* 修复收到重复syn/ack时,kni_get_tcpopt的内存泄漏
* uuid需要加锁,修改traceid的生成方式为pid+clocktime * 重新整理fs2的各项统计 * 修改stream_error发通联日志的信息
This commit is contained in:
崔一鸣
@@ -20,6 +20,7 @@ bypass: drome: pme_new_fail: destroy_pme
|
||||
#include "cjson/cJSON.h"
|
||||
#include "kni_send_logger.h"
|
||||
#include <linux/if_ether.h>
|
||||
#include <signal.h>
|
||||
#include "tfe_mgr.h"
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
@@ -47,16 +48,21 @@ enum kni_protocol{
|
||||
};
|
||||
|
||||
enum stream_error{
|
||||
STREAM_ERROR_PENDING_NO_SYN = -1,
|
||||
STREAM_ERROR_SINGLE_DIR = -2,
|
||||
STREAM_ERROR_PROTOCOL_UNKNOWN = -3,
|
||||
STREAM_ERROR_NO_SYN_ACK = -4,
|
||||
STREAM_ERROR_INVALID_ACTION = -5,
|
||||
STREAM_ERROR_NO_DATA = -6,
|
||||
STREAM_ERROR_IPHDR_PARSE_FAIL = -7,
|
||||
STREAM_ERROR_EXCEED_MTU = -8,
|
||||
STREAM_ERROR_ASYM_ROUTING = -1,
|
||||
STREAM_ERROR_NO_SYN = -2,
|
||||
STREAM_ERROR_NO_SYN_ACK = -3,
|
||||
STREAM_ERROR_NO_DATA = -4,
|
||||
STREAM_ERROR_UNSUPPORTED_PROTOCOL = -5,
|
||||
STREAM_ERROR_INVALID_IP_HDR = -6,
|
||||
STREAM_ERROR_EXCEED_MTU = -7,
|
||||
//internal
|
||||
STREAM_ERROR_INVALID_ACTION = -8,
|
||||
STREAM_ERROR_SENDTO_TFE_FAIL = -9,
|
||||
STREAM_ERROR_TUPLE2STM_ADD_FAIL = -10,
|
||||
STREAM_ERROR_NO_TFE = -11,
|
||||
STREAM_ERROR_PME_INIT_FAIL= -12,
|
||||
STREAM_ERROR_DUP_TRAFFIC = -13,
|
||||
STREAM_ERROR_CMSG_ADD_FAIL = -14,
|
||||
};
|
||||
|
||||
struct http_project{
|
||||
@@ -85,8 +91,10 @@ struct pme_info{
|
||||
int maat_hit;
|
||||
enum kni_action action;
|
||||
int service;
|
||||
struct kni_tcpopt_info *client_tcpopt;
|
||||
struct kni_tcpopt_info *server_tcpopt;
|
||||
struct kni_tcpopt_info client_tcpopt;
|
||||
struct kni_tcpopt_info server_tcpopt;
|
||||
char has_syn;
|
||||
char has_syn_ack;
|
||||
uint16_t client_window;
|
||||
uint16_t server_window;
|
||||
int tfe_id;
|
||||
@@ -201,28 +209,36 @@ struct traceid2pme_search_cb_args{
|
||||
void *logger;
|
||||
};
|
||||
|
||||
static char* stream_errmsg_get(enum stream_error _errno){
|
||||
static char* stream_errmsg_session_record(enum stream_error _errno){
|
||||
switch(_errno){
|
||||
case STREAM_ERROR_PENDING_NO_SYN:
|
||||
return (char*)"pending not syn";
|
||||
case STREAM_ERROR_SINGLE_DIR:
|
||||
return (char*)"single dir";
|
||||
case STREAM_ERROR_PROTOCOL_UNKNOWN:
|
||||
return (char*)"protocol unknown";
|
||||
case STREAM_ERROR_ASYM_ROUTING:
|
||||
return (char*)"e_asym_routing";
|
||||
case STREAM_ERROR_NO_SYN:
|
||||
return (char*)"e_no_syn";
|
||||
case STREAM_ERROR_NO_SYN_ACK:
|
||||
return (char*)"no syn/ack";
|
||||
case STREAM_ERROR_INVALID_ACTION:
|
||||
return (char*)"invalid aciton";
|
||||
return (char*)"e_no_synack";
|
||||
case STREAM_ERROR_NO_DATA:
|
||||
return (char*)"no data";
|
||||
case STREAM_ERROR_IPHDR_PARSE_FAIL:
|
||||
return (char*)"ip header parse fail";
|
||||
return (char*)"e_no_data";
|
||||
case STREAM_ERROR_UNSUPPORTED_PROTOCOL:
|
||||
return (char*)"e_unsupported_protocol";
|
||||
case STREAM_ERROR_INVALID_IP_HDR:
|
||||
return (char*)"e_invalid_ip_hdr";
|
||||
case STREAM_ERROR_EXCEED_MTU:
|
||||
return (char*)"exceed mtu(1500)";
|
||||
return (char*)"e_exceed_mtu";
|
||||
case STREAM_ERROR_INVALID_ACTION:
|
||||
return (char*)"e_internal_1";
|
||||
case STREAM_ERROR_SENDTO_TFE_FAIL:
|
||||
return (char*)"sendto_tfe_fail";
|
||||
return (char*)"e_internal_2";
|
||||
case STREAM_ERROR_TUPLE2STM_ADD_FAIL:
|
||||
return (char*)"tuple2stm_add_fail";
|
||||
return (char*)"e_internal_3";
|
||||
case STREAM_ERROR_NO_TFE:
|
||||
return (char*)"e_internal_4";
|
||||
case STREAM_ERROR_PME_INIT_FAIL:
|
||||
return (char*)"e_internal_5";
|
||||
case STREAM_ERROR_DUP_TRAFFIC:
|
||||
return (char*)"e_internal_6";
|
||||
case STREAM_ERROR_CMSG_ADD_FAIL:
|
||||
return (char*)"e_internal_7";
|
||||
default:
|
||||
return (char*)"unknown error";
|
||||
}
|
||||
@@ -233,9 +249,10 @@ static int dup_traffic_dabloom_key_get(struct pkt_info *pktinfo, struct dup_traf
|
||||
struct tcphdr *tcphdr = pktinfo->tcphdr;
|
||||
key->seq = tcphdr->seq;
|
||||
key->ack_seq = tcphdr->ack_seq;
|
||||
struct kni_tcpopt_info* tcpopt = kni_get_tcpopt(tcphdr, pktinfo->tcphdr_len);
|
||||
key->timestamp = tcpopt->ts_value;
|
||||
FREE(&tcpopt);
|
||||
struct kni_tcpopt_info tcpopt;
|
||||
memset(&tcpopt, 0, sizeof(tcpopt));
|
||||
kni_get_tcpopt(&tcpopt, tcphdr, pktinfo->tcphdr_len);
|
||||
key->timestamp = tcpopt.ts_value;
|
||||
if(pktinfo->addr_type == ADDR_TYPE_IPV6){
|
||||
struct ip6_hdr *iphdr = pktinfo->iphdr.v6;
|
||||
memcpy(key->addr.v6.saddr, &(iphdr->ip6_src), sizeof(key->addr.v6.saddr));
|
||||
@@ -260,14 +277,6 @@ static void pme_info_destroy(void *data){
|
||||
struct pme_info *pmeinfo = (struct pme_info *)data;
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
if(pmeinfo != NULL){
|
||||
//free client_tcpopt
|
||||
if(pmeinfo->client_tcpopt != NULL){
|
||||
FREE(&(pmeinfo->client_tcpopt));
|
||||
}
|
||||
//free server tcpopt
|
||||
if(pmeinfo->server_tcpopt != NULL){
|
||||
FREE(&(pmeinfo->server_tcpopt));
|
||||
}
|
||||
//free layer_addr
|
||||
layer_addr_free(pmeinfo->addr);
|
||||
pmeinfo->addr=NULL;
|
||||
@@ -285,16 +294,17 @@ static void pme_info_destroy(void *data){
|
||||
}
|
||||
}
|
||||
|
||||
static struct pme_info* pme_info_new(const struct streaminfo *stream, int thread_seq){
|
||||
static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stream, int thread_seq){
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
struct pme_info* pmeinfo = ALLOC(struct pme_info, 1);
|
||||
pmeinfo->addr_type = (enum addr_type_t)stream->addr.addrtype;
|
||||
pmeinfo->ssl_cert_verify = -1;
|
||||
uuid_t uu;
|
||||
uuid_generate_random(uu);
|
||||
uuid_unparse(uu, pmeinfo->stream_traceid);
|
||||
pmeinfo->addr = layer_addr_dup(&(stream->addr));
|
||||
//uuid_t uu;
|
||||
//uuid_generate_random(uu);
|
||||
//uuid_unparse(uu, pmeinfo->stream_traceid);
|
||||
clock_gettime(CLOCK_REALTIME, &(pmeinfo->start_time));
|
||||
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%d%lld.%.9ld",
|
||||
thread_seq, (long long)pmeinfo->start_time.tv_sec, pmeinfo->start_time.tv_nsec);
|
||||
pmeinfo->addr = layer_addr_dup(&(stream->addr));
|
||||
char stream_addr[KNI_ADDR_MAX] = "";
|
||||
//init pme_lock
|
||||
int ret = pthread_mutex_init(&(pmeinfo->lock), NULL);
|
||||
@@ -309,11 +319,10 @@ static struct pme_info* pme_info_new(const struct streaminfo *stream, int thread
|
||||
kni_addr_trans_v4(stream->addr.tuple4_v4, stream_addr, sizeof(stream_addr));
|
||||
}
|
||||
KNI_LOG_INFO(logger, "stream addr = %s, stream traceid = %s", stream_addr, pmeinfo->stream_traceid);
|
||||
return pmeinfo;
|
||||
return 0;
|
||||
|
||||
error_out:
|
||||
pme_info_destroy(pmeinfo);
|
||||
return NULL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int log_generate(struct pme_info *pmeinfo, void *local_logger){
|
||||
@@ -388,7 +397,9 @@ static int log_generate(struct pme_info *pmeinfo, void *local_logger){
|
||||
//ssl downstream version: from tfe
|
||||
cJSON_AddStringToObject(log_obj, "ssl_client_side_version", pmeinfo->ssl_client_side_version);
|
||||
//ssl cert verify
|
||||
cJSON_AddNumberToObject(log_obj, "ssl_cert_verify", pmeinfo->ssl_cert_verify);
|
||||
if(pmeinfo->ssl_cert_verify != -1){
|
||||
cJSON_AddNumberToObject(log_obj, "ssl_cert_verify", pmeinfo->ssl_cert_verify);
|
||||
}
|
||||
|
||||
//direction: 0
|
||||
cJSON_AddNumberToObject(log_obj, "direction", 0);
|
||||
@@ -420,7 +431,7 @@ static int log_generate(struct pme_info *pmeinfo, void *local_logger){
|
||||
cJSON_AddNumberToObject(log_obj, "has_dup_traffic", pmeinfo->has_dup_traffic);
|
||||
//stream_error
|
||||
if(pmeinfo->error < 0){
|
||||
char *stream_errmsg = stream_errmsg_get(pmeinfo->error);
|
||||
char *stream_errmsg = stream_errmsg_session_record(pmeinfo->error);
|
||||
cJSON_AddStringToObject(log_obj, "stream_error", stream_errmsg);
|
||||
}
|
||||
int ret = -1;
|
||||
@@ -542,8 +553,8 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
char *trace_id = NULL;
|
||||
uint32_t seq = pktinfo->tcphdr->seq;
|
||||
uint32_t ack = pktinfo->tcphdr->ack_seq;
|
||||
uint16_t client_mss = htons(pmeinfo->client_tcpopt->mss);
|
||||
uint16_t server_mss = htons(pmeinfo->server_tcpopt->mss);
|
||||
uint16_t client_mss = htons(pmeinfo->client_tcpopt.mss);
|
||||
uint16_t server_mss = htons(pmeinfo->server_tcpopt.mss);
|
||||
uint16_t client_window = htons(pmeinfo->client_window);
|
||||
uint16_t server_window = htons(pmeinfo->server_window);
|
||||
//seq
|
||||
@@ -559,25 +570,25 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_MSS_SERVER, (const unsigned char*)&server_mss, 2, pmeinfo->stream_traceid);
|
||||
if(ret < 0) goto error_out;
|
||||
//both = 1, send to tfe
|
||||
if(pmeinfo->client_tcpopt->wscale_set && pmeinfo->server_tcpopt->wscale_set){
|
||||
if(pmeinfo->client_tcpopt.wscale_set && pmeinfo->server_tcpopt.wscale_set){
|
||||
//client wscale
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->wscale), 1, pmeinfo->stream_traceid);
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.wscale), 1, pmeinfo->stream_traceid);
|
||||
if(ret < 0) goto error_out;
|
||||
//server wscale
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->wscale), 1, pmeinfo->stream_traceid);
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.wscale), 1, pmeinfo->stream_traceid);
|
||||
if(ret < 0) goto error_out;
|
||||
}
|
||||
//client sack
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->sack), 1, pmeinfo->stream_traceid);
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.sack), 1, pmeinfo->stream_traceid);
|
||||
if(ret < 0) goto error_out;
|
||||
//server sack
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->sack), 1, pmeinfo->stream_traceid);
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.sack), 1, pmeinfo->stream_traceid);
|
||||
if(ret < 0) goto error_out;
|
||||
//client timestamp
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->ts_set), 1, pmeinfo->stream_traceid);
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.ts_set), 1, pmeinfo->stream_traceid);
|
||||
if(ret < 0) goto error_out;
|
||||
//server timestamp
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->ts_set), 1, pmeinfo->stream_traceid);
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.ts_set), 1, pmeinfo->stream_traceid);
|
||||
if(ret < 0) goto error_out;
|
||||
//protocol
|
||||
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (const unsigned char*)&protocol_type, 1, pmeinfo->stream_traceid);
|
||||
@@ -789,7 +800,7 @@ static int wrapped_kni_header_parse(const void *a_packet, struct pme_info *pmein
|
||||
char *errmsg = kni_ipv6_errmsg_get((enum kni_ipv6hdr_parse_error)ret);
|
||||
KNI_LOG_DEBUG(logger, "Stream error: failed at parse ipv6 header, errmsg = %s, stream treaceid = %s",
|
||||
errmsg, pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@@ -799,7 +810,7 @@ static int wrapped_kni_header_parse(const void *a_packet, struct pme_info *pmein
|
||||
char *errmsg = kni_ipv4_errmsg_get((enum kni_ipv4hdr_parse_error)ret);
|
||||
KNI_LOG_ERROR(logger, "Stream error: failed at parse ipv4 header, errmsg = %s, stream treaceid = %s",
|
||||
errmsg, pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@@ -928,15 +939,15 @@ static char pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo,
|
||||
struct pkt_info pktinfo;
|
||||
int ret = wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo);
|
||||
if(ret < 0){
|
||||
pmeinfo->error = STREAM_ERROR_IPHDR_PARSE_FAIL;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_INVALID_IP_HDR;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
if(!pktinfo.tcphdr->syn){
|
||||
//pending_opstate not syn, bypass and dropme
|
||||
KNI_LOG_DEBUG(logger, "Stream error: pending opstate, not syn, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SYN], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_PENDING_NO_SYN;
|
||||
pmeinfo->error = STREAM_ERROR_NO_SYN;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
|
||||
@@ -958,7 +969,8 @@ static char pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo,
|
||||
}
|
||||
}
|
||||
pmeinfo->client_window = ntohs(pktinfo.tcphdr->window);
|
||||
pmeinfo->client_tcpopt = kni_get_tcpopt(pktinfo.tcphdr, pktinfo.tcphdr_len);
|
||||
pmeinfo->has_syn = 1;
|
||||
kni_get_tcpopt(&(pmeinfo->client_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len);
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
@@ -1036,6 +1048,22 @@ static void traceid2pme_htable_del(struct pme_info *pmeinfo){
|
||||
}
|
||||
|
||||
static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, char *stream_addr, int thread_seq){
|
||||
//dup_traffic_check
|
||||
if(g_kni_handle->dup_traffic_switch == 1){
|
||||
//has dup traffic
|
||||
if(pmeinfo->has_dup_syn == 1 || pmeinfo->has_dup_syn_ack == 1){
|
||||
pmeinfo->has_dup_traffic = 1;
|
||||
}
|
||||
if(pmeinfo->has_dup_traffic == 1){
|
||||
if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
|
||||
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Stream error: stream has dup traffic, dup_traffic_action = bypass, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->intercept_state=0;
|
||||
pmeinfo->error = STREAM_ERROR_DUP_TRAFFIC;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
}
|
||||
}
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
int ret;
|
||||
//only intercept: add to tuple2stream_htable
|
||||
@@ -1043,6 +1071,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
if(ret < 0){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1);
|
||||
KNI_LOG_DEBUG(logger, "Stream error: tuple2stm add fail, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
pmeinfo->intercept_state=0;
|
||||
pmeinfo->error = STREAM_ERROR_TUPLE2STM_ADD_FAIL;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
@@ -1051,15 +1080,22 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
traceid2pme_htable_add(pmeinfo);
|
||||
//action = KNI_ACTION_INTERCEPT, sendto tfe
|
||||
int len = 0;
|
||||
//add cmsg
|
||||
char *buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len);
|
||||
if(buff == NULL){
|
||||
KNI_LOG_ERROR(logger, "Failed at add cmsg to packet, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "Stream error: failed at add cmsg to packet, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
pmeinfo->error = STREAM_ERROR_CMSG_ADD_FAIL;
|
||||
pmeinfo->intercept_state=0;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1);
|
||||
FREE(&buff);
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
//send to tfe
|
||||
ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
|
||||
if(ret < 0){
|
||||
KNI_LOG_DEBUG(logger, "Stream error: failed at send first packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->intercept_state=0;
|
||||
pmeinfo->error = STREAM_ERROR_SENDTO_TFE_FAIL;
|
||||
FREE(&buff);
|
||||
tuple2stream_htable_del(g_kni_handle->threads_handle[thread_seq].tuple2stream_htable, stream);
|
||||
@@ -1070,6 +1106,28 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid);
|
||||
}
|
||||
FREE(&buff);
|
||||
//fs stat
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
|
||||
//ipv4 or ipv6
|
||||
if(stream->addr.addrtype == ADDR_TYPE_IPV6){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
else{
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
//http or ssl
|
||||
if(pmeinfo->protocol == KNI_PROTOCOL_SSL){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SSL_STM], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
if(pmeinfo->protocol == KNI_PROTOCOL_HTTP){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
//dup_traffic_stm
|
||||
if(pmeinfo->has_dup_traffic == 1){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
|
||||
KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
|
||||
}
|
||||
return APP_STATE_DROPPKT | APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
@@ -1085,7 +1143,7 @@ static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
else{
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
|
||||
if(ret == 1){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_HIT], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
|
||||
@@ -1110,7 +1168,7 @@ static int dabloom_add(struct pkt_info *pktinfo, int thread_seq){
|
||||
KNI_LOG_ERROR(logger, "Failed at expiry_dablooms_add, errmsg = %s", expiry_dablooms_errno_trans((enum expiry_dablooms_errno)ret));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC], 0, FS_OP_ADD, 1);
|
||||
uint64_t count = 0;
|
||||
expiry_dablooms_element_count_get(g_kni_handle->threads_handle[thread_seq].dabloom_handle, &count);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->line_ids[0], g_kni_fs_handle->column_ids[thread_seq], FS_OP_SET, count);
|
||||
@@ -1144,8 +1202,8 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
struct pkt_info pktinfo;
|
||||
ret = wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo);
|
||||
if(ret < 0){
|
||||
pmeinfo->error = STREAM_ERROR_IPHDR_PARSE_FAIL;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_INVALID_IP_HDR;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
//pmeinfo->action has only 3 value: KNI_ACTION_NONE, KNI_ACTION_INTERCEPT, KNI_ACTION_BYPASS
|
||||
@@ -1156,7 +1214,7 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
case KNI_ACTION_NONE:
|
||||
break;
|
||||
case KNI_ACTION_INTERCEPT:
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
|
||||
//search dabloom
|
||||
if(g_kni_handle->dup_traffic_switch == 1){
|
||||
if(pmeinfo->has_dup_traffic == 1){
|
||||
@@ -1180,6 +1238,9 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
else{
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
|
||||
}
|
||||
return APP_STATE_DROPPKT | APP_STATE_GIVEME;
|
||||
case KNI_ACTION_BYPASS:
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
@@ -1197,7 +1258,8 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
// syn/ack
|
||||
if(pktinfo.tcphdr->syn && pktinfo.tcphdr->ack){
|
||||
pmeinfo->server_window = ntohs(pktinfo.tcphdr->window);
|
||||
pmeinfo->server_tcpopt = kni_get_tcpopt(pktinfo.tcphdr, pktinfo.tcphdr_len);
|
||||
pmeinfo->has_syn_ack = 1;
|
||||
kni_get_tcpopt(&(pmeinfo->server_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len);
|
||||
//dup traffic detect
|
||||
if(g_kni_handle->dup_traffic_switch == 1){
|
||||
if(pmeinfo->syn_ack_packet == NULL){
|
||||
@@ -1223,9 +1285,9 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
}
|
||||
//not double dir, bypass and dropme
|
||||
if(stream->dir != DIR_DOUBLE){
|
||||
KNI_LOG_DEBUG(logger, "Stream error: single dir = %d, stream traceid = %s", stream->dir, pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SINGLE_DIR], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_SINGLE_DIR;
|
||||
KNI_LOG_DEBUG(logger, "Stream error: asym routing, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_ASYM_ROUTING], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_ASYM_ROUTING;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
struct protocol_identify_result protocol_identify_res;
|
||||
@@ -1236,46 +1298,26 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
//can not identify protocol from first data packet, bypass and dropme
|
||||
case KNI_PROTOCOL_UNKNOWN:
|
||||
KNI_LOG_DEBUG(logger, "Stream error: failed at protocol_identify, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_PROTO_UNKNOWN], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_PROTOCOL_UNKNOWN;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_UNSUPPORTED_PROTOCOL;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
case KNI_PROTOCOL_SSL:
|
||||
strncpy(pmeinfo->domain.sni, protocol_identify_res.domain, strnlen(protocol_identify_res.domain, sizeof(pmeinfo->domain.sni) - 1));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SSL_STM], 0, FS_OP_ADD, 1);
|
||||
break;
|
||||
case KNI_PROTOCOL_HTTP:
|
||||
strncpy(pmeinfo->domain.host, protocol_identify_res.domain, strnlen(protocol_identify_res.domain, sizeof(pmeinfo->domain.host) - 1));
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
//receive client hello, but no syn/ack, bypass and dropme
|
||||
if(pmeinfo->client_tcpopt == NULL || pmeinfo->server_tcpopt == NULL){
|
||||
KNI_LOG_DEBUG(logger, "Stream error: %s, %s, stream traceid = %s", pmeinfo->client_tcpopt == NULL ? "no syn" : "have syn",
|
||||
pmeinfo->server_tcpopt == NULL ? "no syn/ack" : "have syn/ack", pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SA], 0, FS_OP_ADD, 1);
|
||||
if(pmeinfo->has_syn == 0 || pmeinfo->has_syn_ack == 0){
|
||||
KNI_LOG_DEBUG(logger, "Stream error: %s, %s, stream traceid = %s", pmeinfo->has_syn == 0 ? "no syn" : "have syn",
|
||||
pmeinfo->has_syn_ack == 0 ? "no syn/ack" : "have syn/ack", pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SYN_ACK], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_NO_SYN_ACK;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
//dup_traffic_check
|
||||
if(g_kni_handle->dup_traffic_switch == 1){
|
||||
//has dup traffic
|
||||
if(pmeinfo->has_dup_syn == 1 || pmeinfo->has_dup_syn_ack == 1){
|
||||
pmeinfo->has_dup_traffic = 1;
|
||||
}
|
||||
if(pmeinfo->has_dup_traffic == 1){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
|
||||
KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
|
||||
if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
|
||||
pmeinfo->action = KNI_ACTION_BYPASS;
|
||||
pmeinfo->intercept_state=0;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_DUP_TFC], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME; //GIVEME: for session record
|
||||
}
|
||||
}
|
||||
}
|
||||
pmeinfo->action = intercept_policy_scan(g_kni_handle->maat_handle, (struct ipaddr*)(&stream->addr),
|
||||
protocol_identify_res.domain, protocol_identify_res.domain_len,
|
||||
thread_seq, &(pmeinfo->policy_id), &(pmeinfo->do_log), &(pmeinfo->maat_hit));
|
||||
@@ -1285,12 +1327,6 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
stream_addr, protocol_identify_res.domain, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->maat_hit, pmeinfo->stream_traceid);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_STM], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
|
||||
if(stream->addr.addrtype == ADDR_TYPE_IPV6){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
else{
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1);
|
||||
}
|
||||
switch(pmeinfo->action){
|
||||
case KNI_ACTION_BYPASS:
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_POLICY], 0, FS_OP_ADD, 1);
|
||||
@@ -1299,14 +1335,12 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME; //GIVEME: for session record
|
||||
case KNI_ACTION_INTERCEPT:
|
||||
pmeinfo->intercept_state=1;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_STM], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
|
||||
return first_data_intercept(stream, pmeinfo, &pktinfo, stream_addr, thread_seq);
|
||||
default:
|
||||
//action != intercept && action != bypass,bypass and dropme
|
||||
KNI_LOG_DEBUG(logger, "Stream error: action %d(%s) = invalid: policy_id = %d, stream traceid = %s, domain = ",
|
||||
pmeinfo->action, action_str, pmeinfo->policy_id, pmeinfo->stream_traceid, protocol_identify_res.domain);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_ACTION_INVALID], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_ACTION], 0, FS_OP_ADD, 1);
|
||||
pmeinfo->error = STREAM_ERROR_INVALID_ACTION;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
@@ -1356,28 +1390,31 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
||||
close: a_packet may be null, if a_packet = null, do not send to tfe
|
||||
*/
|
||||
if(a_packet == NULL && stream->pktstate != OP_STATE_CLOSE){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1);
|
||||
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
}
|
||||
int tfe_id = -1;
|
||||
switch(stream->pktstate){
|
||||
case OP_STATE_PENDING:
|
||||
tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
|
||||
if(tfe_id < 0){
|
||||
KNI_LOG_ERROR(logger, "No alive tfe available, bypass and dropme");
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_NO_TFE], 0, FS_OP_ADD, 1);
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
*pme = pmeinfo = pme_info_new(stream, thread_seq);
|
||||
if(pmeinfo == NULL){
|
||||
KNI_LOG_ERROR(logger, "Failed at new pmeinfo, bypass and dropme");
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_PME_NEW_FAIL], 0, FS_OP_ADD, 1);
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
pmeinfo->tfe_id = tfe_id;
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_PENDING], 0, FS_OP_ADD, 1);
|
||||
pmeinfo = ALLOC(struct pme_info, 1);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_PME_NEW_SUCC], 0, FS_OP_ADD, 1);
|
||||
*pme = pmeinfo;
|
||||
//stream error: pme init fail
|
||||
ret = pme_info_init(pmeinfo, stream, thread_seq);
|
||||
if(ret < 0){
|
||||
KNI_LOG_DEBUG(logger, "Stream error: fail at pme_info_init, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
pmeinfo->error = STREAM_ERROR_PME_INIT_FAIL;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_PME_INIT_FAIL], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
}
|
||||
//stream error: no tfe
|
||||
pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
|
||||
if(pmeinfo->tfe_id < 0){
|
||||
KNI_LOG_DEBUG(logger, "Stream error: no available tfe, stream traceid = %s", pmeinfo->stream_traceid);
|
||||
pmeinfo->error = STREAM_ERROR_NO_TFE;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_TFE], 0, FS_OP_ADD, 1);
|
||||
goto error_out;
|
||||
}
|
||||
ret = pending_opstate(stream, pmeinfo, a_packet, thread_seq);
|
||||
if(pmeinfo->error < 0){
|
||||
goto error_out;
|
||||
@@ -1392,6 +1429,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
||||
break;
|
||||
case OP_STATE_CLOSE:
|
||||
//sapp stream close
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_CLOSE], 0, FS_OP_ADD, 1);
|
||||
ret = close_opstate(stream, pmeinfo, thread_seq);
|
||||
if(pmeinfo->error < 0){
|
||||
goto error_out;
|
||||
@@ -1399,7 +1437,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
|
||||
break;
|
||||
default:
|
||||
ret = APP_STATE_FAWPKT | APP_STATE_GIVEME;
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1);
|
||||
KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid = %s", stream->pktstate, pmeinfo->stream_traceid);
|
||||
break;
|
||||
}
|
||||
@@ -1423,7 +1461,7 @@ error_out:
|
||||
pmeinfo->policy_id = -1;
|
||||
stream_destroy(pmeinfo, 1);
|
||||
}
|
||||
return ret;
|
||||
return APP_STATE_FAWPKT | APP_STATE_DROPME;
|
||||
}
|
||||
|
||||
void http_project_free(int thread_seq, void *project_req_value){
|
||||
@@ -1492,7 +1530,7 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h
|
||||
if(ret < 0){
|
||||
char *errmsg = kni_ipv6_errmsg_get((enum kni_ipv6hdr_parse_error)ret);
|
||||
KNI_LOG_ERROR(logger, "failed at parse ipv6 header, errmsg = %s", errmsg);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
return -1;
|
||||
}
|
||||
struct stream_tuple4_v6 key;
|
||||
@@ -1506,7 +1544,7 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h
|
||||
if(ret < 0){
|
||||
char *errmsg = kni_ipv4_errmsg_get((enum kni_ipv4hdr_parse_error)ret);
|
||||
KNI_LOG_ERROR(logger, "failed at parse ipv4 header, errmsg = %s", errmsg);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
|
||||
return -1;
|
||||
}
|
||||
struct stream_tuple4_v4 key;
|
||||
@@ -1516,10 +1554,10 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h
|
||||
}
|
||||
if(value == NULL){
|
||||
KNI_LOG_ERROR(logger, "MESA_htable: failed at search, key = %s", key_str);
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL], 0, FS_OP_ADD, 1);
|
||||
return -1;
|
||||
}
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
|
||||
//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
|
||||
unsigned char dir = value->route_dir;
|
||||
if(reversed != value->reversed){
|
||||
dir = MESA_dir_reverse(dir);
|
||||
@@ -1882,60 +1920,71 @@ static struct kni_field_stat_handle * fs_init(const char *profile){
|
||||
FS_set_para(handle, MAX_STAT_FIELD_NUM, &value, sizeof(value));
|
||||
fs_handle = ALLOC(struct kni_field_stat_handle, 1);
|
||||
fs_handle->handle = handle;
|
||||
|
||||
//bypass stream
|
||||
fs_handle->fields[KNI_FIELD_BYP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_stm");
|
||||
fs_handle->fields[KNI_FIELD_BYP_STM_POLICY] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_policy");
|
||||
fs_handle->fields[KNI_FIELD_BYP_STM_PME_NEW_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_pme_new_F");
|
||||
fs_handle->fields[KNI_FIELD_BYP_STM_NO_TFE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_no_tfe");
|
||||
fs_handle->fields[KNI_FIELD_BYP_STM_DUP_TFC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_dup_tfc");
|
||||
fs_handle->fields[KNI_FIELD_BYP_STM_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_stm_err");
|
||||
//stream error
|
||||
fs_handle->fields[KNI_FIELD_STMERR_NO_SYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_syn");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_SINGLE_DIR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_sig_dir");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_PROTO_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_pro_unknow");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_NO_SA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_s/a");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_ACTION_INVALID] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_act_invaid");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_NO_DATA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_data");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_ip_hdr");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_EXCEED_MTU] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_exced_mtu");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_tfe_tx");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_tup2stmAdd");
|
||||
//others
|
||||
fs_handle->fields[KNI_FIELD_NULL_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "null_pkt");
|
||||
fs_handle->fields[KNI_FIELD_STATE_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "state_unknow");
|
||||
fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_stm");
|
||||
fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_B");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_ASYM_ROUTING] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_asym_route");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_NO_SYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_syn");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_NO_SYN_ACK] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_s/a");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_NO_DATA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_data");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_unspt_pro");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_ip_hdr");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_EXCEED_MTU] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_exc_mtu");
|
||||
//stream error: internal error
|
||||
fs_handle->fields[KNI_FIELD_STMERR_INVALID_ACTION] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_invaid_act");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tfe_tx");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_add");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_NO_TFE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_tfe");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_PME_INIT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_pme_init");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_DUP_TRAFFIC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_dup_tfc");
|
||||
fs_handle->fields[KNI_FIELD_STMERR_CMSG_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_cmsg_add");
|
||||
|
||||
//intercept stream
|
||||
fs_handle->fields[KNI_FIELD_INTCP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_stm");
|
||||
fs_handle->fields[KNI_FIELD_INTCP_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_B");
|
||||
fs_handle->fields[KNI_FIELD_IPV4_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv4_stm");
|
||||
fs_handle->fields[KNI_FIELD_IPV6_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv6_stm");
|
||||
fs_handle->fields[KNI_FIELD_SSL_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ssl_stm");
|
||||
fs_handle->fields[KNI_FIELD_HTTP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "http_stm");
|
||||
fs_handle->fields[KNI_FIELD_SENDLOG_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_S");
|
||||
fs_handle->fields[KNI_FIELD_SENDLOG_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_F");
|
||||
fs_handle->fields[KNI_FIELD_PME_NEW_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new");
|
||||
fs_handle->fields[KNI_FIELD_PME_FREE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_free");
|
||||
//intercept traffic stat
|
||||
fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_stm");
|
||||
fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_B");
|
||||
|
||||
//intercept ready stream
|
||||
fs_handle->fields[KNI_FIELD_INTCP_READY_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_rdy_stm");
|
||||
fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_rdy_B");
|
||||
fs_handle->fields[KNI_FIELD_TX_TFE_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tx_tfe_stm");
|
||||
fs_handle->fields[KNI_FIELD_TX_TFE_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tx_tfe_B");
|
||||
|
||||
//pme
|
||||
fs_handle->fields[KNI_FIELD_PME_NEW_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new");
|
||||
fs_handle->fields[KNI_FIELD_PME_FREE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_free");
|
||||
|
||||
//errors
|
||||
fs_handle->fields[KNI_FIELD_SENDLOG_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_sendlog");
|
||||
fs_handle->fields[KNI_FIELD_ID2PME_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_id2pme_add");
|
||||
fs_handle->fields[KNI_FIELD_ID2PME_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_id2pme_del");
|
||||
fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_add");
|
||||
fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_del");
|
||||
fs_handle->fields[KNI_FIELD_SAPP_INJECT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_sapp_inject");
|
||||
fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_bloom_srch");
|
||||
fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_bloom_add");
|
||||
|
||||
//htable
|
||||
fs_handle->fields[KNI_FIELD_ID2PME_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_add_S");
|
||||
fs_handle->fields[KNI_FIELD_ID2PME_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_add_F");
|
||||
fs_handle->fields[KNI_FIELD_ID2PME_DEL_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_del_S");
|
||||
fs_handle->fields[KNI_FIELD_ID2PME_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_del_F");
|
||||
fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_add_S");
|
||||
fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_add_F");
|
||||
fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_del_S");
|
||||
fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_del_F");
|
||||
fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_srch_S");
|
||||
fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_srch_F");
|
||||
|
||||
//sendlog
|
||||
fs_handle->fields[KNI_FIELD_SENDLOG_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_S");
|
||||
|
||||
//sapp_inject
|
||||
fs_handle->fields[KNI_FIELD_SAPP_INJECT_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sapp_inject_S");
|
||||
fs_handle->fields[KNI_FIELD_SAPP_INJECT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sapp_inject_F");
|
||||
fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_srch_S");
|
||||
|
||||
//dabloom
|
||||
fs_handle->fields[KNI_FIELD_BLOOM_HIT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_hit");
|
||||
fs_handle->fields[KNI_FIELD_BLOOM_MISS] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_miss");
|
||||
fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_srch_F");
|
||||
fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_add_S");
|
||||
fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_add_F");
|
||||
if(g_kni_handle->deploy_mode == KNI_DEPLOY_MODE_NORMAL){
|
||||
for(int i = 0; i < g_kni_handle->marsio_handle->tfe_enabled_node_count; i++){
|
||||
int tfe_id = g_kni_handle->marsio_handle->tfe_enabled_nodes[i].tfe_id;
|
||||
@@ -2022,7 +2071,22 @@ int dup_traffic_dabloom_init(const char *profile, void *logger){
|
||||
return 0;
|
||||
}
|
||||
|
||||
void my_handler(int s){
|
||||
printf("Caught signal %d\n",s);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
int register_signal_handle(){
|
||||
struct sigaction sigIntHandler;
|
||||
sigIntHandler.sa_handler = my_handler;
|
||||
sigemptyset(&sigIntHandler.sa_mask);
|
||||
sigIntHandler.sa_flags = 0;
|
||||
sigaction(SIGINT, &sigIntHandler, NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
extern "C" int kni_init(){
|
||||
register_signal_handle();
|
||||
char *kni_git_verison = (char*)KNI_GIT_VERSION;
|
||||
const char *profile = "./etc/kni/kni.conf";
|
||||
const char *section = "global";
|
||||
|
||||
Reference in New Issue
Block a user