715 lines
22 KiB
C
715 lines
22 KiB
C
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <ctype.h>
|
|
#include <stdarg.h>
|
|
#include <assert.h>
|
|
#include <arpa/inet.h>
|
|
#include "stream.h"
|
|
#include "MESA_prof_load.h"
|
|
#include "MESA_handle_logger.h"
|
|
#include "field_stat2.h"
|
|
#include "kni_entry.h"
|
|
#include "kni_comm.h"
|
|
|
|
|
|
|
|
char* kni_memncasemem(const char *strsrc,int len1,const char *substr,int len2)
|
|
{
|
|
|
|
char *p1,*p2,*pend;
|
|
unsigned char *p;
|
|
unsigned char *substrS;
|
|
int i,lenth;
|
|
|
|
if((strsrc==NULL)||substr==NULL)
|
|
return NULL;
|
|
if(len1<len2) return NULL;
|
|
|
|
lenth=len2;
|
|
substrS=(unsigned char *)malloc(sizeof(unsigned char)*(lenth+1));
|
|
if(substrS==NULL)
|
|
return NULL;
|
|
for(i=0;i<lenth;i++)
|
|
{
|
|
substrS[i]=tolower(*(substr+i));
|
|
}
|
|
substrS[lenth]=0;
|
|
|
|
lenth=len1;
|
|
pend =(char *)strsrc + lenth;
|
|
for(p1 =(char *) strsrc; p1 != pend;p1++)
|
|
{
|
|
for(p2 = p1,p = substrS;*p != '\0'&& p2 != pend;p++,p2++)
|
|
{
|
|
if(tolower(*p2) != *p)
|
|
break;
|
|
}
|
|
if(*p == '\0')
|
|
{
|
|
free(substrS);
|
|
return p1;
|
|
}
|
|
}
|
|
|
|
free(substrS);
|
|
return NULL;
|
|
}
|
|
|
|
|
|
|
|
int kni_log_info(const char* module,const struct layer_addr* addr,unsigned short protocol,char* domain,char* scan_result,char* action,struct kni_pme_info* pmeinfo)
|
|
{
|
|
unsigned short sport=0;
|
|
unsigned short dport=0;
|
|
char saddr_str[INET6_ADDRSTRLEN ]={0};
|
|
char daddr_str[INET6_ADDRSTRLEN ]={0};
|
|
|
|
|
|
if(addr->addrtype == ADDR_TYPE_IPV4)
|
|
{
|
|
sport = ntohs(addr->tuple4_v4->source);
|
|
dport = ntohs(addr->tuple4_v4->dest);
|
|
inet_ntop(AF_INET, (void *)&(addr->tuple4_v4->saddr), saddr_str, INET_ADDRSTRLEN);
|
|
inet_ntop(AF_INET, (void *)&(addr->tuple4_v4->daddr), daddr_str, INET_ADDRSTRLEN);
|
|
}
|
|
else if(addr->addrtype == ADDR_TYPE_IPV6)
|
|
{
|
|
sport = ntohs(addr->tuple4_v6->source);
|
|
dport = ntohs(addr->tuple4_v6->dest);
|
|
inet_ntop(AF_INET6, (void *)&(addr->tuple4_v6->saddr), saddr_str, INET6_ADDRSTRLEN);
|
|
inet_ntop(AF_INET6, (void *)&(addr->tuple4_v6->daddr), daddr_str, INET6_ADDRSTRLEN);
|
|
}
|
|
else
|
|
{
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr->type is %d",addr->addrtype);
|
|
return -1;
|
|
}
|
|
|
|
|
|
|
|
if(protocol==KNI_FLAG_HTTP)
|
|
{
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,%s,domain:%s,%s,%s,config_id:%d,keyring_id:%d,c_fd:%d,s_fd:%d",
|
|
saddr_str,sport,daddr_str,dport,"HTTP",domain,scan_result,action,pmeinfo->cfg_id,pmeinfo->keyring_id,pmeinfo->client_fd,pmeinfo->server_fd);
|
|
}
|
|
else if(protocol==KNI_FLAG_SSL)
|
|
{
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,%s,domain:%s,%s,%s,config_id:%d,keyring_id:%d,c_fd:%d,s_fd:%d",
|
|
saddr_str,sport,daddr_str,dport,"SSL",domain,scan_result,action,pmeinfo->cfg_id,pmeinfo->keyring_id,pmeinfo->client_fd,pmeinfo->server_fd);
|
|
}
|
|
else
|
|
{
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_INFO,module,"addr:%s,%d,%s,%d,domain:%s,%s,%s,config_id:%d",saddr_str,sport,daddr_str,dport,domain,scan_result,action,pmeinfo->cfg_id);
|
|
}
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int kni_log_debug(int level, const char* module,const void* a_packet,const char* format,...)
|
|
{
|
|
if(level<g_kni_comminfo.logger_level)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
|
|
|
|
unsigned short sport=0;
|
|
unsigned short dport=0;
|
|
char saddr_str[INET6_ADDRSTRLEN ]={0};
|
|
char daddr_str[INET6_ADDRSTRLEN ]={0};
|
|
|
|
int protocol=0;
|
|
struct ip* ipv4_hdr = (struct ip*)a_packet;
|
|
struct kni_ipv6_hdr* ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
|
|
struct kni_tcp_hdr* tcphdr=NULL;
|
|
struct kni_udp_hdr* udphdr=NULL;
|
|
|
|
|
|
char buf[4096] = {0};
|
|
va_list list;
|
|
|
|
va_start(list, format);
|
|
vsnprintf(buf, 4069, format, list);
|
|
va_end(list);
|
|
|
|
|
|
if(a_packet == NULL)
|
|
{
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"%s",buf);
|
|
return 0;
|
|
}
|
|
|
|
|
|
|
|
if(ipv4_hdr->ip_v==4)
|
|
{
|
|
tcphdr=(struct kni_tcp_hdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));
|
|
udphdr=(struct kni_udp_hdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));
|
|
|
|
inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_src).s_addr), saddr_str, INET_ADDRSTRLEN);
|
|
inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_dst).s_addr), daddr_str, INET_ADDRSTRLEN);
|
|
|
|
protocol = ipv4_hdr->ip_p;
|
|
|
|
}
|
|
else if((ipv6_hdr->ip6_flags[0] & 0xF0) == 0x60)
|
|
{
|
|
if(ipv6_hdr->ip6_nex_hdr != NEXTHDR_TCP)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
tcphdr =(struct kni_tcp_hdr*)( (unsigned char*)ipv6_hdr + sizeof(struct kni_ipv6_hdr));
|
|
udphdr =(struct kni_udp_hdr*)( (unsigned char*)ipv6_hdr + sizeof(struct kni_ipv6_hdr));
|
|
|
|
inet_ntop(AF_INET6, (void *)&(ipv6_hdr->ip6_src), saddr_str, INET6_ADDRSTRLEN);
|
|
inet_ntop(AF_INET6, (void *)&(ipv6_hdr->ip6_dst), daddr_str, INET6_ADDRSTRLEN);
|
|
|
|
protocol= ipv6_hdr->ip6_nex_hdr;
|
|
|
|
}
|
|
|
|
if(protocol == PROTO_TYPE_TCP)
|
|
{
|
|
sport=ntohs(tcphdr->th_sport);
|
|
dport=ntohs(tcphdr->th_dport);
|
|
}
|
|
else if(protocol == PROTO_TYPE_UDP)
|
|
{
|
|
sport=ntohs(udphdr->uh_sport);
|
|
dport=ntohs(udphdr->uh_dport);
|
|
}
|
|
|
|
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"addr:%s,%d,%s,%d %s",saddr_str,sport,daddr_str,dport,buf);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int kni_log_debug_bak(int level,const char* module,const void* a_packet,char* content)
|
|
{
|
|
unsigned short sport=0;
|
|
unsigned short dport=0;
|
|
char saddr_str[INET6_ADDRSTRLEN ]={0};
|
|
char daddr_str[INET6_ADDRSTRLEN ]={0};
|
|
|
|
struct ip* ipv4_hdr = (struct ip*)a_packet;
|
|
struct kni_ipv6_hdr* ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
|
|
struct tcphdr* tcphdr = NULL;
|
|
|
|
if(ipv4_hdr->ip_v==4)
|
|
{
|
|
tcphdr=(struct tcphdr*)((char*)ipv4_hdr+4*(ipv4_hdr->ip_hl));
|
|
|
|
inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_src).s_addr), saddr_str, INET_ADDRSTRLEN);
|
|
inet_ntop(AF_INET, (void *)&((ipv4_hdr->ip_dst).s_addr), daddr_str, INET_ADDRSTRLEN);
|
|
|
|
}
|
|
else if((ipv6_hdr->ip6_flags[0] & 0xF0) == 0x60)
|
|
{
|
|
if(ipv6_hdr->ip6_nex_hdr != NEXTHDR_TCP)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
tcphdr =(struct tcphdr*)( (unsigned char*)ipv6_hdr + sizeof(struct kni_ipv6_hdr));
|
|
|
|
inet_ntop(AF_INET, (void *)&(ipv6_hdr->ip6_src), saddr_str, INET6_ADDRSTRLEN);
|
|
inet_ntop(AF_INET, (void *)&(ipv6_hdr->ip6_dst), daddr_str, INET6_ADDRSTRLEN);
|
|
|
|
}
|
|
|
|
sport=ntohs(tcphdr->source);
|
|
dport=ntohs(tcphdr->dest);
|
|
|
|
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,level,module,"addr:%s,%d,%s,%d %s",saddr_str,sport,daddr_str,dport,content);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
/****************************************************************************
|
|
if(sport<dport) server=s
|
|
else if((sport==dport)&&(sip<dip)) server=s
|
|
else server=d
|
|
****************************************************************************/
|
|
int kni_get_ipaddr_v4(void* a_packet,struct stream_tuple4_v4* ipaddr)
|
|
{
|
|
int reverse_flag=0;
|
|
|
|
unsigned short sport=0;
|
|
unsigned short dport =0;
|
|
|
|
struct ip* iphdr=(struct ip*)a_packet;
|
|
struct tcphdr* tcphdr=NULL;
|
|
|
|
iphdr=(struct ip*)a_packet;
|
|
tcphdr=(struct tcphdr*)((char*)iphdr+4*(iphdr->ip_hl));
|
|
|
|
sport=ntohs(tcphdr->source);
|
|
dport=ntohs(tcphdr->dest);
|
|
|
|
if((sport<dport)||((sport==dport)&&(ntohl((iphdr->ip_src).s_addr)<ntohl((iphdr->ip_dst).s_addr))))
|
|
{
|
|
reverse_flag=1;
|
|
}
|
|
|
|
if(reverse_flag==1)
|
|
{
|
|
ipaddr->saddr=(iphdr->ip_dst).s_addr;
|
|
ipaddr->daddr=(iphdr->ip_src).s_addr;
|
|
ipaddr->source=tcphdr->dest;
|
|
ipaddr->dest=tcphdr->source;
|
|
}
|
|
else
|
|
{
|
|
ipaddr->saddr=(iphdr->ip_src).s_addr;
|
|
ipaddr->daddr=(iphdr->ip_dst).s_addr;
|
|
ipaddr->source=tcphdr->source;
|
|
ipaddr->dest=tcphdr->dest;
|
|
}
|
|
|
|
|
|
return reverse_flag;
|
|
}
|
|
|
|
|
|
|
|
/****************************************************************************
|
|
if(sport<dport) server=s
|
|
else if((sport==dport)&&(sip<dip)) server=s
|
|
else server=d
|
|
****************************************************************************/
|
|
int kni_get_ipaddr_v6(void* a_packet,struct stream_tuple4_v6* ipaddr)
|
|
{
|
|
int reverse_flag=0;
|
|
|
|
unsigned short sport=0;
|
|
unsigned short dport =0;
|
|
|
|
struct kni_ipv6_hdr* ipv6_hdr=(struct kni_ipv6_hdr*)a_packet;
|
|
struct tcphdr* tcphdr=(struct tcphdr*)((unsigned char*)a_packet+sizeof(struct kni_ipv6_hdr));
|
|
|
|
sport=ntohs(tcphdr->source);
|
|
dport=ntohs(tcphdr->dest);
|
|
|
|
if(sport<dport)
|
|
{
|
|
reverse_flag=1;
|
|
}
|
|
|
|
if(reverse_flag==1)
|
|
{
|
|
memcpy(ipaddr->saddr, ipv6_hdr->ip6_dst.s6_addr32, sizeof(ipaddr->saddr));
|
|
memcpy(ipaddr->daddr, ipv6_hdr->ip6_src.s6_addr32, sizeof(ipaddr->daddr));
|
|
ipaddr->source=tcphdr->dest;
|
|
ipaddr->dest=tcphdr->source;
|
|
}
|
|
else
|
|
{
|
|
memcpy(ipaddr->saddr, ipv6_hdr->ip6_src.s6_addr32, sizeof(ipaddr->saddr));
|
|
memcpy(ipaddr->daddr, ipv6_hdr->ip6_dst.s6_addr32, sizeof(ipaddr->daddr));
|
|
ipaddr->source=tcphdr->source;
|
|
ipaddr->dest=tcphdr->dest;
|
|
}
|
|
|
|
|
|
return reverse_flag;
|
|
}
|
|
|
|
int kni_get_tcpinfo(struct kni_wndpro_reply_info* lastpkt_info,struct kni_tcp_hdr* tcphdr,int tcplen)
|
|
{
|
|
lastpkt_info->seq=ntohl(tcphdr->th_seq);
|
|
lastpkt_info->ack=ntohl(tcphdr->th_ack);
|
|
lastpkt_info->len=tcplen;
|
|
lastpkt_info->wndsize=ntohs(tcphdr->th_win);
|
|
|
|
if(tcphdr->th_flags&TH_SYN)
|
|
{
|
|
lastpkt_info->syn_flag=1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
#include <netinet/tcp.h>
|
|
void kni_get_tcpopt(struct kni_tcp_hdr* tcphdr,int tcp_hdr_len,
|
|
unsigned short* mss, unsigned char* wscale_perm, unsigned char* wscale, unsigned char* sack, unsigned char* timestamps)
|
|
{
|
|
*mss=KNI_DEFAULT_MSS;
|
|
*wscale=KNI_DEFAULT_WINSCLE;
|
|
|
|
const unsigned char *ptr = ((const unsigned char*)tcphdr+TCPHDR_DEFAULT_LEN);
|
|
int length = tcp_hdr_len - TCPHDR_DEFAULT_LEN;
|
|
|
|
while (length > 0)
|
|
{
|
|
int opcode = *ptr++;
|
|
int opsize;
|
|
|
|
switch (opcode) {
|
|
case TCPOPT_EOL:
|
|
return;
|
|
case TCPOPT_NOP: /* Ref: RFC 793 section 3.1 */
|
|
length--;
|
|
continue;
|
|
default:
|
|
opsize = *ptr++;
|
|
if (opsize < 2) /* "silly options" */
|
|
return;
|
|
if (opsize > length)
|
|
return; /* don't parse partial options */
|
|
switch (opcode)
|
|
{
|
|
case TCPOPT_MAXSEG:
|
|
if (opsize == TCPOLEN_MAXSEG)
|
|
{
|
|
uint16_t in_mss = *(uint16_t *)ptr;
|
|
if (in_mss) *mss = ntohs(in_mss);
|
|
}
|
|
break;
|
|
|
|
case TCPOPT_WINDOW:
|
|
if (opsize == TCPOLEN_WINDOW)
|
|
{
|
|
uint8_t snd_wscale = *(uint8_t *)ptr;
|
|
// rfc7323 page9: Thus, the shift count MUST be limited to 14 (which allows windows of 2^30 = 1 GiB).
|
|
// If a Window Scale option is received with a shift.cnt value larger than 14,
|
|
// the TCP SHOULD log the error but MUST use 14 instead of the specified value. */
|
|
*wscale = snd_wscale;
|
|
if(*wscale>14)
|
|
{
|
|
*wscale=14;
|
|
}
|
|
*wscale_perm=1;
|
|
}
|
|
break;
|
|
case TCPOPT_TIMESTAMP:
|
|
if ((opsize == TCPOLEN_TIMESTAMP))
|
|
{
|
|
*timestamps = 1;
|
|
}
|
|
break;
|
|
case TCPOPT_SACK_PERMITTED:
|
|
if (opsize == TCPOLEN_SACK_PERMITTED)
|
|
{
|
|
*sack = 1;
|
|
}
|
|
break;
|
|
}
|
|
ptr += opsize-2;
|
|
length -= opsize;
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
char* kni_get_payload(const struct streaminfo* pstream,int* datalen)
|
|
{
|
|
char* data=NULL;
|
|
|
|
if(pstream->type==STREAM_TYPE_TCP)
|
|
{
|
|
data=(char*)(pstream->ptcpdetail->pdata);
|
|
*datalen=pstream->ptcpdetail->datalen;
|
|
}
|
|
else if(pstream->type==STREAM_TYPE_UDP)
|
|
{
|
|
data=(char*)(pstream->pudpdetail->pdata);
|
|
*datalen=pstream->pudpdetail->datalen;
|
|
}
|
|
else
|
|
{
|
|
data=NULL;
|
|
*datalen=0;
|
|
}
|
|
|
|
return data;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int kni_filestate2_set(int thread_seq,enum kni_FS_COLUME colum_index,int bytes,int pktnum)
|
|
{
|
|
g_kni_fs2_info.column_value_pkt[thread_seq][colum_index]+=pktnum;
|
|
g_kni_fs2_info.column_value_bytes[thread_seq][colum_index]+=bytes;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
int kni_filestate2_init()
|
|
{
|
|
// int i=0;
|
|
// int j=0;
|
|
int value=1;
|
|
unsigned int fs2_sport=0;
|
|
char fs2_filename[KNI_MAX_BUFLEN]={0};
|
|
char fs2_sip[KNI_MAX_BUFLEN]={0};
|
|
|
|
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_FS_MODE,(char*)"filestat2_filename",fs2_filename,KNI_MAX_BUFLEN,(char*)"./log/kni_fs2.log");
|
|
MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_FS_MODE,(char*)"filestat2_sip",fs2_sip,KNI_MAX_BUFLEN,(char*)"0.0.0.0");
|
|
MESA_load_profile_uint_def((char*)KNI_CONF_FILENAME,(char*)KNI_FS_MODE,(char*)"filestat2_sport",(unsigned int*)&fs2_sport,0);
|
|
|
|
g_kni_fs2_info.handler=FS_create_handle();
|
|
|
|
FS_set_para(g_kni_fs2_info.handler, OUTPUT_DEVICE,fs2_filename, strlen(fs2_filename)+1);
|
|
FS_set_para(g_kni_fs2_info.handler, PRINT_MODE, &value, sizeof(value));
|
|
FS_set_para(g_kni_fs2_info.handler, STAT_CYCLE, &value, sizeof(value));
|
|
FS_set_para(g_kni_fs2_info.handler, CREATE_THREAD, &value, sizeof(value));
|
|
FS_set_para(g_kni_fs2_info.handler, APP_NAME, FS2_APPNAME, strlen(FS2_APPNAME)+1);
|
|
|
|
if(fs2_sport!=0)
|
|
{
|
|
FS_set_para(g_kni_fs2_info.handler, STATS_SERVER_IP, fs2_sip, strlen(fs2_sip)+1);
|
|
FS_set_para(g_kni_fs2_info.handler, STATS_SERVER_PORT,&fs2_sport,sizeof(int));
|
|
}
|
|
|
|
|
|
g_kni_fs2_info.field_id[FS_PENDING]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_pending");
|
|
g_kni_fs2_info.field_id[FS_CLOSE_TIMEOUT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_cls_to");
|
|
g_kni_fs2_info.field_id[FS_CLOSE_FIN]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_cls_fin");
|
|
g_kni_fs2_info.field_id[FS_CLOSE_DROPME]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_cls_dropme");
|
|
g_kni_fs2_info.field_id[FS_HTTP]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_http");
|
|
g_kni_fs2_info.field_id[FS_SSL]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_ssl");
|
|
g_kni_fs2_info.field_id[FS_CLIENT_HELLO]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_hello");
|
|
g_kni_fs2_info.field_id[FS_SNI]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_sni");
|
|
g_kni_fs2_info.field_id[FS_NOT_HTTP_SSL]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_unknown");
|
|
g_kni_fs2_info.field_id[FS_NOT_DOUBLE]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT, "link_asym");
|
|
g_kni_fs2_info.field_id[FS_NOT_HIT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_not_hit");
|
|
g_kni_fs2_info.field_id[FS_WHITELIST]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_whitelist");
|
|
g_kni_fs2_info.field_id[FS_INTERCEPT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_intercept");
|
|
g_kni_fs2_info.field_id[FS_REDIRECT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_redirect");
|
|
g_kni_fs2_info.field_id[FS_REDIRECT_REPLY]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"redirect_reply");
|
|
g_kni_fs2_info.field_id[FS_RATELIMIT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"link_ratelimit");
|
|
g_kni_fs2_info.field_id[FS_RATELIMIT_UDP]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"ratelimit_udp_pkt");
|
|
g_kni_fs2_info.field_id[FS_REPLACE_UDP]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"replace_udp_pkt");
|
|
g_kni_fs2_info.field_id[FS_REPAIR_TOTAL]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_total");
|
|
g_kni_fs2_info.field_id[FS_REPAIR_SOCK_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_sock_err");
|
|
g_kni_fs2_info.field_id[FS_REPAIR_SET_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_set_err");
|
|
g_kni_fs2_info.field_id[FS_REPAIR_JOINLQ_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_e_joinq");
|
|
g_kni_fs2_info.field_id[FS_REPAIR_SEND_SUCC]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_send");
|
|
g_kni_fs2_info.field_id[FS_REPAIR_SEND_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"repair_send_err");
|
|
g_kni_fs2_info.field_id[FS_PKT_ADD_LQ_SUCC]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pkt_qin");
|
|
g_kni_fs2_info.field_id[FS_PKT_ADD_LQ_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pkt_qin_err");
|
|
g_kni_fs2_info.field_id[FS_PKT_GET_LQ_SUCC]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pkt_qout");
|
|
g_kni_fs2_info.field_id[FS_PKT_GET_LQ_ERR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pkt_qout_err");
|
|
g_kni_fs2_info.field_id[FS_WR_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"wr_pkts");
|
|
g_kni_fs2_info.field_id[FS_WR_ERR_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"wr_err_pkts");
|
|
g_kni_fs2_info.field_id[FS_WR_BYTES]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"wr_bytes");
|
|
g_kni_fs2_info.field_id[FS_RD_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"rd_pkts");
|
|
g_kni_fs2_info.field_id[FS_RD_BYTES]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"rd_bytes");
|
|
g_kni_fs2_info.field_id[FS_RX_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"rx_pkts");
|
|
g_kni_fs2_info.field_id[FS_RX_BYTES]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"rx_bytes");
|
|
g_kni_fs2_info.field_id[FS_TX_PKTS]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"tx_pkts");
|
|
g_kni_fs2_info.field_id[FS_TX_BYTES]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"tx_bytes");
|
|
g_kni_fs2_info.field_id[FS_DROP_IPV6OPT]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_ipv6_opt");
|
|
g_kni_fs2_info.field_id[FS_DROP_NOTIN_HTABLE]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_notin_htab");
|
|
g_kni_fs2_info.field_id[FS_DROP_NOTIPV46_SAPP]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_not_ipv46_s");
|
|
g_kni_fs2_info.field_id[FS_DROP_NOTIPV46_TUN]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_not_ipv46_t");
|
|
g_kni_fs2_info.field_id[FS_DROP_ADDHTABLE_ERROR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"d_add_htal_err");
|
|
g_kni_fs2_info.field_id[FS_PMENUM]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"pme_num");
|
|
g_kni_fs2_info.field_id[FS_REPLAY_WINDOW]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"replay_win");
|
|
g_kni_fs2_info.field_id[FS_HTABLE_ADD]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"add_htab");
|
|
g_kni_fs2_info.field_id[FS_HTABLE_DEL]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"del_htab");
|
|
g_kni_fs2_info.field_id[FS_PRO_ERROR]=FS_register(g_kni_fs2_info.handler, FS_STYLE_FIELD, FS_CALC_CURRENT,"http_proj_err");
|
|
|
|
|
|
g_kni_fs2_info.metric_tun_read=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "tun_read(us)" ,1,1000000,2);
|
|
g_kni_fs2_info.metric_forward=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "forward(us)" ,1,1000000,2);
|
|
g_kni_fs2_info.metric_sapp_proc=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "sapp_proc(us)" ,1,1000000,2);
|
|
g_kni_fs2_info.metric_tcprepair=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "tcprepair(us)" ,1,1000000,2);
|
|
g_kni_fs2_info.metric_tun_write=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "tun_write(us)" ,1,1000000,2);
|
|
g_kni_fs2_info.metric_sendfd=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "send_fds(us)" ,1,1000000,2);
|
|
g_kni_fs2_info.metric_qout_fd=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "q_out_fds(us)" ,1,1000000,2);
|
|
g_kni_fs2_info.metric_qout_pkt=FS_register_histogram(g_kni_fs2_info.handler, FS_CALC_CURRENT, "q_out_pkts(us)" ,1,1000000,2);
|
|
|
|
|
|
FS_start(g_kni_fs2_info.handler);
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
void* kni_filestat2(void* arg)
|
|
{
|
|
int i=0;
|
|
int j=0;
|
|
|
|
unsigned long long column_value[FS2_COLUMN_NUM];
|
|
|
|
kni_filestate2_init();
|
|
|
|
while(1)
|
|
{
|
|
for(i=0;i<FS2_COLUMN_NUM;i++)
|
|
{
|
|
column_value[i]=0;
|
|
|
|
for(j=0;j<g_iThreadNum;j++)
|
|
{
|
|
column_value[i]+=g_kni_fs2_info.column_value_pkt[j][i];
|
|
}
|
|
|
|
FS_operate(g_kni_fs2_info.handler,g_kni_fs2_info.field_id[i], 0,FS_OP_SET,column_value[i]);
|
|
}
|
|
|
|
sleep(1);
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
|
|
|
|
|
|
int kni_order_action(int old_action,int new_action)
|
|
{
|
|
if((old_action == KNI_ACTION_WHITELIST) || (new_action == KNI_ACTION_WHITELIST))
|
|
{
|
|
return KNI_ACTION_WHITELIST;
|
|
}
|
|
else if((old_action == KNI_ACTION_MONITOR) || (new_action == KNI_ACTION_MONITOR))
|
|
{
|
|
return KNI_ACTION_MONITOR;
|
|
}
|
|
else if((old_action == KNI_ACTION_REDIRECT) || (new_action == KNI_ACTION_REDIRECT))
|
|
{
|
|
return KNI_ACTION_REDIRECT;
|
|
}
|
|
else if((old_action == KNI_ACTION_REPLACE) || (new_action == KNI_ACTION_REPLACE))
|
|
{
|
|
return KNI_ACTION_REPLACE;
|
|
}
|
|
else if((old_action == KNI_ACTION_RATELIMIT) || (new_action == KNI_ACTION_RATELIMIT))
|
|
{
|
|
return KNI_ACTION_RATELIMIT;
|
|
}
|
|
|
|
|
|
return KNI_ACTION_NONE;
|
|
|
|
}
|
|
|
|
int kni_get_service_defined(int new_action,struct Maat_rule_t* maat_result,struct kni_pme_info* pmeinfo)
|
|
{
|
|
// if((new_action == KNI_ACTION_REPLACE) || (new_action == KNI_ACTION_RATELIMIT))
|
|
{
|
|
if(maat_result->serv_def_len > KNI_SERVICE_LEN)
|
|
{
|
|
pmeinfo->ser_def_len = 0;
|
|
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,(char*)"get_service_defined",
|
|
"maat_result->serv_def_len is %d,large than KNI_SERVICE_LEN %d",maat_result->serv_def_len,KNI_SERVICE_LEN);
|
|
|
|
return -1;
|
|
}
|
|
|
|
pmeinfo->cfg_id = maat_result->config_id;
|
|
pmeinfo->ser_def_len = maat_result->serv_def_len;
|
|
assert((int)sizeof(pmeinfo->service_defined) > maat_result->serv_def_len);
|
|
memcpy(pmeinfo->service_defined,maat_result->service_defined,maat_result->serv_def_len);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
|
|
|
|
int kni_get_keyring(struct kni_pme_info* pmeinfo)
|
|
{
|
|
char* tmp = NULL;
|
|
|
|
tmp = kni_memncasemem(pmeinfo->service_defined, pmeinfo->ser_def_len,(char*)"keyring_id=", strlen("keyring_id="));
|
|
if(tmp == NULL)
|
|
{
|
|
MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,"KEYRING_ID","there is no keyring id!cfg_id:%d,region:%s",pmeinfo->cfg_id,pmeinfo->service_defined);
|
|
return -1;
|
|
}
|
|
|
|
tmp += strlen("keyring_id=");
|
|
|
|
pmeinfo->keyring_id= atoi(tmp);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
int kni_process_maatresult(int result_num,struct Maat_rule_t* maat_result,struct kni_pme_info* pmeinfo)
|
|
{
|
|
|
|
int i=0;
|
|
int cur_action = KNI_ACTION_NONE;
|
|
int old_action = pmeinfo->action;
|
|
|
|
int keyring_id_old = 0;
|
|
|
|
|
|
for(i=0;i<result_num;i++)
|
|
{
|
|
cur_action = abs(maat_result[i].action);
|
|
if(cur_action == KNI_ACTION_WHITELIST)
|
|
{
|
|
pmeinfo->action=cur_action;
|
|
pmeinfo->cfg_id=maat_result[i].config_id;
|
|
|
|
return 0;
|
|
}
|
|
|
|
old_action = pmeinfo->action;
|
|
pmeinfo->action= kni_order_action(old_action,cur_action);
|
|
|
|
if(old_action != pmeinfo->action)
|
|
{
|
|
kni_get_service_defined(cur_action,&maat_result[i],pmeinfo);
|
|
}
|
|
|
|
if((pmeinfo->ipsscan_action!= KNI_ACTION_MONITOR) && (pmeinfo->action == KNI_ACTION_MONITOR))
|
|
{
|
|
keyring_id_old = pmeinfo->keyring_id;
|
|
kni_get_keyring(pmeinfo);
|
|
|
|
pmeinfo->keyring_id = pmeinfo->keyring_id>keyring_id_old ? pmeinfo->keyring_id : keyring_id_old;
|
|
}
|
|
}
|
|
|
|
|
|
if((result_num == -2) && (pmeinfo->action == KNI_ACTION_NONE))
|
|
{
|
|
pmeinfo->action = KNI_ACTION_HALFHIT;
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|