diff --git a/common/include/kni_utils.h b/common/include/kni_utils.h index ef0c6d4..8adc275 100644 --- a/common/include/kni_utils.h +++ b/common/include/kni_utils.h @@ -73,59 +73,59 @@ struct kni_tcpopt_info{ enum kni_field{ KNI_FIELD_BYP_STM, KNI_FIELD_BYP_STM_POLICY, - KNI_FIELD_BYP_STM_PME_NEW_FAIL, - KNI_FIELD_BYP_STM_NO_TFE, - KNI_FIELD_BYP_STM_DUP_TFC, KNI_FIELD_BYP_STM_ERR, //stream error + KNI_FIELD_STMERR_ASYM_ROUTING, KNI_FIELD_STMERR_NO_SYN, - KNI_FIELD_STMERR_SINGLE_DIR, - KNI_FIELD_STMERR_PROTO_UNKNOWN, - KNI_FIELD_STMERR_NO_SA, - KNI_FIELD_STMERR_ACTION_INVALID, + KNI_FIELD_STMERR_NO_SYN_ACK, KNI_FIELD_STMERR_NO_DATA, - KNI_FIELD_STMERR_IPHDR_PARSE_FAIL, + KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL, + KNI_FIELD_STMERR_INVALID_IP_HDR, KNI_FIELD_STMERR_EXCEED_MTU, - KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL, + //stream error: internal error + KNI_FIELD_STMERR_INVALID_ACTION, KNI_FIELD_STMERR_SENDTO_TFE_FAIL, - //others - KNI_FIELD_NULL_PKT, - KNI_FIELD_STATE_UNKNOWN, - KNI_FIELD_DUP_TFC_STM, - KNI_FIELD_DUP_TFC_BYTE, - KNI_FIELD_IPV4_STM, - KNI_FIELD_IPV6_STM, + KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL, + KNI_FIELD_STMERR_NO_TFE, + KNI_FIELD_STMERR_PME_INIT_FAIL, + KNI_FIELD_STMERR_DUP_TRAFFIC, + KNI_FIELD_STMERR_CMSG_ADD_FAIL, + //intercept stream + KNI_FIELD_INTCP_STM, + KNI_FIELD_INTCP_BYTE, KNI_FIELD_SSL_STM, KNI_FIELD_HTTP_STM, - KNI_FIELD_SENDLOG_SUCC, - KNI_FIELD_SENDLOG_FAIL, - KNI_FIELD_PME_NEW_SUCC, - KNI_FIELD_PME_FREE, - KNI_FIELD_IPV4HDR_PARSE_FAIL, - KNI_FIELD_IPV6HDR_PARSE_FAIL, - KNI_FIELD_ID2PME_ADD_SUCC, - KNI_FIELD_ID2PME_ADD_FAIL, - KNI_FIELD_ID2PME_DEL_SUCC, - KNI_FIELD_ID2PME_DEL_FAIL, - KNI_FIELD_TUPLE2STM_ADD_SUCC, - KNI_FIELD_TUPLE2STM_ADD_FAIL, - KNI_FIELD_TUPLE2STM_DEL_SUCC, - KNI_FIELD_TUPLE2STM_DEL_FAIL, - KNI_FIELD_TUPLE2STM_SEARCH_SUCC, - KNI_FIELD_TUPLE2STM_SEARCH_FAIL, - KNI_FIELD_SAPP_INJECT_SUCC, - KNI_FIELD_SAPP_INJECT_FAIL, - KNI_FIELD_BLOOM_SEARCH_SUCC, - KNI_FIELD_BLOOM_SEARCH_FAIL, - KNI_FIELD_BLOOM_ADD_SUCC, - KNI_FIELD_BLOOM_ADD_FAIL, - KNI_FIELD_BLOOM_HIT, - KNI_FIELD_BLOOM_MISS, - //intercetp traffic stat + KNI_FIELD_IPV4_STM, + KNI_FIELD_IPV6_STM, + KNI_FIELD_DUP_TFC_STM, + KNI_FIELD_DUP_TFC_BYTE, + //intercept ready stream KNI_FIELD_INTCP_READY_STM, KNI_FIELD_INTCP_READY_BYTE, - KNI_FIELD_TX_TFE_STM, - KNI_FIELD_TX_TFE_BYTE, + //pme + KNI_FIELD_PME_NEW_SUCC, + KNI_FIELD_PME_FREE, + //errors + KNI_FIELD_SENDLOG_FAIL, + KNI_FIELD_ID2PME_ADD_FAIL, + KNI_FIELD_ID2PME_DEL_FAIL, + KNI_FIELD_TUPLE2STM_ADD_FAIL, + KNI_FIELD_TUPLE2STM_DEL_FAIL, + KNI_FIELD_SAPP_INJECT_FAIL, + KNI_FIELD_BLOOM_SEARCH_FAIL, + KNI_FIELD_BLOOM_ADD_FAIL, + //htable + KNI_FIELD_ID2PME_ADD_SUCC, + KNI_FIELD_ID2PME_DEL_SUCC, + KNI_FIELD_TUPLE2STM_ADD_SUCC, + KNI_FIELD_TUPLE2STM_DEL_SUCC, + //send_log + KNI_FIELD_SENDLOG_SUCC, + //sapp_inject + KNI_FIELD_SAPP_INJECT_SUCC, + //dabloom + KNI_FIELD_BLOOM_HIT, + KNI_FIELD_BLOOM_MISS, //KNI_FIELD_TFE_STATUS_BASE must be last KNI_FIELD_TFE_STATUS_BASE, }; @@ -175,7 +175,7 @@ uint16_t kni_ip_checksum(const void *buf, size_t hdr_len); uint16_t kni_tcp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr); uint16_t kni_tcp_checksum_v6(const void *_buf, size_t len, struct in6_addr src_addr, struct in6_addr dest_addr); uint16_t kni_udp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr); -struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr, int tcphdr_len); +void kni_get_tcpopt(struct kni_tcpopt_info *tcpopt, struct tcphdr* tcphdr,int tcphdr_len); int kni_ipv4_addr_get_by_eth(const char *ifname, uint32_t *ip); int kni_ipv4_header_parse(const void *a_packet, struct pkt_info *pktinfo); int kni_ipv6_header_parse(const void *a_packet, struct pkt_info *pktinfo); diff --git a/common/src/kni_utils.cpp b/common/src/kni_utils.cpp index b0e28b4..e330e58 100644 --- a/common/src/kni_utils.cpp +++ b/common/src/kni_utils.cpp @@ -144,9 +144,7 @@ uint16_t kni_udp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_a return ( (uint16_t)(~sum) ); } - -struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr,int tcphdr_len){ - struct kni_tcpopt_info* tcpopt = (struct kni_tcpopt_info*)ALLOC(struct kni_tcpopt_info, 1); +void kni_get_tcpopt(struct kni_tcpopt_info *tcpopt, struct tcphdr* tcphdr,int tcphdr_len){ tcpopt->mss = KNI_DEFAULT_MSS; tcpopt->wscale = KNI_DEFAULT_WINSCLE; @@ -158,16 +156,16 @@ struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr,int tcphdr_len){ int opsize; switch (opcode){ case TCPOPT_EOL: - return tcpopt; + return; case TCPOPT_NOP: /* Ref: RFC 793 section 3.1 */ length--; continue; default: opsize = *ptr++; if (opsize < 2) /* "silly options" */ - return tcpopt; + return; if (opsize > length) - return tcpopt; /* don't parse partial options */ + return; /* don't parse partial options */ switch (opcode){ case TCPOPT_MAXSEG: if (opsize == TCPOLEN_MAXSEG){ @@ -208,7 +206,7 @@ struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr,int tcphdr_len){ length -= opsize; } } - return tcpopt; + return; } diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index 1963fa7..e12fb3e 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -20,6 +20,7 @@ bypass: drome: pme_new_fail: destroy_pme #include "cjson/cJSON.h" #include "kni_send_logger.h" #include +#include #include "tfe_mgr.h" #ifdef __cplusplus extern "C" { @@ -47,16 +48,21 @@ enum kni_protocol{ }; enum stream_error{ - STREAM_ERROR_PENDING_NO_SYN = -1, - STREAM_ERROR_SINGLE_DIR = -2, - STREAM_ERROR_PROTOCOL_UNKNOWN = -3, - STREAM_ERROR_NO_SYN_ACK = -4, - STREAM_ERROR_INVALID_ACTION = -5, - STREAM_ERROR_NO_DATA = -6, - STREAM_ERROR_IPHDR_PARSE_FAIL = -7, - STREAM_ERROR_EXCEED_MTU = -8, + STREAM_ERROR_ASYM_ROUTING = -1, + STREAM_ERROR_NO_SYN = -2, + STREAM_ERROR_NO_SYN_ACK = -3, + STREAM_ERROR_NO_DATA = -4, + STREAM_ERROR_UNSUPPORTED_PROTOCOL = -5, + STREAM_ERROR_INVALID_IP_HDR = -6, + STREAM_ERROR_EXCEED_MTU = -7, + //internal + STREAM_ERROR_INVALID_ACTION = -8, STREAM_ERROR_SENDTO_TFE_FAIL = -9, STREAM_ERROR_TUPLE2STM_ADD_FAIL = -10, + STREAM_ERROR_NO_TFE = -11, + STREAM_ERROR_PME_INIT_FAIL= -12, + STREAM_ERROR_DUP_TRAFFIC = -13, + STREAM_ERROR_CMSG_ADD_FAIL = -14, }; struct http_project{ @@ -85,8 +91,10 @@ struct pme_info{ int maat_hit; enum kni_action action; int service; - struct kni_tcpopt_info *client_tcpopt; - struct kni_tcpopt_info *server_tcpopt; + struct kni_tcpopt_info client_tcpopt; + struct kni_tcpopt_info server_tcpopt; + char has_syn; + char has_syn_ack; uint16_t client_window; uint16_t server_window; int tfe_id; @@ -201,28 +209,36 @@ struct traceid2pme_search_cb_args{ void *logger; }; -static char* stream_errmsg_get(enum stream_error _errno){ +static char* stream_errmsg_session_record(enum stream_error _errno){ switch(_errno){ - case STREAM_ERROR_PENDING_NO_SYN: - return (char*)"pending not syn"; - case STREAM_ERROR_SINGLE_DIR: - return (char*)"single dir"; - case STREAM_ERROR_PROTOCOL_UNKNOWN: - return (char*)"protocol unknown"; + case STREAM_ERROR_ASYM_ROUTING: + return (char*)"e_asym_routing"; + case STREAM_ERROR_NO_SYN: + return (char*)"e_no_syn"; case STREAM_ERROR_NO_SYN_ACK: - return (char*)"no syn/ack"; - case STREAM_ERROR_INVALID_ACTION: - return (char*)"invalid aciton"; + return (char*)"e_no_synack"; case STREAM_ERROR_NO_DATA: - return (char*)"no data"; - case STREAM_ERROR_IPHDR_PARSE_FAIL: - return (char*)"ip header parse fail"; + return (char*)"e_no_data"; + case STREAM_ERROR_UNSUPPORTED_PROTOCOL: + return (char*)"e_unsupported_protocol"; + case STREAM_ERROR_INVALID_IP_HDR: + return (char*)"e_invalid_ip_hdr"; case STREAM_ERROR_EXCEED_MTU: - return (char*)"exceed mtu(1500)"; + return (char*)"e_exceed_mtu"; + case STREAM_ERROR_INVALID_ACTION: + return (char*)"e_internal_1"; case STREAM_ERROR_SENDTO_TFE_FAIL: - return (char*)"sendto_tfe_fail"; + return (char*)"e_internal_2"; case STREAM_ERROR_TUPLE2STM_ADD_FAIL: - return (char*)"tuple2stm_add_fail"; + return (char*)"e_internal_3"; + case STREAM_ERROR_NO_TFE: + return (char*)"e_internal_4"; + case STREAM_ERROR_PME_INIT_FAIL: + return (char*)"e_internal_5"; + case STREAM_ERROR_DUP_TRAFFIC: + return (char*)"e_internal_6"; + case STREAM_ERROR_CMSG_ADD_FAIL: + return (char*)"e_internal_7"; default: return (char*)"unknown error"; } @@ -233,9 +249,10 @@ static int dup_traffic_dabloom_key_get(struct pkt_info *pktinfo, struct dup_traf struct tcphdr *tcphdr = pktinfo->tcphdr; key->seq = tcphdr->seq; key->ack_seq = tcphdr->ack_seq; - struct kni_tcpopt_info* tcpopt = kni_get_tcpopt(tcphdr, pktinfo->tcphdr_len); - key->timestamp = tcpopt->ts_value; - FREE(&tcpopt); + struct kni_tcpopt_info tcpopt; + memset(&tcpopt, 0, sizeof(tcpopt)); + kni_get_tcpopt(&tcpopt, tcphdr, pktinfo->tcphdr_len); + key->timestamp = tcpopt.ts_value; if(pktinfo->addr_type == ADDR_TYPE_IPV6){ struct ip6_hdr *iphdr = pktinfo->iphdr.v6; memcpy(key->addr.v6.saddr, &(iphdr->ip6_src), sizeof(key->addr.v6.saddr)); @@ -260,14 +277,6 @@ static void pme_info_destroy(void *data){ struct pme_info *pmeinfo = (struct pme_info *)data; void *logger = g_kni_handle->local_logger; if(pmeinfo != NULL){ - //free client_tcpopt - if(pmeinfo->client_tcpopt != NULL){ - FREE(&(pmeinfo->client_tcpopt)); - } - //free server tcpopt - if(pmeinfo->server_tcpopt != NULL){ - FREE(&(pmeinfo->server_tcpopt)); - } //free layer_addr layer_addr_free(pmeinfo->addr); pmeinfo->addr=NULL; @@ -285,16 +294,17 @@ static void pme_info_destroy(void *data){ } } -static struct pme_info* pme_info_new(const struct streaminfo *stream, int thread_seq){ +static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stream, int thread_seq){ void *logger = g_kni_handle->local_logger; - struct pme_info* pmeinfo = ALLOC(struct pme_info, 1); pmeinfo->addr_type = (enum addr_type_t)stream->addr.addrtype; pmeinfo->ssl_cert_verify = -1; - uuid_t uu; - uuid_generate_random(uu); - uuid_unparse(uu, pmeinfo->stream_traceid); - pmeinfo->addr = layer_addr_dup(&(stream->addr)); + //uuid_t uu; + //uuid_generate_random(uu); + //uuid_unparse(uu, pmeinfo->stream_traceid); clock_gettime(CLOCK_REALTIME, &(pmeinfo->start_time)); + snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%d%lld.%.9ld", + thread_seq, (long long)pmeinfo->start_time.tv_sec, pmeinfo->start_time.tv_nsec); + pmeinfo->addr = layer_addr_dup(&(stream->addr)); char stream_addr[KNI_ADDR_MAX] = ""; //init pme_lock int ret = pthread_mutex_init(&(pmeinfo->lock), NULL); @@ -309,11 +319,10 @@ static struct pme_info* pme_info_new(const struct streaminfo *stream, int thread kni_addr_trans_v4(stream->addr.tuple4_v4, stream_addr, sizeof(stream_addr)); } KNI_LOG_INFO(logger, "stream addr = %s, stream traceid = %s", stream_addr, pmeinfo->stream_traceid); - return pmeinfo; + return 0; error_out: - pme_info_destroy(pmeinfo); - return NULL; + return -1; } static int log_generate(struct pme_info *pmeinfo, void *local_logger){ @@ -388,7 +397,9 @@ static int log_generate(struct pme_info *pmeinfo, void *local_logger){ //ssl downstream version: from tfe cJSON_AddStringToObject(log_obj, "ssl_client_side_version", pmeinfo->ssl_client_side_version); //ssl cert verify - cJSON_AddNumberToObject(log_obj, "ssl_cert_verify", pmeinfo->ssl_cert_verify); + if(pmeinfo->ssl_cert_verify != -1){ + cJSON_AddNumberToObject(log_obj, "ssl_cert_verify", pmeinfo->ssl_cert_verify); + } //direction: 0 cJSON_AddNumberToObject(log_obj, "direction", 0); @@ -420,7 +431,7 @@ static int log_generate(struct pme_info *pmeinfo, void *local_logger){ cJSON_AddNumberToObject(log_obj, "has_dup_traffic", pmeinfo->has_dup_traffic); //stream_error if(pmeinfo->error < 0){ - char *stream_errmsg = stream_errmsg_get(pmeinfo->error); + char *stream_errmsg = stream_errmsg_session_record(pmeinfo->error); cJSON_AddStringToObject(log_obj, "stream_error", stream_errmsg); } int ret = -1; @@ -542,8 +553,8 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st char *trace_id = NULL; uint32_t seq = pktinfo->tcphdr->seq; uint32_t ack = pktinfo->tcphdr->ack_seq; - uint16_t client_mss = htons(pmeinfo->client_tcpopt->mss); - uint16_t server_mss = htons(pmeinfo->server_tcpopt->mss); + uint16_t client_mss = htons(pmeinfo->client_tcpopt.mss); + uint16_t server_mss = htons(pmeinfo->server_tcpopt.mss); uint16_t client_window = htons(pmeinfo->client_window); uint16_t server_window = htons(pmeinfo->server_window); //seq @@ -559,25 +570,25 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_MSS_SERVER, (const unsigned char*)&server_mss, 2, pmeinfo->stream_traceid); if(ret < 0) goto error_out; //both = 1, send to tfe - if(pmeinfo->client_tcpopt->wscale_set && pmeinfo->server_tcpopt->wscale_set){ + if(pmeinfo->client_tcpopt.wscale_set && pmeinfo->server_tcpopt.wscale_set){ //client wscale - ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->wscale), 1, pmeinfo->stream_traceid); + ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.wscale), 1, pmeinfo->stream_traceid); if(ret < 0) goto error_out; //server wscale - ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->wscale), 1, pmeinfo->stream_traceid); + ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.wscale), 1, pmeinfo->stream_traceid); if(ret < 0) goto error_out; } //client sack - ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->sack), 1, pmeinfo->stream_traceid); + ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.sack), 1, pmeinfo->stream_traceid); if(ret < 0) goto error_out; //server sack - ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->sack), 1, pmeinfo->stream_traceid); + ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.sack), 1, pmeinfo->stream_traceid); if(ret < 0) goto error_out; //client timestamp - ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->ts_set), 1, pmeinfo->stream_traceid); + ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.ts_set), 1, pmeinfo->stream_traceid); if(ret < 0) goto error_out; //server timestamp - ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->ts_set), 1, pmeinfo->stream_traceid); + ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.ts_set), 1, pmeinfo->stream_traceid); if(ret < 0) goto error_out; //protocol ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (const unsigned char*)&protocol_type, 1, pmeinfo->stream_traceid); @@ -789,7 +800,7 @@ static int wrapped_kni_header_parse(const void *a_packet, struct pme_info *pmein char *errmsg = kni_ipv6_errmsg_get((enum kni_ipv6hdr_parse_error)ret); KNI_LOG_DEBUG(logger, "Stream error: failed at parse ipv6 header, errmsg = %s, stream treaceid = %s", errmsg, pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1); return -1; } } @@ -799,7 +810,7 @@ static int wrapped_kni_header_parse(const void *a_packet, struct pme_info *pmein char *errmsg = kni_ipv4_errmsg_get((enum kni_ipv4hdr_parse_error)ret); KNI_LOG_ERROR(logger, "Stream error: failed at parse ipv4 header, errmsg = %s, stream treaceid = %s", errmsg, pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1); return -1; } } @@ -928,15 +939,15 @@ static char pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info pktinfo; int ret = wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo); if(ret < 0){ - pmeinfo->error = STREAM_ERROR_IPHDR_PARSE_FAIL; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL], 0, FS_OP_ADD, 1); + pmeinfo->error = STREAM_ERROR_INVALID_IP_HDR; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1); return APP_STATE_FAWPKT | APP_STATE_DROPME; } if(!pktinfo.tcphdr->syn){ //pending_opstate not syn, bypass and dropme KNI_LOG_DEBUG(logger, "Stream error: pending opstate, not syn, stream traceid = %s", pmeinfo->stream_traceid); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SYN], 0, FS_OP_ADD, 1); - pmeinfo->error = STREAM_ERROR_PENDING_NO_SYN; + pmeinfo->error = STREAM_ERROR_NO_SYN; return APP_STATE_FAWPKT | APP_STATE_DROPME; } @@ -958,7 +969,8 @@ static char pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, } } pmeinfo->client_window = ntohs(pktinfo.tcphdr->window); - pmeinfo->client_tcpopt = kni_get_tcpopt(pktinfo.tcphdr, pktinfo.tcphdr_len); + pmeinfo->has_syn = 1; + kni_get_tcpopt(&(pmeinfo->client_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len); return APP_STATE_FAWPKT | APP_STATE_GIVEME; } @@ -1036,6 +1048,22 @@ static void traceid2pme_htable_del(struct pme_info *pmeinfo){ } static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, char *stream_addr, int thread_seq){ + //dup_traffic_check + if(g_kni_handle->dup_traffic_switch == 1){ + //has dup traffic + if(pmeinfo->has_dup_syn == 1 || pmeinfo->has_dup_syn_ack == 1){ + pmeinfo->has_dup_traffic = 1; + } + if(pmeinfo->has_dup_traffic == 1){ + if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){ + KNI_LOG_DEBUG(g_kni_handle->local_logger, "Stream error: stream has dup traffic, dup_traffic_action = bypass, stream traceid = %s", pmeinfo->stream_traceid); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1); + pmeinfo->intercept_state=0; + pmeinfo->error = STREAM_ERROR_DUP_TRAFFIC; + return APP_STATE_FAWPKT | APP_STATE_DROPME; + } + } + } void *logger = g_kni_handle->local_logger; int ret; //only intercept: add to tuple2stream_htable @@ -1043,6 +1071,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei if(ret < 0){ FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1); KNI_LOG_DEBUG(logger, "Stream error: tuple2stm add fail, stream traceid = %s", pmeinfo->stream_traceid); + pmeinfo->intercept_state=0; pmeinfo->error = STREAM_ERROR_TUPLE2STM_ADD_FAIL; return APP_STATE_FAWPKT | APP_STATE_DROPME; } @@ -1051,15 +1080,22 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei traceid2pme_htable_add(pmeinfo); //action = KNI_ACTION_INTERCEPT, sendto tfe int len = 0; + //add cmsg char *buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len); if(buff == NULL){ - KNI_LOG_ERROR(logger, "Failed at add cmsg to packet, stream traceid = %s", pmeinfo->stream_traceid); + KNI_LOG_DEBUG(logger, "Stream error: failed at add cmsg to packet, stream traceid = %s", pmeinfo->stream_traceid); + pmeinfo->error = STREAM_ERROR_CMSG_ADD_FAIL; + pmeinfo->intercept_state=0; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1); + FREE(&buff); return APP_STATE_FAWPKT | APP_STATE_DROPME; } + //send to tfe ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type); if(ret < 0){ KNI_LOG_DEBUG(logger, "Stream error: failed at send first packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1); + pmeinfo->intercept_state=0; pmeinfo->error = STREAM_ERROR_SENDTO_TFE_FAIL; FREE(&buff); tuple2stream_htable_del(g_kni_handle->threads_handle[thread_seq].tuple2stream_htable, stream); @@ -1070,6 +1106,28 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid); } FREE(&buff); + //fs stat + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen); + //ipv4 or ipv6 + if(stream->addr.addrtype == ADDR_TYPE_IPV6){ + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1); + } + else{ + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1); + } + //http or ssl + if(pmeinfo->protocol == KNI_PROTOCOL_SSL){ + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SSL_STM], 0, FS_OP_ADD, 1); + } + if(pmeinfo->protocol == KNI_PROTOCOL_HTTP){ + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1); + } + //dup_traffic_stm + if(pmeinfo->has_dup_traffic == 1){ + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1); + KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid); + } return APP_STATE_DROPPKT | APP_STATE_GIVEME; } @@ -1085,7 +1143,7 @@ static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){ FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL], 0, FS_OP_ADD, 1); } else{ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC], 0, FS_OP_ADD, 1); if(ret == 1){ FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_HIT], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen); @@ -1110,7 +1168,7 @@ static int dabloom_add(struct pkt_info *pktinfo, int thread_seq){ KNI_LOG_ERROR(logger, "Failed at expiry_dablooms_add, errmsg = %s", expiry_dablooms_errno_trans((enum expiry_dablooms_errno)ret)); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL], 0, FS_OP_ADD, 1); } - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC], 0, FS_OP_ADD, 1); uint64_t count = 0; expiry_dablooms_element_count_get(g_kni_handle->threads_handle[thread_seq].dabloom_handle, &count); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->line_ids[0], g_kni_fs_handle->column_ids[thread_seq], FS_OP_SET, count); @@ -1144,8 +1202,8 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co struct pkt_info pktinfo; ret = wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo); if(ret < 0){ - pmeinfo->error = STREAM_ERROR_IPHDR_PARSE_FAIL; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL], 0, FS_OP_ADD, 1); + pmeinfo->error = STREAM_ERROR_INVALID_IP_HDR; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1); return APP_STATE_FAWPKT | APP_STATE_DROPME; } //pmeinfo->action has only 3 value: KNI_ACTION_NONE, KNI_ACTION_INTERCEPT, KNI_ACTION_BYPASS @@ -1156,7 +1214,7 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co case KNI_ACTION_NONE: break; case KNI_ACTION_INTERCEPT: - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen); //search dabloom if(g_kni_handle->dup_traffic_switch == 1){ if(pmeinfo->has_dup_traffic == 1){ @@ -1180,6 +1238,9 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1); } + else{ + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen); + } return APP_STATE_DROPPKT | APP_STATE_GIVEME; case KNI_ACTION_BYPASS: return APP_STATE_FAWPKT | APP_STATE_GIVEME; @@ -1197,7 +1258,8 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co // syn/ack if(pktinfo.tcphdr->syn && pktinfo.tcphdr->ack){ pmeinfo->server_window = ntohs(pktinfo.tcphdr->window); - pmeinfo->server_tcpopt = kni_get_tcpopt(pktinfo.tcphdr, pktinfo.tcphdr_len); + pmeinfo->has_syn_ack = 1; + kni_get_tcpopt(&(pmeinfo->server_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len); //dup traffic detect if(g_kni_handle->dup_traffic_switch == 1){ if(pmeinfo->syn_ack_packet == NULL){ @@ -1223,9 +1285,9 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co } //not double dir, bypass and dropme if(stream->dir != DIR_DOUBLE){ - KNI_LOG_DEBUG(logger, "Stream error: single dir = %d, stream traceid = %s", stream->dir, pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SINGLE_DIR], 0, FS_OP_ADD, 1); - pmeinfo->error = STREAM_ERROR_SINGLE_DIR; + KNI_LOG_DEBUG(logger, "Stream error: asym routing, stream traceid = %s", pmeinfo->stream_traceid); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_ASYM_ROUTING], 0, FS_OP_ADD, 1); + pmeinfo->error = STREAM_ERROR_ASYM_ROUTING; return APP_STATE_FAWPKT | APP_STATE_DROPME; } struct protocol_identify_result protocol_identify_res; @@ -1236,46 +1298,26 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co //can not identify protocol from first data packet, bypass and dropme case KNI_PROTOCOL_UNKNOWN: KNI_LOG_DEBUG(logger, "Stream error: failed at protocol_identify, stream traceid = %s", pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_PROTO_UNKNOWN], 0, FS_OP_ADD, 1); - pmeinfo->error = STREAM_ERROR_PROTOCOL_UNKNOWN; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL], 0, FS_OP_ADD, 1); + pmeinfo->error = STREAM_ERROR_UNSUPPORTED_PROTOCOL; return APP_STATE_FAWPKT | APP_STATE_DROPME; case KNI_PROTOCOL_SSL: strncpy(pmeinfo->domain.sni, protocol_identify_res.domain, strnlen(protocol_identify_res.domain, sizeof(pmeinfo->domain.sni) - 1)); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SSL_STM], 0, FS_OP_ADD, 1); break; case KNI_PROTOCOL_HTTP: strncpy(pmeinfo->domain.host, protocol_identify_res.domain, strnlen(protocol_identify_res.domain, sizeof(pmeinfo->domain.host) - 1)); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1); break; default: break; } //receive client hello, but no syn/ack, bypass and dropme - if(pmeinfo->client_tcpopt == NULL || pmeinfo->server_tcpopt == NULL){ - KNI_LOG_DEBUG(logger, "Stream error: %s, %s, stream traceid = %s", pmeinfo->client_tcpopt == NULL ? "no syn" : "have syn", - pmeinfo->server_tcpopt == NULL ? "no syn/ack" : "have syn/ack", pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SA], 0, FS_OP_ADD, 1); + if(pmeinfo->has_syn == 0 || pmeinfo->has_syn_ack == 0){ + KNI_LOG_DEBUG(logger, "Stream error: %s, %s, stream traceid = %s", pmeinfo->has_syn == 0 ? "no syn" : "have syn", + pmeinfo->has_syn_ack == 0 ? "no syn/ack" : "have syn/ack", pmeinfo->stream_traceid); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SYN_ACK], 0, FS_OP_ADD, 1); pmeinfo->error = STREAM_ERROR_NO_SYN_ACK; return APP_STATE_FAWPKT | APP_STATE_DROPME; } - //dup_traffic_check - if(g_kni_handle->dup_traffic_switch == 1){ - //has dup traffic - if(pmeinfo->has_dup_syn == 1 || pmeinfo->has_dup_syn_ack == 1){ - pmeinfo->has_dup_traffic = 1; - } - if(pmeinfo->has_dup_traffic == 1){ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1); - KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid); - if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){ - pmeinfo->action = KNI_ACTION_BYPASS; - pmeinfo->intercept_state=0; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_DUP_TFC], 0, FS_OP_ADD, 1); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1); - return APP_STATE_FAWPKT | APP_STATE_GIVEME; //GIVEME: for session record - } - } - } pmeinfo->action = intercept_policy_scan(g_kni_handle->maat_handle, (struct ipaddr*)(&stream->addr), protocol_identify_res.domain, protocol_identify_res.domain_len, thread_seq, &(pmeinfo->policy_id), &(pmeinfo->do_log), &(pmeinfo->maat_hit)); @@ -1285,12 +1327,6 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co stream_addr, protocol_identify_res.domain, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->maat_hit, pmeinfo->stream_traceid); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_STM], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen); - if(stream->addr.addrtype == ADDR_TYPE_IPV6){ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1); - } - else{ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1); - } switch(pmeinfo->action){ case KNI_ACTION_BYPASS: FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_POLICY], 0, FS_OP_ADD, 1); @@ -1299,14 +1335,12 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co return APP_STATE_FAWPKT | APP_STATE_GIVEME; //GIVEME: for session record case KNI_ACTION_INTERCEPT: pmeinfo->intercept_state=1; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_STM], 0, FS_OP_ADD, 1); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen); return first_data_intercept(stream, pmeinfo, &pktinfo, stream_addr, thread_seq); default: //action != intercept && action != bypass,bypass and dropme KNI_LOG_DEBUG(logger, "Stream error: action %d(%s) = invalid: policy_id = %d, stream traceid = %s, domain = ", pmeinfo->action, action_str, pmeinfo->policy_id, pmeinfo->stream_traceid, protocol_identify_res.domain); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_ACTION_INVALID], 0, FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_ACTION], 0, FS_OP_ADD, 1); pmeinfo->error = STREAM_ERROR_INVALID_ACTION; return APP_STATE_FAWPKT | APP_STATE_DROPME; } @@ -1356,28 +1390,31 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre close: a_packet may be null, if a_packet = null, do not send to tfe */ if(a_packet == NULL && stream->pktstate != OP_STATE_CLOSE){ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1); return APP_STATE_FAWPKT | APP_STATE_GIVEME; } - int tfe_id = -1; switch(stream->pktstate){ case OP_STATE_PENDING: - tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq); - if(tfe_id < 0){ - KNI_LOG_ERROR(logger, "No alive tfe available, bypass and dropme"); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_NO_TFE], 0, FS_OP_ADD, 1); - return APP_STATE_FAWPKT | APP_STATE_DROPME; - } - *pme = pmeinfo = pme_info_new(stream, thread_seq); - if(pmeinfo == NULL){ - KNI_LOG_ERROR(logger, "Failed at new pmeinfo, bypass and dropme"); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_PME_NEW_FAIL], 0, FS_OP_ADD, 1); - return APP_STATE_FAWPKT | APP_STATE_DROPME; - } - pmeinfo->tfe_id = tfe_id; + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_PENDING], 0, FS_OP_ADD, 1); + pmeinfo = ALLOC(struct pme_info, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_PME_NEW_SUCC], 0, FS_OP_ADD, 1); + *pme = pmeinfo; + //stream error: pme init fail + ret = pme_info_init(pmeinfo, stream, thread_seq); + if(ret < 0){ + KNI_LOG_DEBUG(logger, "Stream error: fail at pme_info_init, stream traceid = %s", pmeinfo->stream_traceid); + pmeinfo->error = STREAM_ERROR_PME_INIT_FAIL; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_PME_INIT_FAIL], 0, FS_OP_ADD, 1); + goto error_out; + } + //stream error: no tfe + pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq); + if(pmeinfo->tfe_id < 0){ + KNI_LOG_DEBUG(logger, "Stream error: no available tfe, stream traceid = %s", pmeinfo->stream_traceid); + pmeinfo->error = STREAM_ERROR_NO_TFE; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_TFE], 0, FS_OP_ADD, 1); + goto error_out; + } ret = pending_opstate(stream, pmeinfo, a_packet, thread_seq); if(pmeinfo->error < 0){ goto error_out; @@ -1392,6 +1429,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre break; case OP_STATE_CLOSE: //sapp stream close + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_CLOSE], 0, FS_OP_ADD, 1); ret = close_opstate(stream, pmeinfo, thread_seq); if(pmeinfo->error < 0){ goto error_out; @@ -1399,7 +1437,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre break; default: ret = APP_STATE_FAWPKT | APP_STATE_GIVEME; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1); KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid = %s", stream->pktstate, pmeinfo->stream_traceid); break; } @@ -1423,7 +1461,7 @@ error_out: pmeinfo->policy_id = -1; stream_destroy(pmeinfo, 1); } - return ret; + return APP_STATE_FAWPKT | APP_STATE_DROPME; } void http_project_free(int thread_seq, void *project_req_value){ @@ -1492,7 +1530,7 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h if(ret < 0){ char *errmsg = kni_ipv6_errmsg_get((enum kni_ipv6hdr_parse_error)ret); KNI_LOG_ERROR(logger, "failed at parse ipv6 header, errmsg = %s", errmsg); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1); return -1; } struct stream_tuple4_v6 key; @@ -1506,7 +1544,7 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h if(ret < 0){ char *errmsg = kni_ipv4_errmsg_get((enum kni_ipv4hdr_parse_error)ret); KNI_LOG_ERROR(logger, "failed at parse ipv4 header, errmsg = %s", errmsg); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1); return -1; } struct stream_tuple4_v4 key; @@ -1516,10 +1554,10 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h } if(value == NULL){ KNI_LOG_ERROR(logger, "MESA_htable: failed at search, key = %s", key_str); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL], 0, FS_OP_ADD, 1); return -1; } - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC], 0, FS_OP_ADD, 1); + //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC], 0, FS_OP_ADD, 1); unsigned char dir = value->route_dir; if(reversed != value->reversed){ dir = MESA_dir_reverse(dir); @@ -1882,60 +1920,71 @@ static struct kni_field_stat_handle * fs_init(const char *profile){ FS_set_para(handle, MAX_STAT_FIELD_NUM, &value, sizeof(value)); fs_handle = ALLOC(struct kni_field_stat_handle, 1); fs_handle->handle = handle; + + //bypass stream fs_handle->fields[KNI_FIELD_BYP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_stm"); fs_handle->fields[KNI_FIELD_BYP_STM_POLICY] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_policy"); - fs_handle->fields[KNI_FIELD_BYP_STM_PME_NEW_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_pme_new_F"); - fs_handle->fields[KNI_FIELD_BYP_STM_NO_TFE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_no_tfe"); - fs_handle->fields[KNI_FIELD_BYP_STM_DUP_TFC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_dup_tfc"); fs_handle->fields[KNI_FIELD_BYP_STM_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_stm_err"); //stream error - fs_handle->fields[KNI_FIELD_STMERR_NO_SYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_syn"); - fs_handle->fields[KNI_FIELD_STMERR_SINGLE_DIR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_sig_dir"); - fs_handle->fields[KNI_FIELD_STMERR_PROTO_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_pro_unknow"); - fs_handle->fields[KNI_FIELD_STMERR_NO_SA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_s/a"); - fs_handle->fields[KNI_FIELD_STMERR_ACTION_INVALID] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_act_invaid"); - fs_handle->fields[KNI_FIELD_STMERR_NO_DATA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_data"); - fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_ip_hdr"); - fs_handle->fields[KNI_FIELD_STMERR_EXCEED_MTU] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_exced_mtu"); - fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_tfe_tx"); - fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_tup2stmAdd"); - //others - fs_handle->fields[KNI_FIELD_NULL_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "null_pkt"); - fs_handle->fields[KNI_FIELD_STATE_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "state_unknow"); - fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_stm"); - fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_B"); + fs_handle->fields[KNI_FIELD_STMERR_ASYM_ROUTING] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_asym_route"); + fs_handle->fields[KNI_FIELD_STMERR_NO_SYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_syn"); + fs_handle->fields[KNI_FIELD_STMERR_NO_SYN_ACK] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_s/a"); + fs_handle->fields[KNI_FIELD_STMERR_NO_DATA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_data"); + fs_handle->fields[KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_unspt_pro"); + fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_ip_hdr"); + fs_handle->fields[KNI_FIELD_STMERR_EXCEED_MTU] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_exc_mtu"); + //stream error: internal error + fs_handle->fields[KNI_FIELD_STMERR_INVALID_ACTION] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_invaid_act"); + fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tfe_tx"); + fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_add"); + fs_handle->fields[KNI_FIELD_STMERR_NO_TFE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_tfe"); + fs_handle->fields[KNI_FIELD_STMERR_PME_INIT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_pme_init"); + fs_handle->fields[KNI_FIELD_STMERR_DUP_TRAFFIC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_dup_tfc"); + fs_handle->fields[KNI_FIELD_STMERR_CMSG_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_cmsg_add"); + + //intercept stream + fs_handle->fields[KNI_FIELD_INTCP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_stm"); + fs_handle->fields[KNI_FIELD_INTCP_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_B"); fs_handle->fields[KNI_FIELD_IPV4_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv4_stm"); fs_handle->fields[KNI_FIELD_IPV6_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv6_stm"); fs_handle->fields[KNI_FIELD_SSL_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ssl_stm"); fs_handle->fields[KNI_FIELD_HTTP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "http_stm"); - fs_handle->fields[KNI_FIELD_SENDLOG_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_S"); - fs_handle->fields[KNI_FIELD_SENDLOG_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_F"); - fs_handle->fields[KNI_FIELD_PME_NEW_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new"); - fs_handle->fields[KNI_FIELD_PME_FREE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_free"); - //intercept traffic stat + fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_stm"); + fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_B"); + + //intercept ready stream fs_handle->fields[KNI_FIELD_INTCP_READY_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_rdy_stm"); fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_rdy_B"); - fs_handle->fields[KNI_FIELD_TX_TFE_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tx_tfe_stm"); - fs_handle->fields[KNI_FIELD_TX_TFE_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tx_tfe_B"); + + //pme + fs_handle->fields[KNI_FIELD_PME_NEW_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new"); + fs_handle->fields[KNI_FIELD_PME_FREE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_free"); + + //errors + fs_handle->fields[KNI_FIELD_SENDLOG_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_sendlog"); + fs_handle->fields[KNI_FIELD_ID2PME_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_id2pme_add"); + fs_handle->fields[KNI_FIELD_ID2PME_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_id2pme_del"); + fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_add"); + fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_del"); + fs_handle->fields[KNI_FIELD_SAPP_INJECT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_sapp_inject"); + fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_bloom_srch"); + fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_bloom_add"); + //htable fs_handle->fields[KNI_FIELD_ID2PME_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_add_S"); - fs_handle->fields[KNI_FIELD_ID2PME_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_add_F"); fs_handle->fields[KNI_FIELD_ID2PME_DEL_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_del_S"); - fs_handle->fields[KNI_FIELD_ID2PME_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_del_F"); fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_add_S"); - fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_add_F"); fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_del_S"); - fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_del_F"); - fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_srch_S"); - fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_srch_F"); + + //sendlog + fs_handle->fields[KNI_FIELD_SENDLOG_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_S"); + + //sapp_inject fs_handle->fields[KNI_FIELD_SAPP_INJECT_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sapp_inject_S"); - fs_handle->fields[KNI_FIELD_SAPP_INJECT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sapp_inject_F"); - fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_srch_S"); + + //dabloom fs_handle->fields[KNI_FIELD_BLOOM_HIT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_hit"); fs_handle->fields[KNI_FIELD_BLOOM_MISS] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_miss"); - fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_srch_F"); - fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_add_S"); - fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_add_F"); if(g_kni_handle->deploy_mode == KNI_DEPLOY_MODE_NORMAL){ for(int i = 0; i < g_kni_handle->marsio_handle->tfe_enabled_node_count; i++){ int tfe_id = g_kni_handle->marsio_handle->tfe_enabled_nodes[i].tfe_id; @@ -2022,7 +2071,22 @@ int dup_traffic_dabloom_init(const char *profile, void *logger){ return 0; } +void my_handler(int s){ + printf("Caught signal %d\n",s); + exit(1); +} + +int register_signal_handle(){ + struct sigaction sigIntHandler; + sigIntHandler.sa_handler = my_handler; + sigemptyset(&sigIntHandler.sa_mask); + sigIntHandler.sa_flags = 0; + sigaction(SIGINT, &sigIntHandler, NULL); + return 0; +} + extern "C" int kni_init(){ + register_signal_handle(); char *kni_git_verison = (char*)KNI_GIT_VERSION; const char *profile = "./etc/kni/kni.conf"; const char *section = "global";