diff --git a/ci/travis.sh b/ci/travis.sh index a1ddb68..356baf1 100644 --- a/ci/travis.sh +++ b/ci/travis.sh @@ -33,7 +33,7 @@ env | sort : "${COMPILER_IS_GNUCXX:=OFF}" # Install dependency from YUM -yum install -y libcjson-devel libmaatframe-devel libfieldstat4-devel libMESA_handle_logger-devel libMESA_prof_load-devel sapp-devel +yum install -y libcjson-devel libmaatframe-devel libfieldstat4-devel libMESA_prof_load-devel sapp-devel mkdir build || true cd build diff --git a/common/CMakeLists.txt b/common/CMakeLists.txt index 12ebf18..d5bc96d 100644 --- a/common/CMakeLists.txt +++ b/common/CMakeLists.txt @@ -1,4 +1,4 @@ -add_library(common src/verify_policy_logging.cpp src/verify_policy_utils.cpp) +add_library(common src/verify_policy_utils.cpp src/log.c) target_include_directories(common PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include) -target_link_libraries(common PUBLIC MESA_handle_logger libevent-static) +target_link_libraries(common PUBLIC libevent-static) diff --git a/common/include/log.h b/common/include/log.h new file mode 100644 index 0000000..1ca0a4f --- /dev/null +++ b/common/include/log.h @@ -0,0 +1,45 @@ +/** + * Copyright (c) 2020 rxi + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the MIT license. See `log.c` for details. + */ + +#ifndef LOG_H +#define LOG_H + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include +#include +#include +#include + +#define LOG_VERSION "0.1.0" + +struct log_handle; + +enum { LOG_TRACE, LOG_DEBUG, LOG_INFO, LOG_WARN, LOG_ERROR, LOG_FATAL}; + +#define log_debug(handle, module, fmt, ...) log_print(handle, LOG_DEBUG, module, fmt, ##__VA_ARGS__) +#define log_trace(handle, module, fmt, ...) log_print(handle, LOG_TRACE, module, fmt, ##__VA_ARGS__) +#define log_info(handle, module, fmt, ...) log_print(handle, LOG_INFO, module, fmt, ##__VA_ARGS__) +#define log_warn(handle, module, fmt, ...) log_print(handle, LOG_WARN, module, fmt, ##__VA_ARGS__) +#define log_error(handle, module, fmt, ...) log_print(handle, LOG_ERROR, module, fmt, ##__VA_ARGS__) +#define log_fatal(handle, module, fmt, ...) log_print(handle, LOG_FATAL, module, fmt, ##__VA_ARGS__) + +void log_print(struct log_handle *, int level, const char *module, const char *fmt, ...); +void log_options_set_enable(struct log_handle *, int enable); +void log_options_set_level(struct log_handle *, int level); + +struct log_handle * log_handle_create(const char *file_path, int level); +void log_handle_destroy(struct log_handle *); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index f7d67e4..ec2cbdd 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -9,6 +9,7 @@ #define _VERIFY_POLICY_H #include +#include #include "verify_policy_utils.h" struct breakpad_instance; @@ -116,7 +117,7 @@ struct verify_policy_thread struct verify_policy { char name[VERIFY_SYMBOL_MAX]; - void * logger; + struct log_handle *logger; unsigned int log_level; unsigned int nr_work_threads; unsigned int listen_port; diff --git a/common/include/verify_policy_logging.h b/common/include/verify_policy_logging.h deleted file mode 100644 index e2a65fe..0000000 --- a/common/include/verify_policy_logging.h +++ /dev/null @@ -1,49 +0,0 @@ -/************************************************************************* - > File Name: logging.h - > Author: - > Mail: - > Created Time: 2018年06月18日 星期一 22时45分58秒 - ************************************************************************/ - -#ifndef _LOGGING_H -#define _LOGGING_H - -#define MODULE_NAME "verify_policy" - -#define RLOG_LV_DEBUG 10 -#define RLOG_LV_INFO 20 -#define RLOG_LV_FATAL 30 - -typedef struct RTLogInit2Data_ { - int debug_switch; - - int run_log_level; - - char run_log_path[256]; - - void *run_log_handle; -} RTLogInit2Data; - -extern RTLogInit2Data logging_sc_lid; - -/* The maximum length of the log message */ -#define RT_LOG_MAX_LOG_MSG_LEN 4096 - -#define mesa_log(x, y, ...) do { \ - char _sc_log_msg[RT_LOG_MAX_LOG_MSG_LEN] = ""; \ - char *_sc_log_temp = _sc_log_msg; \ - if ( !x ) \ - { } else { \ - snprintf(_sc_log_temp, \ - (RT_LOG_MAX_LOG_MSG_LEN - \ - (_sc_log_temp - _sc_log_msg)), \ - __VA_ARGS__); \ - MESA_handle_runtime_log(logging_sc_lid.run_log_handle, y, __FUNCTION__, _sc_log_msg); \ - } \ - } while(0) - -#define mesa_runtime_log(level, ...) mesa_log(logging_sc_lid.debug_switch, level, __VA_ARGS__) - -extern void * verify_syslog_init(const char *config); - -#endif diff --git a/common/include/verify_policy_utils.h b/common/include/verify_policy_utils.h index 087a57d..b6c1391 100644 --- a/common/include/verify_policy_utils.h +++ b/common/include/verify_policy_utils.h @@ -51,7 +51,9 @@ char* rt_strdup(const char* s); +#define MODULE_VERIFY_POLICY "verify-policy.init" + #define CHECK_OR_EXIT(condition, fmt, ...) \ -do { if(!(condition)) { mesa_runtime_log(RLOG_LV_FATAL, fmt, ##__VA_ARGS__); exit(EXIT_FAILURE); } } while(0) \ +do { if(!(condition)) { log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, fmt, ##__VA_ARGS__); exit(EXIT_FAILURE); } } while(0) \ #endif diff --git a/common/src/log.c b/common/src/log.c new file mode 100644 index 0000000..5459dd4 --- /dev/null +++ b/common/src/log.c @@ -0,0 +1,281 @@ +/* + * Copyright (c) 2020 rxi + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include + +#include "log.h" + +#define ALLOC(type, number) ((type *)calloc(sizeof(type), number)) + +typedef enum { + LOG_OP_IFACE_CONSOLE, + LOG_OP_IFACE_FILE, + RT_LOG_OP_IFACE_MAX, +}log_op_iface; + +struct log_handle +{ + int level; + int enable; + FILE *fp; + va_list ap; + char defined_log_fn[1024]; + char runtime_log_fn[1024]; + pthread_mutex_t mutex; + log_op_iface iface; +}; + +static unsigned char weekday_str[7][4] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"}; + +static unsigned char month_str[12][4] = {"Jan", "Feb", "Mar", "Apr","May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; + +static int log_create_dir(const char *dir_path, int path_len) +{ + if(dir_path == NULL) + return -1; + + char *buf = (char *)calloc(path_len+1, 1); + int ret = -1; + + memcpy(buf, dir_path, path_len); + if(access(buf, R_OK) != 0) + { + if(mkdir(buf, 0755)!= 0) + ret = -1; + else + ret = 0; + } + else + ret = 1; + free(buf); + buf = NULL; + return ret; +} + +static void log_close_file(struct log_handle *handle) +{ + pthread_mutex_lock(&handle->mutex); + if(handle->fp != NULL) + { + fclose(handle->fp); + handle->fp = NULL; + } + pthread_mutex_unlock(&handle->mutex); + return; +} + +int log_open_file(char *file_name, struct log_handle *handle) +{ + FILE *fp = NULL; + log_close_file(handle); + if(NULL == (fp = fopen(file_name, "a"))) + { + return -1; + } + memcpy(handle->runtime_log_fn, file_name, strlen(file_name)); + handle->fp = fp; + return 0; +} + +static int log_create_path(const char *file_path) +{ + FILE *fp = NULL; + + if(file_path == NULL) + return 0; + + char *p_path = rindex(file_path, '/'); + if(p_path==0) + { + return 0; + } + + const char *p_cur = file_path; + int path_len = p_path - file_path; + int i = 0; + + if(log_create_dir(file_path, path_len) >= 0) + return 0; + + for(;i<=path_len;i++,p_cur++) + { + if(*p_cur == '/') + { + if(log_create_dir(file_path, i+1) < 0) + return -1; + } + } + if(NULL == (fp = fopen(file_path, "w"))) + { + return 0; + } + fclose(fp); + return 1; +} + +int log_create_log_file(struct log_handle *handle) +{ + time_t t; + struct tm local_time; + char tmp_log_file_name[1024+128]; + + time(&t); + if(NULL == (localtime_r(&t, &local_time))) + { + return 0; + } + snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday); + + if(handle->fp == NULL) + { + if(0 != log_open_file(tmp_log_file_name, handle)) return 0; + } + else + { + if (0 != memcmp(tmp_log_file_name, handle->runtime_log_fn, strlen(tmp_log_file_name))) + { + if(0 != log_open_file(tmp_log_file_name, handle))return 0; + } + } + + return 1; +} + +static void log_print_file(struct log_handle *handle, int level, const char *module, va_list ap, const char *fmt) +{ + char buf[64]={0}; + time_t t; + struct tm local_time; + const char *level_str_map[]= {"TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL"}; + + time(&t); + if(NULL == (localtime_r(&t, &local_time))) return; + snprintf(buf, sizeof(buf), "%s %s %d %02d:%02d:%02d %d", weekday_str[local_time.tm_wday], + month_str[local_time.tm_mon], local_time.tm_mday, local_time.tm_hour, local_time.tm_min, local_time.tm_sec, local_time.tm_year+1900); + + log_create_log_file(handle); + fprintf(handle->fp, "%s, %s, %s, ", buf, level_str_map[level], module); + + vfprintf(handle->fp, fmt, ap); + fprintf(handle->fp, "\n"); + fflush(handle->fp); +} + +static void log_print_console(struct log_handle *handle, int level, const char *module, va_list ap, const char *fmt) +{ + char buf[64]={0}; + time_t t; + struct tm local_time; + const char *level_str_map[]= {"TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL"}; + + time(&t); + if(NULL == (localtime_r(&t, &local_time))) return; + snprintf(buf, sizeof(buf), "%s %s %d %02d:%02d:%02d %d", weekday_str[local_time.tm_wday], + month_str[local_time.tm_mon], local_time.tm_mday, local_time.tm_hour, local_time.tm_min, local_time.tm_sec, local_time.tm_year+1900); + fprintf(handle->fp, "%s, %s, %s, ", buf, level_str_map[level], module); + + vfprintf(handle->fp, fmt, ap); + fprintf(handle->fp, "\n"); + fflush(handle->fp); +} + +void log_options_set_level(struct log_handle * handle, int level) +{ + if(handle != NULL) + { + handle->level = level; + } +} + +void log_options_set_enable(struct log_handle * handle, int enable) +{ + if(handle != NULL) + { + handle->enable = enable; + } +} + +struct log_handle *log_handle_create(const char *file_path, int level) +{ + struct log_handle *handle = ALLOC(struct log_handle, 1); + if(!handle) + { + return NULL; + } + handle->enable=1; + handle->level = level; + strncpy(handle->defined_log_fn, file_path, 1023); + pthread_mutex_init(&handle->mutex,NULL); + + if(handle->enable) + { + log_create_path(handle->defined_log_fn); + } + + return handle; +} + +void log_handle_destroy(struct log_handle * handle) +{ + if(!handle) + { + return; + } + + if(handle->iface == LOG_OP_IFACE_FILE && handle->fp != NULL) + { + fclose(handle->fp); + handle->fp=NULL; + } + + pthread_mutex_destroy(&(handle->mutex)); + free(handle); + handle = NULL; + return; +} + +void log_print(struct log_handle *handle, int level, const char *module, const char *fmt, ...) +{ + va_list ap; + + if(handle->enable != 1 && level >= handle->level) + { + handle->fp = stdout; + handle->iface = LOG_OP_IFACE_CONSOLE; + va_start(handle->ap, fmt); + log_print_console(handle, level, module, ap, fmt); + va_end(handle->ap); + } + if (handle->enable == 1 && level >= handle->level) + { + handle->iface = LOG_OP_IFACE_FILE; + va_start(ap, fmt); + log_print_file(handle, level, module, ap, fmt); + va_end(ap); + } +} + diff --git a/common/src/verify_policy_logging.cpp b/common/src/verify_policy_logging.cpp deleted file mode 100644 index 2d77b6d..0000000 --- a/common/src/verify_policy_logging.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/************************************************************************* - > File Name: logging.c - > Author: - > Mail: - > Created Time: 2018年06月18日 星期一 22时45分43秒 - ************************************************************************/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "verify_policy_logging.h" -#include -#include - -RTLogInit2Data logging_sc_lid; - -void * verify_syslog_init(const char *config) -{ - - MESA_load_profile_int_def(config, (const char *)"SYSTEM",(const char *)"DEBUG_SWITCH", - &logging_sc_lid.debug_switch, 1); - MESA_load_profile_string_def(config, (const char *)"SYSTEM",(const char *)"RUN_LOG_PATH", - logging_sc_lid.run_log_path, 128, "conf/zlog.conf"); - - if (0 != MESA_handle_runtime_log_creation(logging_sc_lid.run_log_path)) - { - fprintf(stderr, "Create log runtime_log_handle error, init failed\n"); - goto finish; - } - - logging_sc_lid.run_log_handle = MESA_create_runtime_log_handle("verify_policy", RLOG_LV_DEBUG); - if(logging_sc_lid.run_log_handle == NULL){ - mesa_runtime_log(RLOG_LV_FATAL, "Create log runtime_log_handle error, init failed!"); - goto finish; - }else{ - mesa_runtime_log(RLOG_LV_INFO, "Log module initialization"); - } - - mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Log level", logging_sc_lid.run_log_level); - mesa_runtime_log(RLOG_LV_INFO, "%s:%s", "Log Directory", logging_sc_lid.run_log_path); - - return logging_sc_lid.run_log_handle; -finish: - return NULL; -} - - diff --git a/conf/verify_policy.conf b/conf/verify_policy.conf index 0ec1f83..230464b 100644 --- a/conf/verify_policy.conf +++ b/conf/verify_policy.conf @@ -1,9 +1,7 @@ [SYSTEM] -#1:print on screen, 0:don't -DEBUG_SWITCH = 1 -#10:DEBUG, 20:INFO, 30:FATAL -RUN_LOG_LEVEL = 10 -RUN_LOG_PATH = "conf/zlog.conf" +# kill -s SIGHUP "pid" to reload the configuration +#0:LOG_TRACE 1:LOG_DEBUG 2:LOG_INFO 3:LOG_WARN 4:LOG_ERROR 5:LOG_FATAL +log_level=5 disable_coredump=0 enable_breakpad=1 diff --git a/conf/zlog.conf b/conf/zlog.conf deleted file mode 100644 index d2f1ef6..0000000 --- a/conf/zlog.conf +++ /dev/null @@ -1,14 +0,0 @@ -# kill -s SIGHUP "pid" - -[global] -default format = "%d(%c), %V, %F, %U, %m%n" -[levels] -DEBUG=10 -INFO=20 -FATAL=30 -[rules] -*.fatal "./log/error.log.%d(%F)"; -verify_policy.fatal "./logs/verify_policy.log.%d(%F)"; -proxy_policy_maat.fatal "./logs/proxy_policy_maat.log.%d(%F)"; -security_policy_maat.fatal "./logs/security_policy_maat.log.%d(%F)"; - diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt index 3b006f2..76c1920 100644 --- a/platform/CMakeLists.txt +++ b/platform/CMakeLists.txt @@ -9,7 +9,6 @@ add_executable(verify-policy src/verify_policy.cpp src/verify_matcher.cpp) target_link_libraries(verify-policy common cjson maatframe) target_link_libraries(verify-policy pthread dl libevent-static - MESA_handle_logger MESA_prof_load breakpad-client-static cjson diff --git a/platform/src/verify_matcher.cpp b/platform/src/verify_matcher.cpp index 0046376..325ecfe 100644 --- a/platform/src/verify_matcher.cpp +++ b/platform/src/verify_matcher.cpp @@ -12,7 +12,6 @@ #include #include -#include #include #include @@ -20,11 +19,12 @@ #include "verify_policy.h" #include "verify_policy_utils.h" -#include "verify_policy_logging.h" #define HIT_PATH_SIZE 4096 #define MAX_SCAN_RESULT 16 +#define MODULE_VERIFY_MATCHER "verify-policy.matcher" + enum policy_action { PG_ACTION_NONE = 0, @@ -195,7 +195,7 @@ struct policy_scan_ctx struct verify_policy_rt { struct maat *feather[VSYS_ID_MAX]; - void * local_logger; + struct log_handle *local_logger; int log_level; int thread_num; int load_ip_location; @@ -341,7 +341,7 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key, ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id, &group_id, &addr_type, addr_format, start_ip, end_ip, asn, organization, &is_valid); if(ret!=9) { - mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip ASN failed, ret:%d, %s", ret, table_line); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table parse ip ASN failed, ret:%d, %s", ret, table_line); return; } verify_unescape(organization); @@ -355,7 +355,7 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key, ip_asn->ref_cnt=1; pthread_mutex_init(&(ip_asn->lock), NULL); - mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", profile_id); + log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table add success %d", profile_id); *ad = ip_asn; } @@ -379,7 +379,7 @@ void ip_location_table_new_cb(const char *table_name, int table_id, const char* if(ret != 24) { - mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip location failed, ret:%d, %s", ret, table_line); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table parse ip location failed, ret:%d, %s", ret, table_line); return; } @@ -402,7 +402,7 @@ void ip_location_table_new_cb(const char *table_name, int table_id, const char* ip_location->subdivision_addr=strdup(subdivision_addr); ip_location->ref_cnt=1; pthread_mutex_init(&(ip_location->lock), NULL); - mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", profile_id); + log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table add success %d", profile_id); *ad = ip_location; } @@ -458,7 +458,7 @@ void tunnel_catalog_table_new_cb(const char *table_name, int table_id, const cha ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%d\t%d", &tunnel_id, tunnel_name, tunnel_type, composition, &group_id, &is_valid); if(ret!=6) { - mesa_runtime_log(RLOG_LV_FATAL, "Policy catalog table parse tunnel catalog failed, ret:%d, %s", ret, table_line); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy catalog table parse tunnel catalog failed, ret:%d, %s", ret, table_line); return; } @@ -472,7 +472,7 @@ void tunnel_catalog_table_new_cb(const char *table_name, int table_id, const cha tunnel->ref_cnt=1; pthread_mutex_init(&(tunnel->lock), NULL); - mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", tunnel_id); + log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table add success %d", tunnel_id); *ad = tunnel; } @@ -486,7 +486,7 @@ void tunnel_endpoint_table_new_cb(const char *table_name, int table_id, const ch ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%d", &endpoint_id, &addr_type, start_ip, end_ip, description, &is_valid); if(ret!=6) { - mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse tunnel end point failed, ret:%d, %s", ret, table_line); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table parse tunnel end point failed, ret:%d, %s", ret, table_line); return; } @@ -497,7 +497,7 @@ void tunnel_endpoint_table_new_cb(const char *table_name, int table_id, const ch tunnel->ref_cnt=1; pthread_mutex_init(&(tunnel->lock), NULL); - mesa_runtime_log(RLOG_LV_DEBUG, "Policy endpoint table add success %d", endpoint_id); + log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy endpoint table add success %d", endpoint_id); *ad = tunnel; } @@ -509,7 +509,7 @@ void tunnel_label_table_new_cb(const char *table_name, int table_id, const char* ret=sscanf(table_line, "%d\t%d", &label_id, &is_valid); if(ret!=2) { - mesa_runtime_log(RLOG_LV_FATAL, "Policy table tunnel label failed, ret:%d, %s", ret, table_line); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table tunnel label failed, ret:%d, %s", ret, table_line); return; } @@ -519,7 +519,7 @@ void tunnel_label_table_new_cb(const char *table_name, int table_id, const char* tunnel->ref_cnt=1; pthread_mutex_init(&(tunnel->lock), NULL); - mesa_runtime_log(RLOG_LV_DEBUG, "Policy label table add success %d", label_id); + log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy label table add success %d", label_id); *ad = tunnel; } @@ -560,7 +560,7 @@ int maat_tunnel_table_init(int profile_idx,int vsys_id, table_id=maat_plugin_table_ex_schema_register(g_policy_rt->feather[vsys_id], table_name, new_func[profile_idx], free_func, dup_func, 0, NULL); return table_id; } - mesa_runtime_log(RLOG_LV_FATAL, "Register table %s failed.", table_name); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Register table %s failed.", table_name); return -1; } @@ -626,7 +626,7 @@ int maat_plugin_table_ex_init(int profile_idx, int vsys_id, ret=maat_plugin_table_ex_schema_register(g_policy_rt->feather[vsys_id], table_name, new_func, free_func, dup_func, 0, NULL); return ret; } - mesa_runtime_log(RLOG_LV_FATAL, "Register maat plugin table %s failed.", table_name); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Register maat plugin table %s failed.", table_name); return -1; } @@ -721,7 +721,7 @@ int maat_ip_table_init(int profile_idx,int vsys_id, 0, NULL); return 0; } - mesa_runtime_log(RLOG_LV_FATAL, "Register table %s failed.", table_name); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Register table %s failed.", table_name); return -1; } @@ -746,7 +746,7 @@ void fqdn_cat_new_data(const char *table_name, int table_id, const char* key, co if(ret!=6) { FREE(&fqdn_cat); - mesa_runtime_log(RLOG_LV_FATAL, "Parse fqdn category failed, ret: %d table_id: %d table_line: %s", ret, table_id, table_line); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Parse fqdn category failed, ret: %d table_id: %d table_line: %s", ret, table_id, table_line); return; } fqdn_cat->ref_cnt=1; @@ -795,7 +795,7 @@ void compile_table_new_cb(const char *table_name, int table_id, const char* key, ret=sscanf(table_line, "%d\t%d\t%d\t%d\t%d\t%s\t%s\t%d\t%d", &config_id, &service_id, &action, &do_blacklist, &do_log,effective_range,srv_def_large,&group_num,&is_valid); if(ret!=9) { - mesa_runtime_log(RLOG_LV_FATAL, "Security compile table parse failed, ret:%d, %s", ret, table_line); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Security compile table parse failed, ret:%d, %s", ret, table_line); return; } do_log=do_log; @@ -1411,21 +1411,22 @@ static int group_scan(struct policy_scan_ctx *ctx, int vsys_id, int hit_cnt, str return hit_cnt_group; } -static int get_group_id_by_location(struct ip_data_table* ip_location, int level) + +static int get_group_id_by_location(const struct ip_data_table* ip_location, size_t level) { - switch(level) - { - case 0: - return ip_location->country_region_group_id; - case 1: - return ip_location->province_group_id; - case 2: - return ip_location->city_group_id; - case 3: - return ip_location->subdivision_group_id; - default: - return 0; - } + const int* group_ids[] = { + &ip_location->country_region_group_id, + &ip_location->province_group_id, + &ip_location->city_group_id, + &ip_location->subdivision_group_id + }; + + if (level >= 0 && level < sizeof(group_ids) / sizeof(group_ids[0])) + { + return *group_ids[level]; + } + + return 0; } int ip_location_scan(struct policy_scan_ctx *ctx, int vsys_id, struct ip_addr *sip, struct ip_addr *dip, int hit_cnt) @@ -1804,12 +1805,14 @@ int tunnel_scan(struct request_query_obj *request, struct policy_scan_ctx *ctx, size_t n_hit_result=0; long long result[MAX_SCAN_RESULT]={0}; + int hit_cnt_group=0; + if(ctx->tunnel_scan_mid == NULL) { ctx->tunnel_scan_mid = maat_state_new(g_policy_rt->feather[vsys_id], ctx->thread_id); maat_state_set_scan_compile_table(ctx->tunnel_scan_mid, g_policy_rt->compile_table_id[TSG_TUNNEL]); } - + int tunnel_table_id = get_tunnel_type_table_id(request->tunnel_type); if (ip_addr->addrtype == ADDR_TYPE_IPV4) { @@ -1853,10 +1856,11 @@ int tunnel_scan(struct request_query_obj *request, struct policy_scan_ctx *ctx, { logic=0; } - scan_ret = group_scan(ctx, vsys_id, hit_cnt, hit_group, TSG_OBJ_TUNNEL, logic); - if(scan_ret > 0) + scan_ret = maat_scan_group(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_TUNNEL], &hit_group, 1, + ctx->result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid); + if(scan_ret == MAAT_SCAN_HIT) { - hit_cnt_tunnel+=scan_ret; + hit_cnt_tunnel+=n_hit_result; } if(scan_ret >= MAAT_SCAN_OK) { @@ -1868,6 +1872,16 @@ int tunnel_scan(struct request_query_obj *request, struct policy_scan_ctx *ctx, } } } + if(logic) + { + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_TUNNEL], ctx->result+hit_cnt+hit_cnt_group, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_tunnel+=n_hit_result; + } + } + ctx->tunnel_scan++; request->merge_nth_scan_num = hit_path_cnt; finish: @@ -2267,7 +2281,7 @@ size_t policy_verify_scan(int vsys_id, int compile_table_id, struct request_quer hit_cnt+=scan_ret; } } - + scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], value, strlen(value), ctx->result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); @@ -2324,7 +2338,7 @@ static struct maat *create_maat_feather(const char * instance_name, const char * } else { - mesa_runtime_log(RLOG_LV_FATAL, "Invalid redis port range %s, MAAT init failed.", redis_port_range); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Invalid redis port range %s, MAAT init failed.", redis_port_range); } MESA_load_profile_string_def(profile, section, "inc_cfg_dir", inc_cfg_dir, sizeof(inc_cfg_dir), ""); MESA_load_profile_string_def(profile, section, "full_cfg_dir", ful_cfg_dir, sizeof(ful_cfg_dir), ""); @@ -2347,7 +2361,7 @@ static struct maat *create_maat_feather(const char * instance_name, const char * case MAAT_INPUT_FILE: maat_options_set_iris(opts, ful_cfg_dir, inc_cfg_dir); break; - default: mesa_runtime_log(RLOG_LV_FATAL, "Invalid MAAT Input Mode: %d.", input_mode); + default: log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Invalid MAAT Input Mode: %d.", input_mode); goto error_out; break; } @@ -2371,13 +2385,13 @@ static struct maat *create_maat_feather(const char * instance_name, const char * target = maat_new(opts, table_info); if (!target) { - mesa_runtime_log(RLOG_LV_FATAL, "%s MAAT init failed.", __FUNCTION__); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "%s MAAT init failed.", __FUNCTION__); goto error_out; } - mesa_runtime_log(RLOG_LV_INFO, "%s:%s", "Maat Redis Ip", redis_ip); - mesa_runtime_log(RLOG_LV_INFO, "%s:%s", "Maat Redis Port", redis_port_range); - mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Maat Redis_db_index", db_index); + log_info(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "%s:%s", "Maat Redis Ip", redis_ip); + log_info(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "%s:%s", "Maat Redis Port", redis_port_range); + log_info(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "%s:%d", "Maat Redis_db_index", db_index); maat_options_free(opts); return target; @@ -2499,6 +2513,9 @@ void verify_reload_loglevel() int load_vsys_num=0, log_level=0; const char * profile_path = "./conf/verify_policy.conf"; + MESA_load_profile_int_def(profile_path, "SYSTEM", "log_level", &log_level, LOG_FATAL); + log_options_set_level(g_verify_proxy->logger, log_level); + MESA_load_profile_int_def(profile_path, "MAAT", "load_vsys_num", &(load_vsys_num), 255); MESA_load_profile_int_def(profile_path, "MAAT", "log_level", &(log_level), LOG_LEVEL_FATAL); @@ -2551,10 +2568,10 @@ int maat_table_init(struct verify_policy * verify, const char* profile_path) g_policy_rt->scan_table_id[i] = maat_get_table_id(g_policy_rt->feather[vsys_id], table_name[i]); if (g_policy_rt->scan_table_id[i] < 0) { - mesa_runtime_log(RLOG_LV_FATAL, "Maat table %s register failed.", table_name[i]); + log_fatal(g_policy_rt->local_logger, MODULE_VERIFY_MATCHER, "Maat table %s register failed.", table_name[i]); goto error_out; } - mesa_runtime_log(RLOG_LV_DEBUG, "Register maat %p, table name %s, table id %d", g_policy_rt->feather[vsys_id], table_name[i], g_policy_rt->scan_table_id[i]); + log_debug(g_policy_rt->local_logger, MODULE_VERIFY_MATCHER, "Register maat %p, table name %s, table id %d", g_policy_rt->feather[vsys_id], table_name[i], g_policy_rt->scan_table_id[i]); } for(int i = 0; i < PXY_TABLE_DEFENCE; i++) diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index e593f76..72bcf04 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -30,9 +30,7 @@ #include "verify_policy.h" #include -#include #include "verify_policy_utils.h" -#include "verify_policy_logging.h" struct verify_policy * g_verify_proxy = NULL; @@ -54,15 +52,17 @@ static int load_system_conf(struct verify_policy * verify, const char *profile) int xret = -1; xret = MESA_load_profile_uint_nodef(profile, "CONFIG", "thread-nu", &(verify->nr_work_threads)); - if (xret < 0){ - mesa_runtime_log(RLOG_LV_FATAL, "Reading the number of running threads failed"); + if (xret < 0) + { + log_fatal(verify->logger, MODULE_VERIFY_POLICY, "Reading the number of running threads failed"); } xret = MESA_load_profile_short_nodef(profile, "LISTEN", "port", (short *)&(verify->listen_port)); - if (xret < 0){ - mesa_runtime_log(RLOG_LV_FATAL, "Listen Port invalid"); + if (xret < 0) + { + log_fatal(verify->logger, MODULE_VERIFY_POLICY, "Reading the listening port failed"); } - mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "The Threads", verify->nr_work_threads); - mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Libevent Port", verify->listen_port); + log_info(verify->logger, MODULE_VERIFY_POLICY, "%s:%d", "The Threads", verify->nr_work_threads); + log_info(verify->logger, MODULE_VERIFY_POLICY, "%s:%d", "Libevent Port", verify->listen_port); return xret; } @@ -86,7 +86,7 @@ int tsg_policy_type_str2idx(const char *action_str) if (0 == strcasecmp(action_str, policy_name[i])) break; } - mesa_runtime_log(RLOG_LV_INFO, "[I] policyType= %s", action_str); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] policyType= %s", action_str); return i; } @@ -204,7 +204,7 @@ struct ipaddr *ip_to_stream_addr(const char *clientIp1, unsigned int clientPort1 v6_addr->dest=serverPort1; ip_addr->v6=v6_addr; } - mesa_runtime_log(RLOG_LV_INFO, " [I] %s, clientIp1=%s, clientPort1=%d, serverIp=%s, serverPort=%d, addr_type=%d, protocol=%d", buff, + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, " [I] %s, clientIp1=%s, clientPort1=%d, serverIp=%s, serverPort=%d, addr_type=%d, protocol=%d", buff, clientIp1, clientPort1, serverIp1, serverPort1, addr_type, *protocol); return ip_addr; @@ -227,7 +227,7 @@ struct ipaddr *tunnel_to_stream_addr(const char *Ip, int addr_type) inet_pton(AF_INET6,Ip,&(v6_addr->saddr)); ip_addr->v6=v6_addr; } - mesa_runtime_log(RLOG_LV_DEBUG, "[I] attributeName = ip, clientIp1=%s, addr_type = %d", Ip, addr_type); + log_debug(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] attributeName = ip, clientIp1=%s, addr_type = %d", Ip, addr_type); return ip_addr; } @@ -259,7 +259,7 @@ static struct ipaddr * get_ip_from_json(cJSON *attributeValue, const char *attri if(attributeName==NULL) { - mesa_runtime_log(RLOG_LV_FATAL, "The attributeType is of type iP, but the attributeName is empty, resulting in IP type parsing failure."); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "The attributeType is of type iP, but the attributeName is empty, resulting in IP type parsing failure."); return NULL; } @@ -274,7 +274,7 @@ static struct ipaddr * get_ip_from_json(cJSON *attributeValue, const char *attri if(strcasecmp(attributeName, "ip_protocol") == 0) { - mesa_runtime_log(RLOG_LV_INFO, " [I] %s, protocol=%d", buff, *protocol); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, " [I] %s, protocol=%d", buff, *protocol); return NULL; } @@ -306,8 +306,8 @@ static char* get_port_from_json(cJSON *attributeValue, int *protocol, char *buff if(item && item->type==cJSON_Number) { *protocol = item->valueint; - } - mesa_runtime_log(RLOG_LV_INFO, "[I] %s, port=%s, protocol=%d", buff, string, *protocol); + } + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] %s, port=%s, protocol=%d", buff, string, *protocol); return string; } @@ -354,7 +354,7 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p policy_query->request_object[curr_id].table_id = protoco_field_type_str2idx(item->valuestring, buff, &p); if(policy_query->request_object[curr_id].table_id == __TSG_OBJ_MAX) { - mesa_runtime_log(RLOG_LV_FATAL, "Get table id failed form table name:%s", item->valuestring); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Get table id failed form table name:%s", item->valuestring); return xret; } } @@ -408,7 +408,7 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->request_object[curr_id].string); } } - mesa_runtime_log(RLOG_LV_INFO, "[I] %s", buff); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] %s", buff); memset(buff, 0, VERIFY_STRING_MAX*2); end: xret = 1; @@ -433,7 +433,7 @@ enum verify_type get_verify_type(cJSON* data_json) { q_type = VERIFY_TYPE_REGEX; } - mesa_runtime_log(RLOG_LV_INFO, " [I] verifyType= %s", item->valuestring); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, " [I] verifyType= %s", item->valuestring); } return q_type; } @@ -508,7 +508,7 @@ int get_query_result_policy(cJSON *subitem, cJSON *data_obj, int thread_id) verify_policy->compile_table_id = tsg_policy_type_str2idx(item->valuestring); if (verify_policy->compile_table_id >= __SCAN_POLICY_MAX) { - mesa_runtime_log(RLOG_LV_FATAL, "policy type error, policy id = %d", verify_policy->compile_table_id); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "policy type error, policy id = %d", verify_policy->compile_table_id); goto free; } } @@ -518,7 +518,7 @@ int get_query_result_policy(cJSON *subitem, cJSON *data_obj, int thread_id) { verify_policy->vsys_id = item->valueint; } - mesa_runtime_log(RLOG_LV_INFO, "[I] vsysId= %d", verify_policy->vsys_id); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] vsysId= %d", verify_policy->vsys_id); item = cJSON_GetObjectItem(subitem,"verifySession"); if(item == NULL || item->type!=cJSON_Object) @@ -581,7 +581,7 @@ cJSON *get_query_from_request(const char *data, ssize_t data_len, int thread_id) cJSON* data_json = cJSON_Parse(data); if(data_json == NULL) { - mesa_runtime_log(RLOG_LV_FATAL, "invalid policy parameter"); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Failed to parse the request data."); return NULL; } cJSON *policy_obj=NULL, *data_obj=NULL; @@ -603,7 +603,7 @@ cJSON *get_query_from_request(const char *data, ssize_t data_len, int thread_id) { if(verify_type == VERIFY_TYPE_REGEX) { - mesa_runtime_log(RLOG_LV_INFO, " [I] data= %.*s", (int)data_len, data); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, " [I] data= %.*s", (int)data_len, data); hit_cnt = get_query_result_regex(subitem, data_obj); } @@ -659,13 +659,13 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg) if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST) { - mesa_runtime_log(RLOG_LV_FATAL, "FAILED (post type)"); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "FAILED (post type)"); goto error; } evbuf_body = evhttp_request_get_input_buffer(evh_req); if (!evbuf_body || 0==(inputlen = evbuffer_get_length(evbuf_body)) ||!(input = (char *)evbuffer_pullup(evbuf_body,inputlen))) { - mesa_runtime_log(RLOG_LV_FATAL, "Failed to get post data information."); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Failed to get post data information."); goto error; } @@ -676,7 +676,7 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg) } policy_payload = cJSON_PrintUnformatted(policy_obj); - mesa_runtime_log(RLOG_LV_INFO, "[O] %s", policy_payload); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[O] %s", policy_payload); evhttp_socket_send(evh_req, policy_payload); cJSON_Delete(policy_obj); @@ -698,13 +698,13 @@ void * verify_policy_thread_func(void * arg) thread_ctx->base = event_base_new(); if (! thread_ctx->base) { - mesa_runtime_log(RLOG_LV_FATAL, "Can'thread_ctx allocate event base"); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Can'thread_ctx allocate event base"); goto finish; } thread_ctx->http = evhttp_new(thread_ctx->base); if (!thread_ctx->http) { - mesa_runtime_log(RLOG_LV_FATAL, "couldn'thread_ctx create evhttp. Exiting."); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "couldn'thread_ctx create evhttp. Exiting."); goto error; } @@ -713,10 +713,10 @@ void * verify_policy_thread_func(void * arg) bound = evhttp_accept_socket_with_handle(thread_ctx->http, thread_ctx->accept_fd); if (bound != NULL) { - mesa_runtime_log(RLOG_LV_INFO, "Bound(%p) to port %d - Awaiting connections ... ", bound, + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Bound(%p) to port %d - Awaiting connections ... ", bound, g_verify_proxy->listen_port); } - mesa_runtime_log(RLOG_LV_FATAL, "Work thread %u is run...", thread_ctx->id); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Work thread %u is run...", thread_ctx->id); event_base_dispatch(thread_ctx->base); error: @@ -832,7 +832,7 @@ int verify_policy_work_thread_run(struct verify_policy * verify) evutil_socket_t accept_fd = evhttp_listen_socket_byuser((struct sockaddr*)&sin, sizeof(struct sockaddr_in),LEV_OPT_REUSEABLE_PORT|LEV_OPT_CLOSE_ON_FREE, -1); if (accept_fd < 0) { - mesa_runtime_log(RLOG_LV_FATAL, "Could not create a listen!"); + log_fatal(verify->logger, MODULE_VERIFY_POLICY, "Could not create a listen!"); goto finish; } @@ -846,12 +846,12 @@ int verify_policy_work_thread_run(struct verify_policy * verify) if (pthread_create(&thread_ctx->pid, thread_ctx->attr, thread_ctx->routine, thread_ctx)) { - mesa_runtime_log(RLOG_LV_FATAL, "%s", strerror(errno)); + log_fatal(verify->logger, MODULE_VERIFY_POLICY, "%s", strerror(errno)); goto finish; } if (pthread_detach(thread_ctx->pid)) { - mesa_runtime_log(RLOG_LV_FATAL, "%s", strerror(errno)); + log_fatal(verify->logger, MODULE_VERIFY_POLICY, "%s", strerror(errno)); goto finish; } } @@ -910,14 +910,14 @@ int breakpad_init_minidump_upload(struct breakpad_instance * instance, const cha if (unlikely(ret < 0)) { - mesa_runtime_log(RLOG_LV_FATAL, "breakpad_upload_url is necessary, failed. "); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "breakpad_upload_url is necessary, failed. "); goto errout; } ret = readlink("/proc/self/exe", execpath, sizeof(execpath)); if(unlikely(ret < 0)) { - mesa_runtime_log(RLOG_LV_FATAL, "Failed at readlink /proc/self/exec: %s", strerror(errno)); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Failed at readlink /proc/self/exec: %s", strerror(errno)); /* after log, reset errno */ errno = 0; goto errout; @@ -1018,7 +1018,7 @@ struct breakpad_instance * breakpad_init(const char * profile) ret = setrlimit(RLIMIT_CORE, &__rlimit_vars); if (ret < 0) { - mesa_runtime_log(RLOG_LV_FATAL, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno)); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno)); /* after log, reset errno */ errno = 0; } @@ -1027,7 +1027,7 @@ struct breakpad_instance * breakpad_init(const char * profile) MESA_load_profile_uint_def(profile, "system", "enable_breakpad", &instance->en_breakpad, 1); if (instance->en_breakpad <= 0) { - mesa_runtime_log(RLOG_LV_FATAL, "Breakpad Crash Reporting System is disabled. "); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Breakpad Crash Reporting System is disabled. "); return instance; } @@ -1046,7 +1046,7 @@ struct breakpad_instance * breakpad_init(const char * profile) ret = breakpad_init_minidump_upload(instance, profile); if (ret < 0) { - mesa_runtime_log(RLOG_LV_FATAL, "Breakpad upload init failed, using local breakpad dumpfile"); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Breakpad upload init failed, using local breakpad dumpfile"); instance->en_breakpad_upload = 0; } @@ -1055,7 +1055,7 @@ struct breakpad_instance * breakpad_init(const char * profile) ret = setrlimit(RLIMIT_CORE, &__rlimit_vars); if (ret < 0) { - mesa_runtime_log(RLOG_LV_FATAL, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno)); + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno)); /* after log, reset errno */ errno = 0; } @@ -1073,8 +1073,8 @@ struct breakpad_instance * breakpad_init(const char * profile) google_breakpad::MinidumpDescriptor(instance->minidump_dir_prefix), NULL, tfe_breakpad_dump_to_file, NULL, true, -1); } - mesa_runtime_log(RLOG_LV_INFO, "Breakpad Crash Report is enable. "); - mesa_runtime_log(RLOG_LV_INFO, "Minidump Dir: %s", instance->minidump_dir_prefix); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Breakpad Crash Report is enable. "); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Minidump Dir: %s", instance->minidump_dir_prefix); return instance; } @@ -1083,8 +1083,7 @@ void __signal_handler_cb(int sig) switch (sig) { case SIGHUP: - mesa_runtime_log(RLOG_LV_INFO, "Reload log config"); - MESA_handle_runtime_log_reconstruction(NULL); + log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Reload log config"); verify_reload_loglevel(); break; case SIGPIPE: @@ -1102,7 +1101,7 @@ int main(int argc, char * argv[]) const char * main_profile = "./conf/verify_policy.conf"; struct timespec start_time, end_time; - int ret = 0, opt = 0; + int ret = 0, opt = 0, log_level=0; while ((opt = getopt(argc, argv, "v")) != -1) { switch (opt) @@ -1118,7 +1117,9 @@ int main(int argc, char * argv[]) assert(g_verify_proxy); strcpy(g_verify_proxy->name, "verify_policy"); - g_verify_proxy->logger = verify_syslog_init(main_profile); + const char *log_path="./logs/verify_policy.log"; + MESA_load_profile_int_def(main_profile, "SYSTEM", "log_level", &log_level, LOG_FATAL); + g_verify_proxy->logger = log_handle_create(log_path, log_level); CHECK_OR_EXIT(g_verify_proxy->logger != NULL, "Failed at init log module. Exit."); ret = load_system_conf(g_verify_proxy, main_profile); @@ -1128,7 +1129,8 @@ int main(int argc, char * argv[]) ret = maat_table_init(g_verify_proxy, main_profile); CHECK_OR_EXIT(ret == 0, "Failed at init maat module, Exit."); clock_gettime(CLOCK_REALTIME, &(end_time)); - mesa_runtime_log(RLOG_LV_FATAL, "Read table_info.conf, take time %lu(s)", end_time.tv_sec - start_time.tv_sec); + + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Read table_info.conf, take time %lu(s)", end_time.tv_sec - start_time.tv_sec); printf("Read table_info.conf, take time %lu(s)\n", end_time.tv_sec - start_time.tv_sec); g_verify_proxy->breakpad = breakpad_init(main_profile); diff --git a/vendor/CMakeLists.txt b/vendor/CMakeLists.txt index e8140e9..a4574a6 100644 --- a/vendor/CMakeLists.txt +++ b/vendor/CMakeLists.txt @@ -103,10 +103,6 @@ set_property(TARGET gperftools-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${I set(MESA_FRAMEWORK_LIB_DIR /opt/MESA/lib) set(MESA_FRAMEWORK_INCLUDE_DIR /opt/MESA/include) -add_library(MESA_handle_logger SHARED IMPORTED GLOBAL) -set_property(TARGET MESA_handle_logger PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libMESA_handle_logger.so) -set_property(TARGET MESA_handle_logger PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR}) - add_library(MESA_prof_load SHARED IMPORTED GLOBAL) set_property(TARGET MESA_prof_load PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libMESA_prof_load.so) set_property(TARGET MESA_prof_load PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})