diff --git a/common/src/packet.cpp b/common/src/packet.cpp index a176ca5..88e9da0 100644 --- a/common/src/packet.cpp +++ b/common/src/packet.cpp @@ -1264,12 +1264,14 @@ uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, return hash_value; } +#if 0 char *inner_addr_str = two_tuple_tostring(&inner_addr); char *outer_addr_str = two_tuple_tostring(&outer_addr); printf("%s: outer_addr: %s, inner_addr: %s, dir: %s, hash_method: %s, hash_value: %lu\n", LOG_PACKET, outer_addr_str, inner_addr_str, (dir_is_i2e ? "I2E" : "E2I"), ldbc_method_tostring(method), hash_value); free(inner_addr_str); free(outer_addr_str); +#endif return hash_value; } diff --git a/platform/src/packet_io.cpp b/platform/src/packet_io.cpp index 5066881..cd87e4a 100644 --- a/platform/src/packet_io.cpp +++ b/platform/src/packet_io.cpp @@ -650,11 +650,11 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx for (sf_index = next_sf_index; sf_index < chaining->chaining_used; sf_index++) { struct selected_sf *sf = &(chaining->chaining[sf_index]); - LOG_INFO("%s: session: %lu %s execute chaining [%d/%d]: policy %lu->%d->%d, action %s->%s->%s->%s", - LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr, - sf_index, chaining->chaining_used, - sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, - (meta->is_decrypted == 1 ? "decrypted" : "raw"), (meta->is_e2i_dir ? "E2I" : "I2E"), forward_type_to_string(sf->sff_forward_type), action_desc_to_string(sf->sf_action_desc)); + LOG_DEBUG("%s: session: %lu %s execute chaining [%d/%d]: policy %lu->%d->%d, action %s->%s->%s->%s", + LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr, + sf_index, chaining->chaining_used, + sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, + (meta->is_decrypted == 1 ? "decrypted" : "raw"), (meta->is_e2i_dir ? "E2I" : "I2E"), forward_type_to_string(sf->sff_forward_type), action_desc_to_string(sf->sf_action_desc)); switch (sf->sf_action) { @@ -898,8 +898,11 @@ static void session_value_free_cb(void *ctx) session_ctx_free(s_ctx); } -static void handle_policy_mutil_hits(struct policy_enforcer *enforcer, struct session_ctx *session_ctx, struct control_packet *ctrl_pkt, packet *data_pkt, int is_e2i_dir) +static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct control_packet *ctrl_pkt, packet *data_pkt, int is_e2i_dir, struct thread_ctx *thread_ctx) { + struct policy_enforcer *enforcer = thread_ctx->ref_enforcer; + struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx; + for (int i = 0; i < ctrl_pkt->rule_id_num; i++) { uint64_t rule_id = ctrl_pkt->rule_ids[i]; @@ -911,8 +914,11 @@ static void handle_policy_mutil_hits(struct policy_enforcer *enforcer, struct se { policy_enforce_select_chainings(enforcer, &session_ctx->chainings, session_ctx, data_pkt, rule_id, is_e2i_dir); - selected_chaining_bref(session_ctx->chainings.chaining_raw); - selected_chaining_bref(session_ctx->chainings.chaining_decrypted); + if (sce_ctx->enable_debug) + { + selected_chaining_bref(session_ctx->chainings.chaining_raw); + selected_chaining_bref(session_ctx->chainings.chaining_decrypted); + } mutable_array_add_elem(&session_ctx->rule_ids, rule_id); } @@ -924,6 +930,7 @@ static void handle_session_opening(struct metadata *meta, struct control_packet struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics; struct policy_enforcer *enforcer = thread_ctx->ref_enforcer; struct session_table *session_table = thread_ctx->session_table; + struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx; int chaining_size = policy_enforce_chaining_size(enforcer); #if 0 @@ -947,7 +954,7 @@ static void handle_session_opening(struct metadata *meta, struct control_packet struct session_ctx *session_ctx = session_ctx_new(); session_ctx->session_id = meta->session_id; - session_ctx->session_addr = four_tuple_tostring(&inner_tuple4); + session_ctx->session_addr = sce_ctx->enable_debug ? four_tuple_tostring(&inner_tuple4) : NULL; session_ctx->vxlan_src_port = calculate_vxlan_source_port(&inner_tuple4); four_tuple_copy(&session_ctx->inner_tuple4, &inner_tuple4); metadata_deep_copy(session_ctx->ctrl_meta, meta); @@ -956,7 +963,7 @@ static void handle_session_opening(struct metadata *meta, struct control_packet session_ctx->ref_thread_ctx = thread_ctx; LOG_INFO("%s: session %lu %s active first", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr); - handle_policy_mutil_hits(enforcer, session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir); + handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir, thread_ctx); send_event_log(session_ctx, thread_ctx); session_table_insert(session_table, session_ctx->session_id, &session_ctx->inner_tuple4, session_ctx, session_value_free_cb); @@ -988,7 +995,6 @@ static void handle_session_closing(struct metadata *meta, struct control_packet static void handle_session_active(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx) { struct session_table *session_table = thread_ctx->session_table; - struct policy_enforcer *enforcer = thread_ctx->ref_enforcer; struct session_node *node = session_table_search_by_id(session_table, meta->session_id); if (node) @@ -1004,7 +1010,7 @@ static void handle_session_active(struct metadata *meta, struct control_packet * } LOG_INFO("%s: session %lu %s active again", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr); - handle_policy_mutil_hits(enforcer, session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir); + handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir, thread_ctx); send_event_log(session_ctx, thread_ctx); } else