1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
|
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <stdint.h>
#include <stddef.h>
#include <assert.h>
#include "stellar/session.h"
#include "stellar/monitor.h"
#include "session_manager/session_manager_rte.h"
#include "monitor/monitor_utils.h"
#include "monitor/monitor_rpc.h"
#include "sds/sds.h"
#include "session_manager/session_internal.h"
// temp add
extern struct session_manager_rte *session_manager_get_runtime(struct session_manager *sess_mgr, uint16_t thread_id);
#define SHOW_SESSION_BRIEF_LIMIT_DEFAULT 10
#define SHOW_SESSION_BRIEF_LIMIT_MAX 1000
#define SHOW_SESSION_BRIEF_SCAN_COUNT_DEFAULT 100
/* show session brief */
struct stm_show_session_brief_opt
{
#define SESSION_SCAN_SNET (1 << 25)
#define SESSION_SCAN_DNET (1 << 26)
#define SESSION_SCAN_ID (1 << 27)
#define SESSION_SCAN_CURSOR (1 << 28)
#define SESSION_SCAN_COUNT (1 << 29)
#define SESSION_SCAN_LIMIT (1 << 30)
struct session_scan_opts scan_opt;
uint32_t limit;
};
/* show session detail <id> */
struct stm_show_session_detail_opt
{
uint64_t sess_id;
int thread_idx; // todo, not used now
};
struct show_session_brief_result
{
uint64_t sid;
int thread_index;
enum session_state state;
enum session_type protocol;
time_t create_time_in_sec;
time_t last_pkt_time_in_sec;
uint8_t flow_dir;
struct tuple6 addr;
} __attribute__((packed));
struct show_session_brief_array
{
size_t array_num;
struct show_session_brief_result array[0]; /* Continuous memory, array_num * sizeof(struct show_session_brief_result) */
} __attribute__((packed));
struct show_session_detail_result
{
struct show_session_brief_result sess_brief;
unsigned long long sess_stat[MAX_FLOW_TYPE][MAX_STAT];
enum session_direction direction; // in or out
unsigned char application; // L7 appid
// todo, other info
} __attribute__((packed));
static void stm_session_brief_cli_args_set_default(struct stm_show_session_brief_opt *show_opt)
{
memset(show_opt, 0, sizeof(struct stm_show_session_brief_opt));
show_opt->limit = SHOW_SESSION_BRIEF_LIMIT_DEFAULT;
show_opt->scan_opt.cursor = 0;
show_opt->scan_opt.count = SHOW_SESSION_BRIEF_SCAN_COUNT_DEFAULT;
}
static uint32_t stm_session_brief_cli_args_get_flags(const char *para_name)
{
if (NULL == para_name)
{
return 0;
}
if (strncasecmp(para_name, "id", 2) == 0)
{
return SESSION_SCAN_ID;
}
else if (strncasecmp(para_name, "cursor", 6) == 0)
{
return SESSION_SCAN_CURSOR;
}
else if (strncasecmp(para_name, "count", 5) == 0)
{
return SESSION_SCAN_COUNT;
}
else if (strncasecmp(para_name, "state", 5) == 0)
{
return SESSION_SCAN_STATE;
}
else if (strncasecmp(para_name, "sip", 3) == 0)
{
return SESSION_SCAN_SIP;
}
else if (strncasecmp(para_name, "dip", 3) == 0)
{
return SESSION_SCAN_DIP;
}
else if (strncasecmp(para_name, "snet", 4) == 0)
{
return SESSION_SCAN_SNET;
}
else if (strncasecmp(para_name, "dnet", 4) == 0)
{
return SESSION_SCAN_DNET;
}
else if (strncasecmp(para_name, "sport", 5) == 0)
{
return SESSION_SCAN_SPORT;
}
else if (strncasecmp(para_name, "dport", 5) == 0)
{
return SESSION_SCAN_DPORT;
}
else if (strncasecmp(para_name, "protocol", 8) == 0)
{
return SESSION_SCAN_TYPE;
}
else if (strncasecmp(para_name, "limit", 5) == 0)
{
return SESSION_SCAN_LIMIT;
}
else if (strncasecmp(para_name, "create-time-in", strlen("create-time-in")) == 0)
{
return SESSION_SCAN_CREATE_TIME;
}
else if (strncasecmp(para_name, "last-pkt-time-in", strlen("last-pkt-time-in")) == 0)
{
return SESSION_SCAN_LASPKT_TIME;
}
return 0;
}
static enum session_state show_session_state_pton(const char *state_str)
{
if (strncasecmp(state_str, "opening", strlen("opening")) == 0)
{
return SESSION_STATE_OPENING;
}
else if (strncasecmp(state_str, "active", strlen("active")) == 0)
{
return SESSION_STATE_ACTIVE;
}
else if (strncasecmp(state_str, "closing", strlen("closing")) == 0)
{
return SESSION_STATE_CLOSING;
}
return MAX_STATE;
}
static uint32_t show_session_ipaddr_ntop(const char *ip_string, struct session_scan_opts *scan_opt, uint32_t flag)
{
uint32_t addr_family;
if (SESSION_SCAN_SIP == flag)
{
addr_family = stm_inet_pton(ip_string, &scan_opt->src_addr[0].v4, &scan_opt->src_addr[0].v6);
}
else
{
addr_family = stm_inet_pton(ip_string, &scan_opt->dst_addr[0].v4, &scan_opt->dst_addr[0].v6);
}
if (addr_family == 0)
{
return 0;
}
if (AF_INET == addr_family)
{
if (SESSION_SCAN_SIP == flag)
{
scan_opt->src_addr[1].v4 = scan_opt->src_addr[0].v4;
}
else
{
scan_opt->dst_addr[1].v4 = scan_opt->dst_addr[0].v4;
}
}
else
{
if (SESSION_SCAN_SIP == flag)
{
scan_opt->src_addr[1].v6 = scan_opt->src_addr[0].v6;
}
else
{
scan_opt->dst_addr[1].v6 = scan_opt->dst_addr[0].v6;
}
}
return addr_family;
}
static sds show_session_cli_args_sanity_check(const struct stm_show_session_brief_opt *brief_opt)
{
uint32_t flags = brief_opt->scan_opt.flags;
sds ss = sdsempty();
if ((flags & SESSION_SCAN_SIP) && (flags & SESSION_SCAN_SNET))
{
ss = sdscatprintf(ss, "error: the 'sip' and 'snet' options conflict!");
return ss;
}
if ((flags & SESSION_SCAN_DIP) && (flags & SESSION_SCAN_DNET))
{
ss = sdscatprintf(ss, "error: the 'dip' and 'dnet' options conflict!");
return ss;
}
return ss;
}
static int show_session_is_help(int argc, char *argv[])
{
for (int i = 0; i < argc; i++)
{
if (strncasecmp(argv[i], "help", 4) == 0)
{
return 1;
}
if (strncasecmp(argv[i], "--help", 6) == 0)
{
return 1;
}
if (strncasecmp(argv[i], "-h", 2) == 0)
{
return 1;
}
}
return 0;
}
static struct monitor_reply *show_session_brief_usage(void)
{
sds ss = sdsempty();
ss = sdscatprintf(ss, "Usage: show session brief [options]\n");
ss = sdscatprintf(ss, "Options:\n");
ss = sdscatprintf(ss, " -h, --help help\tdisplay usage information and exit\n");
ss = sdscatprintf(ss, " cursor <cursor>\n");
ss = sdscatprintf(ss, " count <count>\n");
ss = sdscatprintf(ss, " state <opening|active|closing>\n");
ss = sdscatprintf(ss, " protocol <tcp|udp>\n");
ss = sdscatprintf(ss, " sip <source ip>\n");
ss = sdscatprintf(ss, " dip <destination ip>\n");
ss = sdscatprintf(ss, " sport <source port>\n");
ss = sdscatprintf(ss, " dport <destination port>\n");
ss = sdscatprintf(ss, " snet <source network/netmask>\texample 192.168.1.0/24\n");
ss = sdscatprintf(ss, " dnet <destination network/netmask>\texample 1234::abcd/48\n");
ss = sdscatprintf(ss, " create-time-in <last-N-[seconds|minutes|hours|days]>\texample last-1-hours\n");
ss = sdscatprintf(ss, " last-pkt-time-in <last-N-[seconds|minutes|hours|days]>\texample last-7-days\n");
ss = sdscatprintf(ss, " limit <limit>\n");
struct monitor_reply *reply = monitor_reply_new_string("%s", ss);
sdsfree(ss);
return reply;
}
static struct monitor_reply *show_session_detail_usage(void)
{
sds ss = sdsempty();
ss = sdscatprintf(ss, "Usage: show session detial [options]\n");
ss = sdscatprintf(ss, "Options:\n");
ss = sdscatprintf(ss, " -h, --help help\tdisplay usage information and exit\n");
ss = sdscatprintf(ss, " id <session id>\n");
struct monitor_reply *reply = monitor_reply_new_string("%s", ss);
sdsfree(ss);
return reply;
}
/*
"show session ..." command args parser
return:
NULL: success, brief_opt is filled
not NULL: error message
*/
static struct monitor_reply *show_session_brief_cli_args_parse(int argc, char *argv[], struct stm_show_session_brief_opt *brief_opt)
{
uint32_t ipaddr_family = 0, history_ipaddr_family = 0;
sds ss = NULL;
uint32_t flag;
struct monitor_reply *error_reply = NULL;
const char *opt_name, *opt_value;
stm_session_brief_cli_args_set_default(brief_opt);
int i = 3; // skip "show session brief"
while (i < argc)
{
ipaddr_family = 0;
opt_name = argv[i];
flag = stm_session_brief_cli_args_get_flags(opt_name);
if (i + 1 >= argc)
{
error_reply = monitor_reply_new_error("option %s requires an argument\n", opt_name);
return error_reply;
}
opt_value = argv[++i];
switch (flag)
{
case SESSION_SCAN_TYPE:
{
if (strncasecmp(opt_value, "tcp", 3) == 0)
{
brief_opt->scan_opt.type = SESSION_TYPE_TCP;
}
else if (strncasecmp(opt_value, "udp", 3) == 0)
{
brief_opt->scan_opt.type = SESSION_TYPE_UDP;
}
else
{
error_reply = monitor_reply_new_error("unsupported protocol type: %s. should be <tcp|udp>\n", opt_value);
goto error_exit;
}
}
break;
case SESSION_SCAN_STATE:
{
enum session_state tmp_state = show_session_state_pton(opt_value);
if (tmp_state == MAX_STATE)
{
error_reply = monitor_reply_new_error("unrecognized session state: %s. should be <opening|active|closing>\n", opt_value);
goto error_exit;
}
brief_opt->scan_opt.state = tmp_state;
}
break;
// case SESSION_SCAN_ID:
// if (stm_string_isdigit(opt_value) == 0)
// {
// *error_reply = monitor_reply_new_error("invalid session id: %s. should be integer in range: <1 - UINT64_MAX>\n", opt_value);
// goto error_exit;
// }
// show_opt->detail_opt.sess_id = strtoull(opt_value, NULL, 10);
// break;
case SESSION_SCAN_SIP:
ipaddr_family = show_session_ipaddr_ntop(opt_value, &brief_opt->scan_opt, SESSION_SCAN_SIP);
if (ipaddr_family == 0)
{
error_reply = monitor_reply_new_error("invalid sip address: %s\n", opt_value);
goto error_exit;
}
brief_opt->scan_opt.addr_family = ipaddr_family;
break;
case SESSION_SCAN_DIP:
ipaddr_family = show_session_ipaddr_ntop(opt_value, &brief_opt->scan_opt, SESSION_SCAN_DIP);
if (ipaddr_family == 0)
{
error_reply = monitor_reply_new_error("invalid dip address: %s\n", opt_value);
goto error_exit;
}
brief_opt->scan_opt.addr_family = ipaddr_family;
break;
case SESSION_SCAN_SNET:
{
uint32_t ipv4addr, ipv4mask;
struct in6_addr ipv6addr, ipv6mask;
ipaddr_family = stm_ip_cidr_pton(opt_value, &ipv4addr, &ipv4mask, &ipv6addr, &ipv6mask);
if (ipaddr_family == 0)
{
error_reply = monitor_reply_new_error("invalid snet CIDR address: %s\n", opt_value);
goto error_exit;
}
if (AF_INET == ipaddr_family)
{
uint32_t ipv4_range[2];
stm_ipv4_cidr_to_range(ipv4addr, ipv4mask, ipv4_range);
brief_opt->scan_opt.src_addr[0].v4.s_addr = ipv4_range[0];
brief_opt->scan_opt.src_addr[1].v4.s_addr = ipv4_range[1];
}
else
{
struct in6_addr ipv6_range[2];
stm_ipv6_cidr_to_range(&ipv6addr, &ipv6mask, ipv6_range);
brief_opt->scan_opt.src_addr[0].v6 = ipv6_range[0];
brief_opt->scan_opt.src_addr[1].v6 = ipv6_range[1];
}
brief_opt->scan_opt.addr_family = ipaddr_family;
flag = SESSION_SCAN_SIP;
}
break;
case SESSION_SCAN_DNET:
{
uint32_t ipv4addr, ipv4mask;
struct in6_addr ipv6addr, ipv6mask;
ipaddr_family = stm_ip_cidr_pton(opt_value, &ipv4addr, &ipv4mask, &ipv6addr, &ipv6mask);
if (ipaddr_family == 0)
{
error_reply = monitor_reply_new_error("invalid dnet CIDR address: %s\n", opt_value);
goto error_exit;
}
if (AF_INET == ipaddr_family)
{
uint32_t ipv4_range[2];
stm_ipv4_cidr_to_range(ipv4addr, ipv4mask, ipv4_range);
brief_opt->scan_opt.dst_addr[0].v4.s_addr = ipv4_range[0];
brief_opt->scan_opt.dst_addr[1].v4.s_addr = ipv4_range[1];
}
else
{
struct in6_addr ipv6_range[2];
stm_ipv6_cidr_to_range(&ipv6addr, &ipv6mask, ipv6_range);
brief_opt->scan_opt.dst_addr[0].v6 = ipv6_range[0];
brief_opt->scan_opt.dst_addr[1].v6 = ipv6_range[1];
}
brief_opt->scan_opt.addr_family = ipaddr_family;
flag = SESSION_SCAN_DIP;
}
break;
case SESSION_SCAN_SPORT:
{
if (stm_string_isdigit(opt_value) == 0)
{
error_reply = monitor_reply_new_error("illegal sport: %s. should be integer\n", opt_value);
goto error_exit;
}
int tmp_val = atoi(opt_value);
if (tmp_val <= 0 || tmp_val > 65535)
{
error_reply = monitor_reply_new_error("illegal sport: %s. should be <1-65535>\n", opt_value);
goto error_exit;
}
brief_opt->scan_opt.src_port = htons((unsigned short)tmp_val);
}
break;
case SESSION_SCAN_DPORT:
{
if (stm_string_isdigit(opt_value) == 0)
{
error_reply = monitor_reply_new_error("illegal sport: %s. should be integer\n", opt_value);
goto error_exit;
}
int tmp_val = atoi(opt_value);
if (tmp_val <= 0 || tmp_val > 65535)
{
error_reply = monitor_reply_new_error("illegal sport: %s. should be <1-65535>\n", opt_value);
goto error_exit;
}
brief_opt->scan_opt.dst_port = htons((unsigned short)tmp_val);
}
break;
case SESSION_SCAN_CURSOR:
brief_opt->scan_opt.cursor = strtoul(opt_value, NULL, 10);
break;
case SESSION_SCAN_COUNT:
brief_opt->scan_opt.count = strtoul(opt_value, NULL, 10);
if (brief_opt->scan_opt.count == 0)
{
error_reply = monitor_reply_new_error("illegal count: %s. should be <1 - UINT32_MAX>\n", opt_value);
goto error_exit;
}
break;
case SESSION_SCAN_LIMIT:
brief_opt->limit = strtoul(opt_value, NULL, 10);
if (brief_opt->limit == 0 || brief_opt->limit > SHOW_SESSION_BRIEF_LIMIT_MAX)
{
error_reply = monitor_reply_new_error("illegal limit: %s. should be <1 - %u>\n", opt_value, SHOW_SESSION_BRIEF_LIMIT_MAX);
goto error_exit;
}
break;
case SESSION_SCAN_CREATE_TIME:
{
time_t tmp_range[2] = {0, 0};
if (stm_time_range_pton(opt_value, time(NULL), tmp_range) < 0)
{
error_reply = monitor_reply_new_error("invalid create-time-in: %s. \r\nsyntax: <last-N-[seconds|minutes|hours|days]>\n", opt_value);
goto error_exit;
}
brief_opt->scan_opt.create_time_ms[0] = tmp_range[0] * 1000; // second to ms
brief_opt->scan_opt.create_time_ms[1] = tmp_range[1] * 1000; // second to ms
}
break;
case SESSION_SCAN_LASPKT_TIME:
{
time_t tmp_range[2] = {0, 0};
if (stm_time_range_pton(opt_value, time(NULL), tmp_range) < 0)
{
error_reply = monitor_reply_new_error("invalid last-pkt-time-in: %s. \r\nsyntax: <last-N-[seconds|minutes|hours|days]>\n", opt_value);
goto error_exit;
}
brief_opt->scan_opt.laspkt_time_ms[0] = tmp_range[0] * 1000; // second to ms
brief_opt->scan_opt.laspkt_time_ms[1] = tmp_range[1] * 1000; // second to ms
}
break;
default:
error_reply = monitor_reply_new_error("unrecognized params: %s \n", opt_name);
return error_reply;
}
if ((history_ipaddr_family != 0) && (ipaddr_family != 0) && (history_ipaddr_family != ipaddr_family))
{
error_reply = monitor_reply_new_error("contradictory ip version, expression rejects all sessions!\n");
goto error_exit;
}
history_ipaddr_family = ipaddr_family;
i++; // to next option
brief_opt->scan_opt.flags |= flag;
}
ss = show_session_cli_args_sanity_check(brief_opt);
if (ss && sdslen(ss) > 0)
{
error_reply = monitor_reply_new_error("%s\n", ss);
sdsfree(ss);
goto error_exit;
}
sdsfree(ss);
error_reply = NULL;
return NULL;
error_exit:
return error_reply;
}
static void get_single_session_brief(struct session *sess, int thread_id, struct show_session_brief_result *brief)
{
brief->thread_index = thread_id;
brief->state = session_get_current_state(sess);
brief->protocol = session_get_type(sess);
session_is_symmetric(sess, &brief->flow_dir);
brief->create_time_in_sec = session_get_timestamp(sess, SESSION_TIMESTAMP_START) / 1000; // ms to sec
brief->last_pkt_time_in_sec = session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) / 1000; // ms to sec
const struct tuple6 *tp6 = session_get_tuple6(sess);
memcpy(&brief->addr, tp6, sizeof(struct tuple6));
}
struct iovec show_session_brief_on_worker_thread_rpc_cb(int thread_idx, struct iovec request, void *args)
{
struct iovec response = {};
assert(request.iov_len == sizeof(struct stm_show_session_brief_opt));
struct stm_show_session_brief_opt *show_brief_opt = (struct stm_show_session_brief_opt *)request.iov_base;
uint64_t session_id_array[SHOW_SESSION_BRIEF_LIMIT_MAX];
uint64_t session_id_array_count = SHOW_SESSION_BRIEF_LIMIT_MAX;
struct session_manager *sess_mgr = stellar_module_get_session_manager((struct stellar_module_manager *)args);
struct session_manager_rte *sess_mgr_rt = session_manager_get_runtime(sess_mgr, thread_idx);
session_id_array_count = session_manager_rte_scan_session(sess_mgr_rt, &show_brief_opt->scan_opt, session_id_array, show_brief_opt->limit);
if (session_id_array_count == 0)
{
// no session match the filter params, but no error! still need to build a empty reply!
// go on !!!
response.iov_base = NULL;
response.iov_len = 0;
return response;
}
struct show_session_brief_result *brief_result_array = (struct show_session_brief_result *)calloc(session_id_array_count, sizeof(struct show_session_brief_result));
for (uint32_t i = 0; i < session_id_array_count; i++)
{
struct session *sess = session_manager_rte_lookup_session_by_id(sess_mgr_rt, session_id_array[i]);
assert(sess != NULL);
get_single_session_brief(sess, thread_idx, &brief_result_array[i]);
brief_result_array[i].sid = session_id_array[i];
}
response.iov_base = brief_result_array;
response.iov_len = session_id_array_count;
return response;
}
static sds session_brief_to_readable(const struct show_session_brief_result *sess_brief)
{
char time_buf[64];
char addr_buf[256];
sds ss = sdsempty();
strftime(time_buf, sizeof(time_buf), "%Y-%m-%d %H:%M:%S", localtime(&sess_brief->create_time_in_sec));
ss = sdscatprintf(ss, "%-6d %-21lu %-5s %-8s %-20s %s", sess_brief->thread_index, sess_brief->sid,
(sess_brief->protocol == SESSION_TYPE_TCP) ? "tcp" : "udp",
stm_session_state_ntop(sess_brief->state), time_buf,
stm_get0_readable_session_addr(&sess_brief->addr, addr_buf, sizeof(addr_buf)));
return ss;
}
static struct monitor_reply *show_session_brief_cmd_cb(struct stellar_monitor *monitor, int argc, char *argv[], void *arg)
{
struct stm_show_session_brief_opt brief_opt = {};
if (show_session_is_help(argc, argv))
{
return show_session_brief_usage();
}
struct monitor_reply *error_reply = show_session_brief_cli_args_parse(argc, argv, &brief_opt);
if (error_reply != NULL)
{
return error_reply;
}
struct monitor_reply *cmd_reply;
struct stellar_module_manager *mod_mgr = (struct stellar_module_manager *)arg;
int thread_num = stellar_module_manager_get_max_thread_num(mod_mgr);
struct iovec request;
request.iov_base = (void *)&brief_opt;
request.iov_len = sizeof(struct stm_show_session_brief_opt);
struct iovec response[thread_num];
memset(response, 0, sizeof(response));
size_t tot_sess_id_num = 0;
sds ss = sdsempty();
ss = sdscatprintf(ss, "%-6s %-21s %-5s %-8s %-20s %s\r\n", "thread", "session-id", "proto", "state", "create-time", "tuple4(sip:sport-dip:dport)");
ss = sdscatprintf(ss, "--------------------------------------------------------------------------------------------\r\n");
for (int i = 0; i < thread_num; i++)
{
response[i] = monitor_worker_thread_rpc(monitor, i, request, show_session_brief_on_worker_thread_rpc_cb, mod_mgr);
if (response[i].iov_base == NULL || response[i].iov_len == 0) // empty result
{
continue;
}
struct show_session_brief_result *brief_res_array = (struct show_session_brief_result *)(response[i].iov_base);
tot_sess_id_num += response[i].iov_len; // session_id_array_count
for (size_t j = 0; j < response[i].iov_len; j++)
{
ss = sdscatprintf(ss, "%s\n", session_brief_to_readable(&brief_res_array[j]));
}
if (tot_sess_id_num >= brief_opt.limit)
{
break;
}
}
if (tot_sess_id_num == 0)
{
cmd_reply = monitor_reply_new_string("No session found");
goto empty_result;
}
cmd_reply = monitor_reply_new_string("%s", ss);
empty_result:
sdsfree(ss);
for (int i = 0; i < thread_num; i++)
{
if (response[i].iov_base)
{
free(response[i].iov_base);
}
}
return cmd_reply;
}
/*
todo: add thread id,
fast patch, avoid traversing all worker threads
*/
static struct monitor_reply *show_session_detail_cli_args_parse(int argc, char *argv[], struct stm_show_session_detail_opt *detail_opt)
{
if (argc < 4)
{
return monitor_reply_new_error("missing session id\n");
}
if (argc > 5)
{
return monitor_reply_new_error("too many arguments\n");
}
if (strncasecmp(argv[3], "id", 2) != 0)
{
return monitor_reply_new_error("missing session id\n");
}
if (stm_string_isdigit(argv[4]) == 0)
{
return monitor_reply_new_error("invalid session id: %s. should be integer in range: <1 - UINT64_MAX>\n", argv[4]);
}
detail_opt->sess_id = strtoull(argv[4], NULL, 10);
return NULL;
}
struct iovec show_session_detail_on_worker_thread_rpc_cb(int thread_idx, struct iovec request, void *args)
{
struct iovec response = {};
assert(request.iov_len == sizeof(struct stm_show_session_detail_opt));
struct stm_show_session_detail_opt *detail_opt = (struct stm_show_session_detail_opt *)request.iov_base;
struct session_manager *sess_mgr = stellar_module_get_session_manager((struct stellar_module_manager *)args);
struct session_manager_rte *sess_mgr_rt = session_manager_get_runtime(sess_mgr, thread_idx);
struct session *sess = session_manager_rte_lookup_session_by_id(sess_mgr_rt, detail_opt->sess_id);
if (NULL == sess)
{
return response;
}
struct show_session_detail_result *detail_res = (struct show_session_detail_result *)calloc(1, sizeof(struct show_session_detail_result));
get_single_session_brief(sess, thread_idx, &detail_res->sess_brief);
detail_res->sess_brief.sid = detail_opt->sess_id;
detail_res->direction = session_get_direction(sess);
// todo, get some exact stat, not all
memcpy(detail_res->sess_stat, sess->stats, sizeof(detail_res->sess_stat));
// todo, get application info
response.iov_base = detail_res;
response.iov_len = sizeof(struct show_session_detail_result);
return response;
}
static sds session_detail_to_readable(const struct show_session_detail_result *sess_detail)
{
char addr_buf[256];
sds ss = sdsempty();
char time_buf[64];
#define SHOW_SESSION_DETAIL_NAME_FORMAT "%-30s"
#define SHOW_SESSION_DETAIL_VALUE_FORMAT "%llu"
const char *flow_str[MAX_FLOW_TYPE] = {"C2S flow", "S2C flow"};
ss = sdscatprintf(ss, "%-15s: %lu\r\n", "session-id", sess_detail->sess_brief.sid);
ss = sdscatprintf(ss, "%-15s: %d\r\n", "thread", sess_detail->sess_brief.thread_index);
ss = sdscatprintf(ss, "%-15s: %s\r\n", "state", stm_session_state_ntop(sess_detail->sess_brief.state));
ss = sdscatprintf(ss, "%-15s: %s\r\n", "protocol", (sess_detail->sess_brief.protocol == SESSION_TYPE_TCP) ? "tcp" : "udp");
strftime(time_buf, sizeof(time_buf), "%Y-%m-%d %H:%M:%S", localtime(&sess_detail->sess_brief.create_time_in_sec));
ss = sdscatprintf(ss, "%-15s: %s\r\n", "create-time", time_buf);
strftime(time_buf, sizeof(time_buf), "%Y-%m-%d %H:%M:%S", localtime(&sess_detail->sess_brief.last_pkt_time_in_sec));
ss = sdscatprintf(ss, "%-15s: %s\r\n", "last-pkt-time", time_buf);
ss = sdscatprintf(ss, "%-15s: %s\r\n", "tuple4", stm_get0_readable_session_addr(&sess_detail->sess_brief.addr, addr_buf, sizeof(addr_buf)));
ss = sdscatprintf(ss, "%-15s: %s\r\n", "symmetric", stm_session_flow_dir_ntop(sess_detail->sess_brief.flow_dir));
ss = sdscatprintf(ss, "%-15s: %s\r\n", "direction", sess_detail->direction == SESSION_DIRECTION_INBOUND ? "INBOUND" : "OUTBOUND");
ss = sdscatprintf(ss, "statistics:\r\n");
char printf_format[256];
snprintf(printf_format, sizeof(printf_format), "\t%s : %s\r\n", SHOW_SESSION_DETAIL_NAME_FORMAT, SHOW_SESSION_DETAIL_VALUE_FORMAT);
for (int flow = 0; flow < MAX_FLOW_TYPE; flow++)
{
ss = sdscatprintf(ss, " %s:\r\n", flow_str[flow]);
ss = sdscatprintf(ss, printf_format, "raw_packets_received", sess_detail->sess_stat[flow][STAT_RAW_PACKETS_RECEIVED]);
ss = sdscatprintf(ss, printf_format, "raw_bytes_received", sess_detail->sess_stat[flow][STAT_RAW_BYTES_RECEIVED]);
ss = sdscatprintf(ss, printf_format, "duplicate_packets_bypass", sess_detail->sess_stat[flow][STAT_DUPLICATE_PACKETS_BYPASS]);
ss = sdscatprintf(ss, printf_format, "injected_packets", sess_detail->sess_stat[flow][STAT_INJECTED_PACKETS_SUCCESS]);
ss = sdscatprintf(ss, printf_format, "injected_bytes", sess_detail->sess_stat[flow][STAT_INJECTED_BYTES_SUCCESS]);
if (SESSION_TYPE_TCP == sess_detail->sess_brief.protocol)
{
ss = sdscatprintf(ss, printf_format, "tcp_segments_retransmit", sess_detail->sess_stat[flow][STAT_TCP_SEGMENTS_RETRANSMIT]);
ss = sdscatprintf(ss, printf_format, "tcp_payloads_retransmit", sess_detail->sess_stat[flow][STAT_TCP_PAYLOADS_RETRANSMIT]);
ss = sdscatprintf(ss, printf_format, "tcp_segments_reordered", sess_detail->sess_stat[flow][STAT_TCP_SEGMENTS_REORDERED]);
ss = sdscatprintf(ss, printf_format, "tcp_payloads_reordered", sess_detail->sess_stat[flow][STAT_TCP_PAYLOADS_REORDERED]);
}
}
// todo:
ss = sdscatprintf(ss, "\r\n \033[31mtodo: add security policy rule id, HTTP URL, Server FQDN, etc... \033[0m");
return ss;
}
static struct monitor_reply *show_session_detail_cmd_cb(struct stellar_monitor *stm, int argc, char *argv[], void *arg)
{
struct stm_show_session_detail_opt detail_opt = {};
detail_opt.thread_idx = -1;
if (show_session_is_help(argc, argv))
{
return show_session_detail_usage();
}
struct monitor_reply *error_reply = show_session_detail_cli_args_parse(argc, argv, &detail_opt);
if (error_reply != NULL)
{
return error_reply;
}
struct monitor_reply *cmd_reply;
struct stellar_module_manager *mod_mgr = (struct stellar_module_manager *)arg;
int thread_num = stellar_module_manager_get_max_thread_num(mod_mgr);
struct iovec request;
request.iov_base = (void *)&detail_opt;
request.iov_len = sizeof(struct stm_show_session_detail_opt);
struct iovec response[thread_num];
memset(response, 0, sizeof(response));
size_t tot_sess_id_num = 0;
sds ss = sdsempty();
for (int i = 0; i < thread_num; i++)
{
if (detail_opt.thread_idx != -1 && detail_opt.thread_idx != i)
{
continue;
}
response[i] = monitor_worker_thread_rpc(stm, i, request, show_session_detail_on_worker_thread_rpc_cb, mod_mgr);
if (response[i].iov_base == NULL || response[i].iov_len == 0) // empty result
{
continue;
}
struct show_session_detail_result *detail_res = (struct show_session_detail_result *)(response[i].iov_base);
ss = sdscatprintf(ss, "%s\n", session_detail_to_readable(detail_res));
tot_sess_id_num++;
break;
}
if (tot_sess_id_num == 0)
{
cmd_reply = monitor_reply_new_string("No session found by id %lu", detail_opt.sess_id);
goto empty_result;
}
cmd_reply = monitor_reply_new_string("%s", ss);
empty_result:
sdsfree(ss);
for (int i = 0; i < thread_num; i++)
{
if (response[i].iov_base)
{
free(response[i].iov_base);
}
}
return cmd_reply;
}
int show_session_enforcer_init(struct stellar_module_manager *mod_mgr, struct stellar_monitor *stm)
{
monitor_register_cmd(stm, "show session brief", show_session_brief_cmd_cb, "readonly",
"[sip | dip | sport | dport | protocol | state | cursor | count | limit | create-time-in | last-pkt-time-in ]",
"Show session brief information", (void *)mod_mgr);
monitor_register_cmd(stm, "show session detail", show_session_detail_cmd_cb, "readonly",
"id <id>",
"Show session verbose information", (void *)mod_mgr);
return 0;
}
|
