#include #include #include "sce.h" #include "log.h" /****************************************************************************** * global_metrics ******************************************************************************/ struct global_metrics *global_metrics_create() { struct global_metrics *metrics = (struct global_metrics *)calloc(1, sizeof(struct global_metrics)); assert(metrics == NULL); return metrics; } void global_metrics_destory(struct global_metrics *metrics) { if (metrics) { free(metrics); metrics = NULL; } } void global_metrics_dump(struct global_metrics *metrics) { if (metrics) { LOG_INFO("%s: dev_endpoint_rx : n_pkts : %6lu, n_bytes: %6lu", LOG_TAG_METRICS, metrics->dev_endpoint_rx.n_pkts, metrics->dev_endpoint_rx.n_bytes); LOG_INFO("%s: dev_endpoint_tx : n_pkts : %6lu, n_bytes: %6lu", LOG_TAG_METRICS, metrics->dev_endpoint_tx.n_pkts, metrics->dev_endpoint_tx.n_bytes); LOG_INFO("%s: dev_endpoint_err_drop : n_pkts : %6lu, n_bytes: %6lu", LOG_TAG_METRICS, metrics->dev_endpoint_err_drop.n_pkts, metrics->dev_endpoint_err_drop.n_bytes); LOG_INFO("%s: dev_nf_interface_rx : n_pkts : %6lu, n_bytes: %6lu", LOG_TAG_METRICS, metrics->dev_nf_interface_rx.n_pkts, metrics->dev_nf_interface_rx.n_bytes); LOG_INFO("%s: dev_nf_interface_tx : n_pkts : %6lu, n_bytes: %6lu", LOG_TAG_METRICS, metrics->dev_nf_interface_tx.n_pkts, metrics->dev_nf_interface_tx.n_bytes); LOG_INFO("%s: dev_nf_interface_err_bypass : n_pkts : %6lu, n_bytes: %6lu", LOG_TAG_METRICS, metrics->dev_nf_interface_err_bypass.n_pkts, metrics->dev_nf_interface_err_bypass.n_bytes); LOG_INFO("%s: hit_block_policy : n_pkts : %6lu, n_bytes: %6lu", LOG_TAG_METRICS, metrics->hit_block_policy.n_pkts, metrics->hit_block_policy.n_bytes); LOG_INFO("%s: hit_bypass_policy : n_pkts : %6lu, n_bytes: %6lu", LOG_TAG_METRICS, metrics->hit_bypass_policy.n_pkts, metrics->hit_bypass_policy.n_bytes); LOG_INFO("%s: current_session_num : %6lu", LOG_TAG_METRICS, metrics->session_nums); } } /****************************************************************************** * session_ctx ******************************************************************************/ struct session_ctx *session_ctx_new() { struct session_ctx *ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx)); assert(ctx != NULL); return ctx; } void session_ctx_free(struct session_ctx *ctx) { if (ctx) { if (ctx->first_ctrl_pkt.addr_string) { free(ctx->first_ctrl_pkt.addr_string); ctx->first_ctrl_pkt.addr_string = NULL; } if (ctx->first_ctrl_pkt.header_data) { free(ctx->first_ctrl_pkt.header_data); ctx->first_ctrl_pkt.header_data = NULL; } if (ctx->chaining) { selected_chaining_destory(ctx->chaining); ctx->chaining = NULL; } free(ctx); ctx = 0; } } /****************************************************************************** * sce_ctx ******************************************************************************/ struct sce_ctx *sce_ctx_create(const char *profile) { struct sce_ctx *ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx)); MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(ctx->firewall_sids), 1001); MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(ctx->nr_worker_threads), 8); ctx->nr_worker_threads = MIN(ctx->nr_worker_threads, (int)(sizeof(ctx->work_threads) / sizeof(ctx->work_threads[0]))); ctx->io = packet_io_create(profile, ctx->nr_worker_threads); if (ctx->io == NULL) { goto error_out; } ctx->metrics = global_metrics_create(); if (ctx->metrics == NULL) { goto error_out; } ctx->enforcer = policy_enforcer_create("SCE", profile, ctx->nr_worker_threads, NULL); if (ctx->enforcer == NULL) { goto error_out; } return ctx; error_out: sce_ctx_destory(ctx); return NULL; } void sce_ctx_destory(struct sce_ctx *ctx) { if (ctx) { policy_enforcer_destory(ctx->enforcer); global_metrics_destory(ctx->metrics); packet_io_destory(ctx->io); free(ctx); ctx = NULL; } }