED_MTU], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_EXCEED_MTU], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
@@ -1192,7 +1194,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
else
|
else
|
||||||
pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq]));
|
pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq]));
|
||||||
if(pmeinfo->tfe_id < 0){
|
if(pmeinfo->tfe_id < 0){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_TFE;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_TFE;
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_TFE], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_TFE], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1207,7 +1209,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
if(pmeinfo->has_dup_traffic == 1){
|
if(pmeinfo->has_dup_traffic == 1){
|
||||||
if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
|
if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
|
||||||
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Intercept error: stream has dup traffic, dup_traffic_action = bypass, "
|
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Intercept error: stream has dup traffic, dup_traffic_action = bypass, "
|
||||||
"stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
"stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_TRAFFIC;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_TRAFFIC;
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1218,14 +1220,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
// get HAVE_DUP_PKT field
|
// get HAVE_DUP_PKT field
|
||||||
ret=MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&has_dup_traffic, &have_dup_pkt_len);
|
ret=MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&has_dup_traffic, &have_dup_pkt_len);
|
||||||
if(ret != 0){
|
if(ret != 0){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR;
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
if(has_dup_traffic == -2){
|
if(has_dup_traffic == -2){
|
||||||
KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_PKT_NOT_SURE_ERR;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_PKT_NOT_SURE_ERR;
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_PKT_NOT_SURE_ERR], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_PKT_NOT_SURE_ERR], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1291,7 +1293,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len);
|
buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len);
|
||||||
if(buff == NULL){
|
if(buff == NULL){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: failed at add cmsg to packet, stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Intercept error: failed at add cmsg to packet, stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_CMSG_ADD_FAIL;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_CMSG_ADD_FAIL;
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
@@ -1301,7 +1303,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
if(ret < 0){
|
if(ret < 0){
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1);
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: tuple2stm add fail, stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Intercept error: tuple2stm add fail, stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_TUPLE2STM_ADD_FAIL;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_TUPLE2STM_ADD_FAIL;
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
@@ -1311,7 +1313,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
|
ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
|
||||||
if(ret < 0){
|
if(ret < 0){
|
||||||
KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
|
||||||
pmeinfo->intcp_error = INTERCEPT_ERROR_SENDTO_TFE_FAIL;
|
pmeinfo->intcp_error = INTERCEPT_ERROR_SENDTO_TFE_FAIL;
|
||||||
tuple2stream_htable_del(stream, thread_seq);
|
tuple2stream_htable_del(stream, thread_seq);
|
||||||
@@ -1320,7 +1322,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
}
|
}
|
||||||
//fs stat
|
//fs stat
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1);
|
||||||
@@ -1438,7 +1440,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
|
|||||||
}
|
}
|
||||||
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
|
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
|
||||||
KNI_LOG_DEBUG(logger, "Next data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
|
KNI_LOG_DEBUG(logger, "Next data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
|
return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
|
||||||
}
|
}
|
||||||
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
|
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
|
||||||
@@ -1451,7 +1453,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
|
|||||||
ret = send_to_tfe((char*)a_packet, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
|
ret = send_to_tfe((char*)a_packet, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
|
||||||
if(ret < 0){
|
if(ret < 0){
|
||||||
KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s, stream addr = %s",
|
KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s, stream addr = %s",
|
||||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
|
||||||
}
|
}
|
||||||
//else{
|
//else{
|
||||||
@@ -1472,7 +1474,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
|||||||
pmeinfo->action = KNI_ACTION_NONE;
|
pmeinfo->action = KNI_ACTION_NONE;
|
||||||
maat_hit = 0;
|
maat_hit = 0;
|
||||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s",
|
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s",
|
||||||
PRINTADDR(pmeinfo->stream,g_kni_handle->log_level), (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
|
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
pmeinfo->maat_result_num = 1;
|
pmeinfo->maat_result_num = 1;
|
||||||
@@ -1488,7 +1490,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
|||||||
maat_hit = 1;
|
maat_hit = 1;
|
||||||
char *action_str = kni_maat_action_trans(pmeinfo->action);
|
char *action_str = kni_maat_action_trans(pmeinfo->action);
|
||||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
|
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
|
||||||
PRINTADDR(pmeinfo->stream,g_kni_handle->log_level), (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
|
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
|
||||||
}
|
}
|
||||||
switch(pmeinfo->action){
|
switch(pmeinfo->action){
|
||||||
case KNI_ACTION_INTERCEPT:
|
case KNI_ACTION_INTERCEPT:
|
||||||
@@ -1683,7 +1685,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
|||||||
ret = APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
ret = APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1);
|
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1);
|
||||||
KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid = %s, stream addr = %s",
|
KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid = %s, stream addr = %s",
|
||||||
stream->pktstate, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
stream->pktstate, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
//sapp release: bypass or intercept
|
//sapp release: bypass or intercept
|
||||||
@@ -1870,13 +1872,13 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg,
|
|||||||
if(ret < 0){
|
if(ret < 0){
|
||||||
if(ret == KNI_CMSG_INVALID_TYPE){
|
if(ret == KNI_CMSG_INVALID_TYPE){
|
||||||
KNI_LOG_ERROR(logger, "Failed at kni_cmsg_get: type = %d, ret = %d, stream traceid = %s, stream addr = %s",
|
KNI_LOG_ERROR(logger, "Failed at kni_cmsg_get: type = %d, ret = %d, stream traceid = %s, stream addr = %s",
|
||||||
type, ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
type, ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if(value_size > value_size_max){
|
if(value_size > value_size_max){
|
||||||
KNI_LOG_ERROR(logger, "kni_cmsg_get: type = %d, size = %d, which should <= %d, stream traceid = %s, stream addr = %s",
|
KNI_LOG_ERROR(logger, "kni_cmsg_get: type = %d, size = %d, which should <= %d, stream traceid = %s, stream addr = %s",
|
||||||
type, value_size, value_size_max, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
type, value_size, value_size_max, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
switch(type)
|
switch(type)
|
||||||
@@ -1929,7 +1931,7 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size
|
|||||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_CERT_VERIFY, sizeof(pmeinfo->ssl_cert_verify), logger);
|
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_CERT_VERIFY, sizeof(pmeinfo->ssl_cert_verify), logger);
|
||||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger);
|
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger);
|
||||||
KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d ,pinning state = %d",
|
KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d ,pinning state = %d",
|
||||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level),pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst);
|
pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst);
|
||||||
|
|
||||||
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
|
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
|
||||||
ssl_dynamic_bypass_htable_add(pmeinfo);
|
ssl_dynamic_bypass_htable_add(pmeinfo);
|
||||||
|
|||||||
Reference in New Issue
Block a user