TSG-16188 Manipulation实时发送命中策略的metric统计
This commit is contained in:
fengweihao
@@ -1353,6 +1353,82 @@ static struct manipulate_profile* get_profile_by_id(int profile_table, int profi
|
||||
return result;
|
||||
}
|
||||
|
||||
void proxy_send_metric_log(const struct tfe_stream * stream, struct proxy_http_ctx * ctx, unsigned int thread_id, int state)
|
||||
{
|
||||
size_t i=0;
|
||||
int hit_cnt=0;
|
||||
const char *proxy_action_map[__PX_ACTION_MAX];
|
||||
proxy_action_map[PX_ACTION_MONIT]="monitor";
|
||||
proxy_action_map[PX_ACTION_REJECT]="deny";
|
||||
proxy_action_map[PX_ACTION_WHITELIST]="allow";
|
||||
const char *manipulate_action_map[]= {"redirect","block","replace","hijack","insert","edit_element","run_script"};
|
||||
struct tfe_fieldstat_metric_t *fieldstat = (struct tfe_fieldstat_metric_t *)tfe_bussiness_resouce_get(DYNAMIC_FIELDSTAT);
|
||||
|
||||
for(i=0; i< ctx->n_enforce; i++)
|
||||
{
|
||||
fieldstat->tags[thread_id][TAG_VSYS_ID].value_int = ctx->enforce_rules[i].vsys_id;
|
||||
fieldstat->tags[thread_id][TAG_RULE_ID].value_int = ctx->enforce_rules[i].config_id;
|
||||
fieldstat->tags[thread_id][TAG_ACTION].value_int = PX_ACTION_MANIPULATE;
|
||||
if(ctx->enforce_rules[i].action == PX_ACTION_MANIPULATE)
|
||||
{
|
||||
fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = manipulate_action_map[ctx->param->action];
|
||||
}
|
||||
else
|
||||
{
|
||||
fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = proxy_action_map[ctx->enforce_rules[i].action];
|
||||
}
|
||||
|
||||
size_t c2s_byte_num = 0, s2c_byte_num =0;
|
||||
tfe_stream_info_get(stream, INFO_FROM_DOWNSTREAM_RX_OFFSET, &c2s_byte_num, sizeof(c2s_byte_num));
|
||||
tfe_stream_info_get(stream, INFO_FROM_UPSTREAM_RX_OFFSET, &s2c_byte_num, sizeof(s2c_byte_num));
|
||||
|
||||
uint16_t out_size;
|
||||
unsigned int route_dir; int ret=0;
|
||||
int in_bytes = 0, out_bytes = 0;
|
||||
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
|
||||
if (cmsg != NULL)
|
||||
{
|
||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size);
|
||||
if (ret != 0)
|
||||
{
|
||||
TFE_LOG_ERROR(g_proxy_rt->local_logger, "failed at fetch route_dir from cmsg: %s", strerror(-ret));
|
||||
return;
|
||||
}
|
||||
}
|
||||
int dir_is_e2i=(route_dir==69) ? 0 : 1;
|
||||
if (dir_is_e2i == 1)
|
||||
{
|
||||
in_bytes = c2s_byte_num - ctx->c2s_byte_num;
|
||||
out_bytes = s2c_byte_num - ctx->s2c_byte_num;
|
||||
ctx->c2s_byte_num = c2s_byte_num;
|
||||
ctx->s2c_byte_num = s2c_byte_num;
|
||||
}
|
||||
else
|
||||
{
|
||||
in_bytes = s2c_byte_num - ctx->c2s_byte_num;
|
||||
out_bytes = c2s_byte_num - ctx->s2c_byte_num;
|
||||
ctx->c2s_byte_num = s2c_byte_num;
|
||||
ctx->s2c_byte_num = c2s_byte_num;
|
||||
}
|
||||
if(state == 1)
|
||||
{
|
||||
hit_cnt=0;
|
||||
}
|
||||
else
|
||||
{
|
||||
hit_cnt=1;
|
||||
in_bytes=0;
|
||||
out_bytes=0;
|
||||
}
|
||||
|
||||
tfe_fieldstat_metric_incrby(fieldstat, fieldstat->column_array[COLUMN_HIT_COUNT], hit_cnt, fieldstat->tags[thread_id], TAG_MAX - 1, thread_id);
|
||||
tfe_fieldstat_metric_incrby(fieldstat, fieldstat->column_array[COLUMN_IN_BYTES], in_bytes/8, fieldstat->tags[thread_id], TAG_MAX - 1, thread_id);
|
||||
tfe_fieldstat_metric_incrby(fieldstat, fieldstat->column_array[COLUMN_OUT_BYTES], out_bytes/8, fieldstat->tags[thread_id], TAG_MAX - 1, thread_id);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
static unsigned long long try_send_by_token(int inject_sz)
|
||||
{
|
||||
if (g_proxy_rt->enable_rate != 1)
|
||||
@@ -2750,9 +2826,7 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h
|
||||
if(ctx->log_resp_body == NULL) ctx->log_resp_body = evbuffer_new();
|
||||
evbuffer_add(ctx->log_resp_body, body_frag, frag_size);
|
||||
}
|
||||
|
||||
tfe_stream_info_get(stream, INFO_FROM_DOWNSTREAM_RX_OFFSET, &(ctx->c2s_byte_num), sizeof(ctx->c2s_byte_num));
|
||||
tfe_stream_info_get(stream, INFO_FROM_UPSTREAM_RX_OFFSET, &(ctx->s2c_byte_num), sizeof(ctx->s2c_byte_num));
|
||||
proxy_send_metric_log(stream, ctx, thread_id, 1);
|
||||
|
||||
return;
|
||||
}
|
||||
@@ -2897,67 +2971,6 @@ static inline int ctx_actually_manipulate(struct proxy_http_ctx * ctx)
|
||||
}
|
||||
}
|
||||
|
||||
void proxy_send_metric_log(const struct tfe_stream * stream, struct proxy_http_ctx * ctx, unsigned int thread_id)
|
||||
{
|
||||
size_t i=0;
|
||||
const char *proxy_action_map[__PX_ACTION_MAX];
|
||||
proxy_action_map[PX_ACTION_MONIT]="monitor";
|
||||
proxy_action_map[PX_ACTION_REJECT]="deny";
|
||||
proxy_action_map[PX_ACTION_WHITELIST]="allow";
|
||||
const char *manipulate_action_map[]= {"redirect","block","replace","hijack","insert","edit_element","run_script"};
|
||||
struct tfe_fieldstat_metric_t *fieldstat = (struct tfe_fieldstat_metric_t *)tfe_bussiness_resouce_get(DYNAMIC_FIELDSTAT);
|
||||
|
||||
for(i=0; i< ctx->n_enforce; i++)
|
||||
{
|
||||
fieldstat->tags[thread_id][TAG_VSYS_ID].value_int = ctx->enforce_rules[i].vsys_id;
|
||||
fieldstat->tags[thread_id][TAG_RULE_ID].value_int = ctx->enforce_rules[i].config_id;
|
||||
fieldstat->tags[thread_id][TAG_ACTION].value_int = PX_ACTION_MANIPULATE;
|
||||
if(ctx->enforce_rules[i].action == PX_ACTION_MANIPULATE)
|
||||
{
|
||||
fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = manipulate_action_map[ctx->param->action];
|
||||
}
|
||||
else
|
||||
{
|
||||
fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = proxy_action_map[ctx->enforce_rules[i].action];
|
||||
}
|
||||
|
||||
size_t c2s_byte_num = 0, s2c_byte_num =0;
|
||||
tfe_stream_info_get(stream, INFO_FROM_DOWNSTREAM_RX_OFFSET, &c2s_byte_num, sizeof(c2s_byte_num));
|
||||
tfe_stream_info_get(stream, INFO_FROM_UPSTREAM_RX_OFFSET, &s2c_byte_num, sizeof(s2c_byte_num));
|
||||
|
||||
uint16_t out_size;
|
||||
unsigned int route_dir; int ret=0;
|
||||
int in_bytes = 0, out_bytes = 0;
|
||||
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
|
||||
if (cmsg != NULL)
|
||||
{
|
||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size);
|
||||
if (ret != 0)
|
||||
{
|
||||
TFE_LOG_ERROR(g_proxy_rt->local_logger, "failed at fetch route_dir from cmsg: %s", strerror(-ret));
|
||||
return;
|
||||
}
|
||||
}
|
||||
int dir_is_e2i=(route_dir==69) ? 0 : 1;
|
||||
if (dir_is_e2i == 1)
|
||||
{
|
||||
in_bytes = c2s_byte_num;
|
||||
out_bytes = s2c_byte_num;
|
||||
}
|
||||
else
|
||||
{
|
||||
in_bytes = s2c_byte_num;
|
||||
out_bytes = c2s_byte_num;
|
||||
}
|
||||
|
||||
tfe_fieldstat_metric_incrby(fieldstat, fieldstat->column_array[COLUMN_HIT_COUNT], 1, fieldstat->tags[thread_id], TAG_MAX - 1, thread_id);
|
||||
tfe_fieldstat_metric_incrby(fieldstat, fieldstat->column_array[COLUMN_IN_BYTES], in_bytes, fieldstat->tags[thread_id], TAG_MAX - 1, thread_id);
|
||||
tfe_fieldstat_metric_incrby(fieldstat, fieldstat->column_array[COLUMN_OUT_BYTES], out_bytes, fieldstat->tags[thread_id], TAG_MAX - 1, thread_id);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
void proxy_on_http_end(const struct tfe_stream * stream,
|
||||
const struct tfe_http_session * session, unsigned int thread_id, void ** pme)
|
||||
{
|
||||
@@ -3014,7 +3027,7 @@ void proxy_on_http_end(const struct tfe_stream * stream,
|
||||
ATOMIC_INC(&(g_proxy_rt->stat_val[STAT_ACTION_MONIT]));
|
||||
}
|
||||
}
|
||||
proxy_send_metric_log(stream, ctx, thread_id);
|
||||
proxy_send_metric_log(stream, ctx, thread_id, 0);
|
||||
}
|
||||
|
||||
if(ctx->rep_ctx && ctx->rep_ctx->actually_replaced==1)
|
||||
|
||||
Reference in New Issue
Block a user