From 8cff5b288a5e207ae094caa4ffc715106bca6513 Mon Sep 17 00:00:00 2001 From: fumingwei Date: Tue, 20 Jul 2021 18:04:02 +0800 Subject: [PATCH] =?UTF-8?q?bugfix:=E5=88=A0=E9=99=A4stream=5Faddr,?= =?UTF-8?q?=E4=BD=BF=E7=94=A8PRINTADDR=E8=BE=93=E5=87=BAlog=E4=B8=AD?= =?UTF-8?q?=E7=9A=84=E5=9C=B0=E5=9D=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- entry/include/kni_entry.h | 6 +++- entry/src/kni_entry.cpp | 76 ++++++++++++++++++--------------------- 2 files changed, 40 insertions(+), 42 deletions(-) diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h index 0a45095..32e547a 100644 --- a/entry/include/kni_entry.h +++ b/entry/include/kni_entry.h @@ -18,6 +18,10 @@ #define TSG_DIAGNOSE_POLICY_CNT 32 +#ifndef PRINTADDR +#define PRINTADDR(stream_info, log_level) ((log_level)addr), stream_info->threadnum) : "") +#endif + enum intercept_error{ INTERCEPT_ERROR_ASYM_ROUTING = -1, INTERCEPT_ERROR_NO_SYN = -2, @@ -96,7 +100,6 @@ struct proxy_tcp_option{ struct pme_info{ addr_type_t addr_type; - char stream_addr[KNI_ADDR_MAX]; int do_log; int policy_id; tsg_protocol_t protocol; @@ -230,6 +233,7 @@ struct kni_handle{ int maat_table_id[TABLE_MAX]; struct proxy_tcp_option pxy_tcp_option; int session_attribute_id; + int log_level; }; struct traceid2pme_search_cb_args{ diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index c063513..4a3150f 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -156,16 +156,10 @@ static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stre pmeinfo->ssl_cert_verify = -1; uint64_t traceid = tsg_get_stream_id((struct streaminfo*)stream); snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%" PRIu64 , traceid); - if(pmeinfo->addr_type == ADDR_TYPE_IPV6){ - kni_addr_trans_v6(stream->addr.tuple4_v6, pmeinfo->stream_addr, sizeof(pmeinfo->stream_addr)); - } - else{ - kni_addr_trans_v4(stream->addr.tuple4_v4, pmeinfo->stream_addr, sizeof(pmeinfo->stream_addr)); - } //init pme_lock int ret = pthread_mutex_init(&(pmeinfo->lock), NULL); if(ret < 0){ - KNI_LOG_ERROR(logger, "Failed at init pthread mutex, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_ERROR(logger, "Failed at init pthread mutex, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); abort(); } return 0; @@ -260,10 +254,10 @@ static void stream_destroy(struct pme_info *pmeinfo){ if(pmeinfo->action == KNI_ACTION_INTERCEPT){ int ret = log_generate(pmeinfo); if(ret < 0){ - KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); } else{ - KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); } } //free pme @@ -296,11 +290,11 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch void *logger = g_kni_handle->local_logger; int ret = kni_cmsg_set(cmsg, type, value, size); if(ret < 0){ - KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type, tfe_cmsg_tlv_type_to_string[type],pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type, tfe_cmsg_tlv_type_to_string[type],pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); } else { - KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); } return ret; @@ -603,7 +597,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st ret = kni_cmsg_serialize(cmsg, buff, bufflen, &serialize_len); if(ret < 0){ KNI_LOG_ERROR(logger, "Failed at serialize cmsg, ret = %d, stream traceid = %s, stream addr = %s", - ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); + ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); goto error_out; } *len = serialize_len; @@ -1085,23 +1079,23 @@ static int tsg_diagnose_judge_streamshunt(int maat_rule_config_id,struct pme_inf void *logger = g_kni_handle->local_logger; if(g_kni_handle->tsg_diagnose_enable == 0){ - KNI_LOG_DEBUG(logger, "Tsg diagnose: enabled is 0, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Tsg diagnose: enabled is 0, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); return 0; } if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num == 0){ - KNI_LOG_DEBUG(logger, "Tsg diagnose: no security policy from profile to shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Tsg diagnose: no security policy from profile to shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); return 0; } for(i = 0; i < g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num; i ++){ if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == 0){ - KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy 0 is not allowd shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy 0 is not allowd shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); continue; } if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == maat_rule_config_id){ ret = 1; - KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy id %d shunt, stream traceid = %s, stream addr = %s", maat_rule_config_id, pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy id %d shunt, stream traceid = %s, stream addr = %s", maat_rule_config_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); break; } } @@ -1124,14 +1118,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len); if(ret == 0){ if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){ - KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN; FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN], 0, FS_OP_ADD, 1); goto error_out; } } else{ - KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR; FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR], 0, FS_OP_ADD, 1); goto error_out; @@ -1140,14 +1134,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei ret=MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len); if(ret == 0){ if(stream_tunnel_type != STREAM_TUNNLE_NON){ - KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_STREAM_TUNNLE_TYPE; FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE], 0, FS_OP_ADD, 1); goto error_out; } } else{ - KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR; FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR], 0, FS_OP_ADD, 1); goto error_out; @@ -1155,7 +1149,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei //intercept_error: not double dir if(stream->dir != DIR_DOUBLE){ - KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_ASYM_ROUTING], 0, FS_OP_ADD, 1); pmeinfo->intcp_error = INTERCEPT_ERROR_ASYM_ROUTING; goto error_out; @@ -1163,7 +1157,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei //intercept_error: no syn if(pmeinfo->has_syn == 0){ KNI_LOG_DEBUG(logger, "Intercept error: no syn, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN], 0, FS_OP_ADD, 1); pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN; goto error_out; @@ -1171,7 +1165,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei //intercept_error: no syn/ack if(pmeinfo->has_syn_ack == 0){ KNI_LOG_DEBUG(logger, "Intercept error: no syn/ack, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN_ACK], 0, FS_OP_ADD, 1); pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN_ACK; goto error_out; @@ -1179,7 +1173,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei if(pktinfo->parse_failed == 1){ pmeinfo->intcp_error = INTERCEPT_ERROR_INVALID_IP_HDR; KNI_LOG_DEBUG(logger, "Intercept error: invalid ip header, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1); goto error_out; } @@ -1187,7 +1181,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){ pmeinfo->intcp_error = INTERCEPT_ERROR_EXCEED_MTU; KNI_LOG_DEBUG(logger, "Intercept error: first data packet exceed MTU(1500), stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_EXCEED_MTU], 0, FS_OP_ADD, 1); goto error_out; } @@ -1198,7 +1192,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei else pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq])); if(pmeinfo->tfe_id < 0){ - KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_NO_TFE; FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_TFE], 0, FS_OP_ADD, 1); goto error_out; @@ -1213,7 +1207,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei if(pmeinfo->has_dup_traffic == 1){ if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){ KNI_LOG_DEBUG(g_kni_handle->local_logger, "Intercept error: stream has dup traffic, dup_traffic_action = bypass, " - "stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); + "stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1); pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_TRAFFIC; goto error_out; @@ -1224,14 +1218,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei // get HAVE_DUP_PKT field ret=MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&has_dup_traffic, &have_dup_pkt_len); if(ret != 0){ - KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR; FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, FS_OP_ADD, 1); goto error_out; } else{ if(has_dup_traffic == -2){ - KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_PKT_NOT_SURE_ERR; FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_PKT_NOT_SURE_ERR], 0, FS_OP_ADD, 1); goto error_out; @@ -1297,7 +1291,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len); if(buff == NULL){ KNI_LOG_DEBUG(logger, "Intercept error: failed at add cmsg to packet, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_CMSG_ADD_FAIL; FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1); goto error_out; @@ -1307,7 +1301,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei if(ret < 0){ FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1); KNI_LOG_DEBUG(logger, "Intercept error: tuple2stm add fail, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); pmeinfo->intcp_error = INTERCEPT_ERROR_TUPLE2STM_ADD_FAIL; goto error_out; } @@ -1317,7 +1311,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type); if(ret < 0){ KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, stream addr = %s", - pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1); pmeinfo->intcp_error = INTERCEPT_ERROR_SENDTO_TFE_FAIL; tuple2stream_htable_del(stream, thread_seq); @@ -1326,7 +1320,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei } else{ KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s, stream addr = %s", - pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); } //fs stat FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1); @@ -1444,7 +1438,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct } if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){ KNI_LOG_DEBUG(logger, "Next data packet exceed MTU(1500), stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME; } if(g_kni_handle->ssl_dynamic_bypass_enable == 1){ @@ -1457,7 +1451,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct ret = send_to_tfe((char*)a_packet, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type); if(ret < 0){ KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s, stream addr = %s", - pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1); } //else{ @@ -1478,7 +1472,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str pmeinfo->action = KNI_ACTION_NONE; maat_hit = 0; KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s", - pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid); + PRINTADDR(pmeinfo->stream,g_kni_handle->log_level), (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid); } else{ pmeinfo->maat_result_num = 1; @@ -1494,7 +1488,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str maat_hit = 1; char *action_str = kni_maat_action_trans(pmeinfo->action); KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s", - pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid); + PRINTADDR(pmeinfo->stream,g_kni_handle->log_level), (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid); } switch(pmeinfo->action){ case KNI_ACTION_INTERCEPT: @@ -1689,7 +1683,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre ret = APP_STATE_FAWPKT | APP_STATE_GIVEME; //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1); KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid = %s, stream addr = %s", - stream->pktstate, pmeinfo->stream_traceid, pmeinfo->stream_addr); + stream->pktstate, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); break; } //sapp release: bypass or intercept @@ -1876,13 +1870,13 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg, if(ret < 0){ if(ret == KNI_CMSG_INVALID_TYPE){ KNI_LOG_ERROR(logger, "Failed at kni_cmsg_get: type = %d, ret = %d, stream traceid = %s, stream addr = %s", - type, ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); + type, ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); } return -1; } if(value_size > value_size_max){ KNI_LOG_ERROR(logger, "kni_cmsg_get: type = %d, size = %d, which should <= %d, stream traceid = %s, stream addr = %s", - type, value_size, value_size_max, pmeinfo->stream_traceid, pmeinfo->stream_addr); + type, value_size, value_size_max, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level)); return -1; } switch(type) @@ -1935,7 +1929,7 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_CERT_VERIFY, sizeof(pmeinfo->ssl_cert_verify), logger); wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger); KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d ,pinning state = %d", - pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst); + pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level),pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst); if(g_kni_handle->ssl_dynamic_bypass_enable == 1){ ssl_dynamic_bypass_htable_add(pmeinfo);