bugfix:删除stream_addr,使用PRINTADDR输出log中的地址
This commit is contained in:
fumingwei
@@ -156,16 +156,10 @@ static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stre
|
||||
pmeinfo->ssl_cert_verify = -1;
|
||||
uint64_t traceid = tsg_get_stream_id((struct streaminfo*)stream);
|
||||
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%" PRIu64 , traceid);
|
||||
if(pmeinfo->addr_type == ADDR_TYPE_IPV6){
|
||||
kni_addr_trans_v6(stream->addr.tuple4_v6, pmeinfo->stream_addr, sizeof(pmeinfo->stream_addr));
|
||||
}
|
||||
else{
|
||||
kni_addr_trans_v4(stream->addr.tuple4_v4, pmeinfo->stream_addr, sizeof(pmeinfo->stream_addr));
|
||||
}
|
||||
//init pme_lock
|
||||
int ret = pthread_mutex_init(&(pmeinfo->lock), NULL);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at init pthread mutex, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_ERROR(logger, "Failed at init pthread mutex, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
abort();
|
||||
}
|
||||
return 0;
|
||||
@@ -260,10 +254,10 @@ static void stream_destroy(struct pme_info *pmeinfo){
|
||||
if(pmeinfo->action == KNI_ACTION_INTERCEPT){
|
||||
int ret = log_generate(pmeinfo);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_ERROR(logger, "Failed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
}
|
||||
else{
|
||||
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Succeed at log_generate, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
}
|
||||
}
|
||||
//free pme
|
||||
@@ -296,11 +290,11 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
int ret = kni_cmsg_set(cmsg, type, value, size);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type, tfe_cmsg_tlv_type_to_string[type],pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type, tfe_cmsg_tlv_type_to_string[type],pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
}
|
||||
else
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -603,7 +597,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
ret = kni_cmsg_serialize(cmsg, buff, bufflen, &serialize_len);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at serialize cmsg, ret = %d, stream traceid = %s, stream addr = %s",
|
||||
ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
goto error_out;
|
||||
}
|
||||
*len = serialize_len;
|
||||
@@ -1085,23 +1079,23 @@ static int tsg_diagnose_judge_streamshunt(int maat_rule_config_id,struct pme_inf
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
|
||||
if(g_kni_handle->tsg_diagnose_enable == 0){
|
||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: enabled is 0, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: enabled is 0, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num == 0){
|
||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: no security policy from profile to shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: no security policy from profile to shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
return 0;
|
||||
}
|
||||
for(i = 0; i < g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_num; i ++){
|
||||
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == 0){
|
||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy 0 is not allowd shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy 0 is not allowd shunt, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
continue;
|
||||
}
|
||||
if(g_kni_handle->secpolicyid_shunt_tsg_diagnose.id_arr[i] == maat_rule_config_id){
|
||||
ret = 1;
|
||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy id %d shunt, stream traceid = %s, stream addr = %s", maat_rule_config_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Tsg diagnose: security policy id %d shunt, stream traceid = %s, stream addr = %s", maat_rule_config_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -1124,14 +1118,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len);
|
||||
if(ret == 0){
|
||||
if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
}
|
||||
}
|
||||
else{
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
@@ -1140,14 +1134,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
ret=MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len);
|
||||
if(ret == 0){
|
||||
if(stream_tunnel_type != STREAM_TUNNLE_NON){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_STREAM_TUNNLE_TYPE;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
}
|
||||
}
|
||||
else{
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
@@ -1155,7 +1149,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
|
||||
//intercept_error: not double dir
|
||||
if(stream->dir != DIR_DOUBLE){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_ASYM_ROUTING], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_ASYM_ROUTING;
|
||||
goto error_out;
|
||||
@@ -1163,7 +1157,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
//intercept_error: no syn
|
||||
if(pmeinfo->has_syn == 0){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: no syn, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN;
|
||||
goto error_out;
|
||||
@@ -1171,7 +1165,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
//intercept_error: no syn/ack
|
||||
if(pmeinfo->has_syn_ack == 0){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: no syn/ack, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN_ACK], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN_ACK;
|
||||
goto error_out;
|
||||
@@ -1179,7 +1173,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
if(pktinfo->parse_failed == 1){
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_INVALID_IP_HDR;
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: invalid ip header, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
}
|
||||
@@ -1187,7 +1181,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_EXCEED_MTU;
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: first data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_EXCEED_MTU], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
}
|
||||
@@ -1198,7 +1192,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
else
|
||||
pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq]));
|
||||
if(pmeinfo->tfe_id < 0){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_NO_TFE;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_TFE], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
@@ -1213,7 +1207,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
if(pmeinfo->has_dup_traffic == 1){
|
||||
if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
|
||||
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Intercept error: stream has dup traffic, dup_traffic_action = bypass, "
|
||||
"stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
"stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_TRAFFIC;
|
||||
goto error_out;
|
||||
@@ -1224,14 +1218,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
// get HAVE_DUP_PKT field
|
||||
ret=MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&has_dup_traffic, &have_dup_pkt_len);
|
||||
if(ret != 0){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
}
|
||||
else{
|
||||
if(has_dup_traffic == -2){
|
||||
KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_PKT_NOT_SURE_ERR;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_PKT_NOT_SURE_ERR], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
@@ -1297,7 +1291,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len);
|
||||
if(buff == NULL){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: failed at add cmsg to packet, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_CMSG_ADD_FAIL;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
@@ -1307,7 +1301,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
if(ret < 0){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1);
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: tuple2stm add fail, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_TUPLE2STM_ADD_FAIL;
|
||||
goto error_out;
|
||||
}
|
||||
@@ -1317,7 +1311,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
|
||||
if(ret < 0){
|
||||
KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->intcp_error = INTERCEPT_ERROR_SENDTO_TFE_FAIL;
|
||||
tuple2stream_htable_del(stream, thread_seq);
|
||||
@@ -1326,7 +1320,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
}
|
||||
else{
|
||||
KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
}
|
||||
//fs stat
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1);
|
||||
@@ -1444,7 +1438,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
|
||||
}
|
||||
if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){
|
||||
KNI_LOG_DEBUG(logger, "Next data packet exceed MTU(1500), stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
return APP_STATE_DROPPKT | APP_STATE_KILL_FOLLOW | APP_STATE_GIVEME;
|
||||
}
|
||||
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
|
||||
@@ -1457,7 +1451,7 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct
|
||||
ret = send_to_tfe((char*)a_packet, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s, stream addr = %s",
|
||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
pmeinfo->tfe_id, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
//else{
|
||||
@@ -1478,7 +1472,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
||||
pmeinfo->action = KNI_ACTION_NONE;
|
||||
maat_hit = 0;
|
||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s",
|
||||
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
|
||||
PRINTADDR(pmeinfo->stream,g_kni_handle->log_level), (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
|
||||
}
|
||||
else{
|
||||
pmeinfo->maat_result_num = 1;
|
||||
@@ -1494,7 +1488,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
||||
maat_hit = 1;
|
||||
char *action_str = kni_maat_action_trans(pmeinfo->action);
|
||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
|
||||
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
|
||||
PRINTADDR(pmeinfo->stream,g_kni_handle->log_level), (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
|
||||
}
|
||||
switch(pmeinfo->action){
|
||||
case KNI_ACTION_INTERCEPT:
|
||||
@@ -1689,7 +1683,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
||||
ret = APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1);
|
||||
KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid = %s, stream addr = %s",
|
||||
stream->pktstate, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
stream->pktstate, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
break;
|
||||
}
|
||||
//sapp release: bypass or intercept
|
||||
@@ -1876,13 +1870,13 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg,
|
||||
if(ret < 0){
|
||||
if(ret == KNI_CMSG_INVALID_TYPE){
|
||||
KNI_LOG_ERROR(logger, "Failed at kni_cmsg_get: type = %d, ret = %d, stream traceid = %s, stream addr = %s",
|
||||
type, ret, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
type, ret, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
if(value_size > value_size_max){
|
||||
KNI_LOG_ERROR(logger, "kni_cmsg_get: type = %d, size = %d, which should <= %d, stream traceid = %s, stream addr = %s",
|
||||
type, value_size, value_size_max, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
type, value_size, value_size_max, pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level));
|
||||
return -1;
|
||||
}
|
||||
switch(type)
|
||||
@@ -1935,7 +1929,7 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_CERT_VERIFY, sizeof(pmeinfo->ssl_cert_verify), logger);
|
||||
wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger);
|
||||
KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d ,pinning state = %d",
|
||||
pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst);
|
||||
pmeinfo->stream_traceid, PRINTADDR(pmeinfo->stream,g_kni_handle->log_level),pmeinfo->ssl_intercept_state,pmeinfo->ssl_pinningst);
|
||||
|
||||
if(g_kni_handle->ssl_dynamic_bypass_enable == 1){
|
||||
ssl_dynamic_bypass_htable_add(pmeinfo);
|
||||
|
||||
Reference in New Issue
Block a user