From 446044e5d97f84d6f0d3c78b6322ba4d1f626767 Mon Sep 17 00:00:00 2001
From: yangwei <yangwei@iie.ac.cn>
Date: Sat, 27 Apr 2024 15:18:59 +0800
Subject: ✨ feat(output detain metric): output stat in local file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/SSL_Analyze.c | 71 ++++++++++++++++++++++++++++++++++++++++++-------------
 src/SSL_Analyze.h | 17 +++++++++++--
 src/SSL_Message.c | 18 ++++++++++----
 3 files changed, 83 insertions(+), 23 deletions(-)

(limited to 'src')

diff --git a/src/SSL_Analyze.c b/src/SSL_Analyze.c
index aa2e98d..266e87f 100644
--- a/src/SSL_Analyze.c
+++ b/src/SSL_Analyze.c
@@ -16,6 +16,7 @@
 #include "ssl.h"
 #include <MESA/MESA_prof_load.h>
 #include "SSL_Proc.h"
+#include "fieldstat.h"
 
 #include <assert.h>
 
@@ -206,24 +207,31 @@ extern "C" char SSL_ENTRY(const struct streaminfo *a_tcp, void**pme, int thread_
 
 extern "C" char SSL_DETAIN_ENTRY(const struct streaminfo *a_tcp, void**pme, int thread_seq, const void *a_packet)
 {
-	if(g_ssl_runtime_para.detain_frag_chello_enable==0)return APP_STATE_DROPME;
+	if(g_ssl_runtime_para.detain_frag_chello_num==0)return APP_STATE_DROPME;
 
-	if(a_tcp->ptcpdetail->serverpktnum <= MAX_DETAIN_FRAG_CHELLO_NUM)
+	if(a_tcp->ptcpdetail->serverpktnum <= (MAX_DETAIN_FRAG_CHELLO_NUM+2))
 	{
-		struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx);
-		if(pkts && pkts->finish==1)
-		{
-			struct detain_pkt *p=NULL;
-			for(unsigned int i = 0; i < pkts->p_sz; i++)
-			{
-				p=pkts->p[i];
-   		        if (p)MESA_detain_pkt_forward_based_on_stream(a_tcp, p);
-				pkts->p[i]=NULL;
-			}
-			pkts->p_sz=0;
+        if (a_tcp->curdir == DIR_C2S)// only c2s packet trigger frag chello finish
+        {
+            struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx);
+            if (pkts && pkts->finish == 1)
+            {
+                struct detain_pkt *p = NULL;
+                for (unsigned int i = 0; i < pkts->p_sz; i++)
+                {
+                    p = pkts->p[i];
+                    if (p)MESA_detain_pkt_forward_based_on_stream(a_tcp, p);
+					if(g_ssl_runtime_para.fs)fieldstat_value_incrby(g_ssl_runtime_para.fs, 
+								g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_FORWARD], 
+								1);
+                    pkts->p[i] = NULL;
+                }
+                pkts->p_sz = 0;
+        	    return APP_STATE_DROPME;
+            }
         }
 		return APP_STATE_GIVEME;
-	}
+    }
 	return APP_STATE_DROPME;
 }
 
@@ -236,6 +244,12 @@ static void ssl_retain_packet_bridge_free(const struct streaminfo *stream, int b
 		for(unsigned int i = 0; i < pkts->p_sz; i++)
 		{
             if (p)MESA_detain_pkt_free(p);
+			if(g_ssl_runtime_para.fs)fieldstat_value_incrby(g_ssl_runtime_para.fs, 
+								g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_FREE], 
+								1);
+			if(g_ssl_runtime_para.fs)fieldstat_value_incrby(g_ssl_runtime_para.fs, 
+								g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_TIMEOUT], 
+								1);
 		}
         free(pkts);
     }
@@ -254,11 +268,30 @@ extern "C" int SSL_INIT(void)
 	const char *filename="./conf/ssl/ssl_main.conf";
 	MESA_load_profile_int_def(filename, "SSL", "MAX_CACHE_LEN", &g_ssl_runtime_para.max_cache_len, 10240);
 	MESA_load_profile_int_def(filename, "SSL", "PARSE_CERTIFICATE_DETAIL", &g_ssl_runtime_para.parse_certificate_detail, 1);
-	MESA_load_profile_uint_def(filename, "SSL", "DETAIN_FRAG_CHELLO_ENABLE", &g_ssl_runtime_para.detain_frag_chello_enable, 0);
-
+	MESA_load_profile_uint_def(filename, "SSL", "DETAIN_FRAG_CHELLO_NUM", &g_ssl_runtime_para.detain_frag_chello_num, 0);
+	g_ssl_runtime_para.detain_frag_chello_num= MIN(g_ssl_runtime_para.detain_frag_chello_num, MAX_DETAIN_FRAG_CHELLO_NUM);
 	g_ssl_runtime_para.proto_tag_id=project_producer_register("MESA_PROTO", "struct", ssl_proto_tag_free);
 
-	if(g_ssl_runtime_para.detain_frag_chello_enable>0)
+	unsigned int refresh_s=0;
+	MESA_load_profile_uint_def(filename, "SSL", "SSL_STAT_REFRESH_S", &refresh_s, 0);
+	if(refresh_s > 0)
+	{
+		g_ssl_runtime_para.fs=fieldstat_instance_new("SSL_DECODER");
+		fieldstat_set_output_interval(g_ssl_runtime_para.fs, refresh_s * 1000);
+		fieldstat_set_local_output(g_ssl_runtime_para.fs, "./log/ssl.status", "default");
+		fieldstat_enable_prometheus_output(g_ssl_runtime_para.fs);
+		fieldstat_instance_start(g_ssl_runtime_para.fs);
+		g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_NUM]=fieldstat_register(g_ssl_runtime_para.fs, FIELD_TYPE_COUNTER, "FRAG_CH_NUM",NULL, 0); 
+		g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_FORWARD]=fieldstat_register(g_ssl_runtime_para.fs, FIELD_TYPE_COUNTER, "FRAG_CH_FORWARD",NULL, 0);
+		g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_FREE]=fieldstat_register(g_ssl_runtime_para.fs, FIELD_TYPE_COUNTER, "FRAG_CH_FREE",NULL, 0);
+		g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_SESSION]=fieldstat_register(g_ssl_runtime_para.fs, FIELD_TYPE_COUNTER, "FRAG_CH_SESS",NULL, 0);
+		g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_FINISH]=fieldstat_register(g_ssl_runtime_para.fs, FIELD_TYPE_COUNTER, "FRAG_CH_FIN",NULL, 0);
+		g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_TIMEOUT]=fieldstat_register(g_ssl_runtime_para.fs, FIELD_TYPE_COUNTER, "FRAG_CH_TOT",NULL, 0);
+	}
+
+
+
+	if(g_ssl_runtime_para.detain_frag_chello_num>0)
 	{
 		g_ssl_runtime_para.frag_chello_exdata_idx=stream_bridge_build(SSL_FRAG_CHELLO_BRIDEGE_NAME, "w");
 		assert(g_ssl_runtime_para.frag_chello_exdata_idx >= 0);
@@ -270,6 +303,10 @@ extern "C" int SSL_INIT(void)
 
 extern "C" void SSL_DESTROY(void)
 {
+	if(g_ssl_runtime_para.fs != NULL)
+	{
+		fieldstat_instance_free(g_ssl_runtime_para.fs);
+	}
 	return;
 }
 
diff --git a/src/SSL_Analyze.h b/src/SSL_Analyze.h
index f45e98e..f69d86a 100644
--- a/src/SSL_Analyze.h
+++ b/src/SSL_Analyze.h
@@ -51,6 +51,18 @@ struct frag_chello
 	unsigned int finish;
 };
 
+
+enum fs_metric
+{
+	FS_METRIC_DETAIN_FRAG_CHELLO_NUM = 0,
+	FS_METRIC_DETAIN_FRAG_CHELLO_FORWARD,
+	FS_METRIC_DETAIN_FRAG_CHELLO_FREE,
+	FS_METRIC_DETAIN_FRAG_CHELLO_SESSION,
+	FS_METRIC_DETAIN_FRAG_CHELLO_FINISH,
+	FS_METRIC_DETAIN_FRAG_CHELLO_TIMEOUT,
+	FS_METRIC_MAX
+};
+
 struct ssl_runtime_para
 { 	
 	unsigned long long 	ssl_interested_region_flag;
@@ -63,9 +75,10 @@ struct ssl_runtime_para
 	int proto_tag_id ;
 	int max_cache_len;
 	int parse_certificate_detail;
-	unsigned int detain_frag_chello_enable;
-	unsigned int max_check_c2s_num;
+	unsigned int detain_frag_chello_num;
 	int frag_chello_exdata_idx;
+	struct fieldstat_instance *fs;
+	int fs_metric_id[FS_METRIC_MAX];
 };
 
 struct ssl_business_info
diff --git a/src/SSL_Message.c b/src/SSL_Message.c
index 3bbc393..57ef418 100644
--- a/src/SSL_Message.c
+++ b/src/SSL_Message.c
@@ -12,7 +12,7 @@
 #include "SSL_Message.h"
 #include "SSL_Proc.h"
 #include "SSL_Certificate.h"
-
+#include "fieldstat.h"
 
 
 #define SUITE_VALUELEN					2
@@ -988,20 +988,27 @@ int ssl_parse_version(const struct streaminfo *a_tcp, struct ssl_runtime_context
 
 static void ssl_detain_frag_chello(const struct streaminfo *a_tcp)
 {
-	if(g_ssl_runtime_para.detain_frag_chello_enable == 0 || a_tcp->curdir != DIR_C2S)return;
+	if(g_ssl_runtime_para.detain_frag_chello_num == 0 || a_tcp->curdir != DIR_C2S || a_tcp->dir != DIR_DOUBLE)return;
 	
     struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx);
     if (pkts == NULL)
     {
         pkts=(struct frag_chello *)calloc(sizeof(struct frag_chello), 1);
+		if(g_ssl_runtime_para.fs)fieldstat_value_incrby(g_ssl_runtime_para.fs, 
+								g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_SESSION], 
+								1);
     }
 	if(pkts->finish == 1)return;
 	const void *p = get_current_rawpkt_from_streaminfo(a_tcp);
 	struct detain_pkt *dpkt=MESA_rawpkt_detain(a_tcp, p);
-	if(dpkt)
+	if(dpkt && pkts->p_sz<g_ssl_runtime_para.detain_frag_chello_num)
 	{
 		pkts->p[pkts->p_sz]=dpkt;
 		pkts->p_sz+=1;
+		if(pkts->p_sz==g_ssl_runtime_para.detain_frag_chello_num)pkts->finish=1;
+		if(g_ssl_runtime_para.fs)fieldstat_value_incrby(g_ssl_runtime_para.fs, 
+								g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_NUM], 
+								1);
 	}
     stream_bridge_async_data_put(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx, pkts);
 	return;
@@ -1009,9 +1016,12 @@ static void ssl_detain_frag_chello(const struct streaminfo *a_tcp)
 
 static void ssl_detain_chello_finish(const struct streaminfo *a_tcp)
 {
-	if(g_ssl_runtime_para.detain_frag_chello_enable == 0)return;
+	if(g_ssl_runtime_para.detain_frag_chello_num == 0)return;
 	struct frag_chello *pkts = (struct frag_chello *)stream_bridge_async_data_get(a_tcp, g_ssl_runtime_para.frag_chello_exdata_idx);
 	if(pkts)pkts->finish=1;
+	if(g_ssl_runtime_para.fs)fieldstat_value_incrby(g_ssl_runtime_para.fs, 
+								g_ssl_runtime_para.fs_metric_id[FS_METRIC_DETAIN_FRAG_CHELLO_FINISH], 
+								1);
 	return;
 }
 
-- 
cgit v1.2.3