diff options
| author | fumingwei <[email protected]> | 2023-06-07 20:25:32 +0800 |
|---|---|---|
| committer | fumingwei <[email protected]> | 2023-06-12 20:40:57 +0800 |
| commit | 50fcd56322788543ee171676411655f094f5c01b (patch) | |
| tree | 170d57b1aa8e3a5fb7a77215938676c3cac7429d | |
| parent | b49824e8060c526416211ef79a0ed858e758f65f (diff) | |
bugfix:TSG-15454:kni新增发送proxy_rule_hits metricv5.1.6
| -rw-r--r-- | ci/travis.sh | 6 | ||||
| -rw-r--r-- | common/include/kni_utils.h | 1 | ||||
| -rw-r--r-- | conf/kni/kni.conf | 6 | ||||
| -rw-r--r-- | entry/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | entry/include/kni_entry.h | 6 | ||||
| -rw-r--r-- | entry/include/kni_fieldstat.h | 75 | ||||
| -rw-r--r-- | entry/src/kni_entry.cpp | 994 | ||||
| -rw-r--r-- | entry/src/kni_fieldstat.cpp | 235 | ||||
| -rw-r--r-- | vendor/CMakeLists.txt | 4 |
9 files changed, 1016 insertions, 315 deletions
diff --git a/ci/travis.sh b/ci/travis.sh index 804cdeb..40c4074 100644 --- a/ci/travis.sh +++ b/ci/travis.sh @@ -34,7 +34,11 @@ env | sort : "${COMPILER_IS_GNUCXX:=OFF}" # Install dependency from YUM -yum install -y mrzcpd numactl-devel zlib-devel librdkafka-devel systemd-devel libMESA_handle_logger-devel libMESA_htable-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel libmaatframe-devel tsg_master-devel libasan +yum install -y mrzcpd numactl-devel zlib-devel librdkafka-devel systemd-devel \ + libMESA_handle_logger-devel libMESA_htable-devel libcjson-devel \ + libfieldstat3-devel libMESA_field_stat2-devel sapp-devel \ + framework_env libMESA_prof_load-devel libmaatframe-devel \ + tsg_master-devel libasan if [ $ASAN_OPTION ] && [ -f "/opt/rh/devtoolset-7/enable" ] ;then source /opt/rh/devtoolset-7/enable diff --git a/common/include/kni_utils.h b/common/include/kni_utils.h index 5f74339..eee7465 100644 --- a/common/include/kni_utils.h +++ b/common/include/kni_utils.h @@ -106,6 +106,7 @@ enum kni_field{ KNI_FIELD_DUP_TFC_STM, KNI_FIELD_DUP_TFC_BYTE, //intercept ready stream + KNI_FIELD_NO_INTCP_STM, KNI_FIELD_INTCP_READY_STM, KNI_FIELD_INTCP_READY_BYTE, //pme diff --git a/conf/kni/kni.conf b/conf/kni/kni.conf index bc5a6af..2e34eda 100644 --- a/conf/kni/kni.conf +++ b/conf/kni/kni.conf @@ -167,3 +167,9 @@ tcp_passthrough = 0 [share_session_attribute] SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL + +[proxy_hits] +interval_ms=1000 +telegraf_port=8400 +telegraf_ip=127.0.0.1 +app_name="proxy_rule_hits" diff --git a/entry/CMakeLists.txt b/entry/CMakeLists.txt index 76e98d7..bcfb68a 100644 --- a/entry/CMakeLists.txt +++ b/entry/CMakeLists.txt @@ -1,8 +1,8 @@ set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) -add_library(kni SHARED src/kni_entry.cpp src/tfe_mgr.cpp src/kni_tap_rss.cpp src/kni_iouring.cpp src/kni_pxy_tcp_option.cpp src/kni_dynamic_bypass.cpp) +add_library(kni SHARED src/kni_entry.cpp src/tfe_mgr.cpp src/kni_tap_rss.cpp src/kni_iouring.cpp src/kni_pxy_tcp_option.cpp src/kni_dynamic_bypass.cpp src/kni_fieldstat.cpp) target_include_directories(kni PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include) -target_link_libraries(kni common MESA_prof_load MESA_htable MESA_field_stat maatframe mrzcpd dabloom) +target_link_libraries(kni common MESA_prof_load MESA_htable MESA_field_stat fieldstat3 maatframe mrzcpd dabloom) if (SUPPORT_BPF) target_link_libraries(kni bpf) diff --git a/entry/include/kni_entry.h b/entry/include/kni_entry.h index 9a93b14..7ac1282 100644 --- a/entry/include/kni_entry.h +++ b/entry/include/kni_entry.h @@ -8,6 +8,7 @@ #include "tfe_mgr.h" #include <tsg/tsg_label.h> #include "kni_iouring.h" +#include "kni_fieldstat.h" #define BURST_MAX 1 #define CALLER_SAPP 0 @@ -49,6 +50,7 @@ enum intercept_error{ enum kni_action{ KNI_ACTION_NONE = 0x00, KNI_ACTION_INTERCEPT = 0x02, + KNI_ACTION_NO_INTERCEPT = 0x03, KNI_ACTION_BYPASS = 0x80 }; @@ -146,7 +148,7 @@ struct pme_info{ int has_dup_syn_ack; struct dup_traffic_dabloom_key *syn_packet; struct dup_traffic_dabloom_key *syn_ack_packet; - struct _traffic_info traffic_info; + struct traffic_info traffic_info; //for kni dynamic bypass int thread_seq; int is_dynamic_bypass; @@ -156,6 +158,7 @@ struct pme_info{ struct session_runtime_attribute *session_attribute; //for ssl passthrough reason char ssl_passthrough_reason[KNI_SYMBOL_MAX]; + struct proxy_metric_value proxy_metric_value; }; struct wrapped_packet{ @@ -247,6 +250,7 @@ struct kni_handle{ struct proxy_tcp_option pxy_tcp_option; // int session_attribute_id; int log_level; + struct proxy_fieldstat *proxy_fieldstat; }; struct traceid2pme_search_cb_args{ diff --git a/entry/include/kni_fieldstat.h b/entry/include/kni_fieldstat.h new file mode 100644 index 0000000..cead1ed --- /dev/null +++ b/entry/include/kni_fieldstat.h @@ -0,0 +1,75 @@ +#ifndef _KNI_FIELDSTAT_METRIC_H +#define _KNI_FIELDSTAT_METRIC_H + +#ifdef __cpluscplus +extern "C" +{ +#endif + +#include <MESA/fieldstat.h> + + +enum proxy_metrics_column +{ + PROXY_METRIC_COLUMN_HIT_COUNT = 0, + PROXY_METRIC_COLUMN_IN_BYTES, + PROXY_METRIC_COLUMN_OUT_BYTES, + PROXY_METRIC_COLUMN_IN_PKTS, + PROXY_METRIC_COLUMN_OUT_PKTS, + PROXY_METRIC_COLUMN_MAX +}; + + +struct proxy_fieldstat +{ + int table_id; + int n_thread; + unsigned int column_ids[PROXY_METRIC_COLUMN_MAX]; + struct fieldstat_dynamic_instance *instance; +}; + +struct proxy_metric_tag +{ + int vsys_id; + unsigned long long rule_id; + unsigned char action; + unsigned char pinning_status; +}; + + +struct proxy_metric_value +{ + int hit_count; + int in_bytes; + int out_bytes; + int in_pkts; + int out_pkts; +}; + + +// struct proxy_fieldstat *proxy_fieldstat_new(char *app_name, int n_thread, +// int interval_ms, +// const char *telegraf_ip, +// unsigned short telegraf_port, +// void *local_logger); + +// void proxy_fieldstat_free(struct proxy_fieldstat *pxy_fs); + +void proxy_set_metric_value(struct proxy_fieldstat *pxy_fs, + struct proxy_metric_tag *metric_tags, + struct proxy_metric_value *metric_value, + int thread_id); + +struct proxy_fieldstat *proxy_fieldstat_init(const char *profile, + const char *section, + int n_thread, + void *logger); + +void proxy_fieldstat_destory(struct proxy_fieldstat *pxy_fs, void *logger); +#ifdef __cpluscplus +} + + +#endif + +#endif diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp index a5394a8..e1cbc1b 100644 --- a/entry/src/kni_entry.cpp +++ b/entry/src/kni_entry.cpp @@ -269,6 +269,35 @@ error_out: return -1; } +static void set_proxy_rule_hits_metric(struct pme_info *pmeinfo, int thread_id) +{ + void *logger = g_kni_handle->local_logger; + struct proxy_metric_value *metric_value = &(pmeinfo->proxy_metric_value); + struct proxy_metric_tag metric_tag; + memset(&metric_tag, 0, sizeof(struct proxy_metric_tag)); + + metric_tag.action = pmeinfo->maat_rule.action; + metric_tag.rule_id = pmeinfo->maat_rule.rule_id; + metric_tag.vsys_id = pmeinfo->maat_rule.vsys_id; + metric_tag.pinning_status = pmeinfo->ssl_intercept_state; + + proxy_set_metric_value(g_kni_handle->proxy_fieldstat, &metric_tag, + metric_value, thread_id); + + KNI_LOG_DEBUG(logger, "Set proxy_rule_hits metric, action = %d, " + "rule_id = %lu, vsys_id = %d, pinning_status = %d, " + "hit_count = %d, in_bytes = %d, out_bytes = %d, " + "in_pkts = %d, out_pkts = %d, stream_id = %s", + metric_tag.action, metric_tag.rule_id, metric_tag.vsys_id, + metric_tag.pinning_status, metric_value->hit_count, + metric_value->in_bytes, metric_value->in_pkts, + metric_value->out_bytes, metric_value->out_pkts, + pmeinfo->stream_traceid); + + return; +} + + static void stream_destroy(struct pme_info *pmeinfo){ //sendlog void *logger = g_kni_handle->local_logger; @@ -1328,133 +1357,198 @@ static void set_timestamp_depend_first_data(struct streaminfo *stream, struct pm } } -static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_STM], 0, FS_OP_ADD, 1); - //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen); - void *logger = g_kni_handle->local_logger; - char *buff = NULL; - int ret, len; - //intercept_error: TCP CTEAT LINK NOT BYSYN or TCP_CREATE_LINK_MODE error - unsigned char intercept_stream_link_mode; - int intercept_stream_link_mode_len = sizeof(unsigned char); - unsigned short stream_tunnel_type = STREAM_TUNNLE_NON; - int stream_tunnel_type_len = sizeof(unsigned short); - int has_dup_traffic; - int have_dup_pkt_len = sizeof(has_dup_traffic); - ret=MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, &intercept_stream_link_mode_len); - if(ret == 0){ - if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN){ - KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d,stream traceid = %s, stream addr = %s", intercept_stream_link_mode,intercept_stream_link_mode_len,pmeinfo->stream_traceid, pmeinfo->stream_addr); - pmeinfo->intcp_error = INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN], 0, FS_OP_ADD, 1); - goto error_out; - } - } - else{ - KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); - pmeinfo->intcp_error = INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR], 0, FS_OP_ADD, 1); - goto error_out; - } - - ret=MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len); - if(ret == 0){ - if(stream_tunnel_type != STREAM_TUNNLE_NON){ - KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, stream traceid = %s, stream addr = %s", stream_tunnel_type,pmeinfo->stream_traceid, pmeinfo->stream_addr); - pmeinfo->intcp_error = INTERCEPT_ERROR_STREAM_TUNNLE_TYPE; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE], 0, FS_OP_ADD, 1); - goto error_out; - } - } - else{ - KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); - pmeinfo->intcp_error = INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR], 0, FS_OP_ADD, 1); - goto error_out; - } - - //intercept_error: not double dir - if(stream->dir != DIR_DOUBLE){ - KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_ASYM_ROUTING], 0, FS_OP_ADD, 1); - pmeinfo->intcp_error = INTERCEPT_ERROR_ASYM_ROUTING; - goto error_out; - } - //intercept_error: no syn - if(pmeinfo->has_syn == 0){ - KNI_LOG_DEBUG(logger, "Intercept error: no syn, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN], 0, FS_OP_ADD, 1); - pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN; - goto error_out; - } - //intercept_error: no syn/ack - if(pmeinfo->has_syn_ack == 0){ - KNI_LOG_DEBUG(logger, "Intercept error: no syn/ack, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN_ACK], 0, FS_OP_ADD, 1); - pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN_ACK; - goto error_out; - } - if(pktinfo->parse_failed == 1){ - pmeinfo->intcp_error = INTERCEPT_ERROR_INVALID_IP_HDR; - KNI_LOG_DEBUG(logger, "Intercept error: invalid ip header, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1); - goto error_out; - } - //intercept_error: first data > 1500, bypass and dropme - if(pktinfo->ip_totlen > KNI_DEFAULT_MTU){ - pmeinfo->intcp_error = INTERCEPT_ERROR_EXCEED_MTU; - KNI_LOG_DEBUG(logger, "Intercept error: first data packet exceed MTU(1500), stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_EXCEED_MTU], 0, FS_OP_ADD, 1); - goto error_out; - } - - //intercept_error: no tfe - if(tsg_diagnose_judge_streamshunt(pmeinfo->maat_rule.rule_id, pmeinfo) == 0) // tsg diagnose shunt - pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq); - else - pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq])); - if(pmeinfo->tfe_id < 0){ - KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); - pmeinfo->intcp_error = INTERCEPT_ERROR_NO_TFE; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_TFE], 0, FS_OP_ADD, 1); - goto error_out; - } +static int is_intercept_error(struct streaminfo *stream, struct pme_info *pmeinfo, + struct pkt_info *pktinfo, int thread_seq) +{ + void *logger = g_kni_handle->local_logger; + int ret; + unsigned char intercept_stream_link_mode; + int intercept_stream_link_mode_len = sizeof(unsigned char); + unsigned short stream_tunnel_type = STREAM_TUNNLE_NON; + int stream_tunnel_type_len = sizeof(unsigned short); + int has_dup_traffic; + int have_dup_pkt_len = sizeof(has_dup_traffic); - //dup_traffic_check - if(g_kni_handle->dup_traffic_switch == 1){ + //intercept_error: TCP CTEAT LINK NOT BYSYN or TCP_CREATE_LINK_MODE error + ret = MESA_get_stream_opt(stream, MSO_TCP_CREATE_LINK_MODE, (void *)&intercept_stream_link_mode, + &intercept_stream_link_mode_len); + if(ret == 0) + { + if(intercept_stream_link_mode != TCP_CTEAT_LINK_BYSYN) + { + KNI_LOG_DEBUG(logger, "Intercept error: TCP_CREATE_LINK_MODE is not BYSYN, link_mode=%d, link_mode_len=%d, " + "stream traceid = %s, stream addr = %s", + intercept_stream_link_mode, intercept_stream_link_mode_len, pmeinfo->stream_traceid, + pmeinfo->stream_addr); + pmeinfo->intcp_error = INTERCEPT_ERROR_NOT_TCP_LINK_BYSYN; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NOT_LINK_MODE_BYSYN], 0, + FS_OP_ADD, 1); + + return 1; + } + } + else + { + KNI_LOG_DEBUG(logger, "Intercept error: get MSO_TCP_CREATE_LINK_MODE error, ret = %d, stream traceid = %s, " + "stream addr = %s", + ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->intcp_error = INTERCEPT_ERROR_GET_TCP_LINK_MODE_ERR; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_LINK_MODE_ERR], 0, + FS_OP_ADD, 1); + + return 1; + } + + //intercept_error: TCP_TUNNEL_TYPE error + ret = MESA_get_stream_opt(stream, MSO_STREAM_TUNNEL_TYPE, (void *)&stream_tunnel_type, &stream_tunnel_type_len); + if(ret == 0) + { + if(stream_tunnel_type != STREAM_TUNNLE_NON) + { + KNI_LOG_DEBUG(logger, "Intercept error: stream type is tunnel, STREAM_TUNNLE_TYPE = %d, " + "stream traceid = %s, stream addr = %s", + stream_tunnel_type, pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->intcp_error = INTERCEPT_ERROR_STREAM_TUNNLE_TYPE; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_STREAM_IS_TUN_TYPE], 0, + FS_OP_ADD, 1); + + return 1; + } + } + else{ + KNI_LOG_DEBUG(logger, "Intercept error: get MSO_STREAM_TUNNEL_TYPE error, ret = %d, stream traceid = %s, " + "stream addr = %s", + ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->intcp_error = INTERCEPT_ERROR_GET_STREAM_TUNNLE_TYPE_ERR; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_STREAM_TUN_TYPE_ERR], 0, + FS_OP_ADD, 1); + + return 1; + } + + //intercept_error: not double dir + if(stream->dir != DIR_DOUBLE) + { + KNI_LOG_DEBUG(logger, "Intercept error: asym routing, stream traceid = %s, stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_ASYM_ROUTING], 0, FS_OP_ADD, 1); + pmeinfo->intcp_error = INTERCEPT_ERROR_ASYM_ROUTING; + + return 1; + } + + //intercept_error: no syn + if(pmeinfo->has_syn == 0) + { + KNI_LOG_DEBUG(logger, "Intercept error: no syn, stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, + pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN], 0, FS_OP_ADD, 1); + pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN; + + return 1; + } + + //intercept_error: no syn/ack + if(pmeinfo->has_syn_ack == 0) + { + KNI_LOG_DEBUG(logger, "Intercept error: no syn/ack, stream traceid = %s, stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_SYN_ACK], 0, FS_OP_ADD, 1); + pmeinfo->intcp_error = INTERCEPT_ERROR_NO_SYN_ACK; + + return 1; + } + + //intercept_error: invalid ip header + if(pktinfo->parse_failed == 1) + { + pmeinfo->intcp_error = INTERCEPT_ERROR_INVALID_IP_HDR; + KNI_LOG_DEBUG(logger, "Intercept error: invalid ip header, stream traceid = %s, stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_INVALID_IP_HDR],0, FS_OP_ADD, 1); + + return 1; + } + + //intercept_error: first data > 1500, bypass and dropme + if(pktinfo->ip_totlen > KNI_DEFAULT_MTU) + { + pmeinfo->intcp_error = INTERCEPT_ERROR_EXCEED_MTU; + KNI_LOG_DEBUG(logger, "Intercept error: first data packet exceed MTU(1500), stream traceid = %s, " + "stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_EXCEED_MTU], 0, FS_OP_ADD, 1); + + return 1; + } + + //intercept_error: no tfe + if(tsg_diagnose_judge_streamshunt(pmeinfo->maat_rule.rule_id, pmeinfo) == 0) // tsg diagnose shunt + { + pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq); + } + else + { + pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, + (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq])); + } + if(pmeinfo->tfe_id < 0) + { + KNI_LOG_DEBUG(logger, "Intercept error: no available tfe, stream traceid = %s, stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + pmeinfo->intcp_error = INTERCEPT_ERROR_NO_TFE; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_NO_TFE], 0, FS_OP_ADD, 1); + return 1; + } + + //intercept_error: dup traffic + if(g_kni_handle->dup_traffic_switch == 1) + { //has dup traffic - if(pmeinfo->has_dup_syn == 1 || pmeinfo->has_dup_syn_ack == 1){ + if(pmeinfo->has_dup_syn == 1 || pmeinfo->has_dup_syn_ack == 1) + { pmeinfo->has_dup_traffic = 1; } - if(pmeinfo->has_dup_traffic == 1){ - if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){ + if(pmeinfo->has_dup_traffic == 1) + { + if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS) + { KNI_LOG_DEBUG(g_kni_handle->local_logger, "Intercept error: stream has dup traffic, dup_traffic_action = bypass, " - "stream traceid = %s, stream addr = %s", pmeinfo->stream_traceid, pmeinfo->stream_addr); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1); + "stream traceid = %s, stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, + FS_OP_ADD, 1); pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_TRAFFIC; - goto error_out; + + return 1; } } } // get HAVE_DUP_PKT field - ret=MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&has_dup_traffic, &have_dup_pkt_len); - if(ret != 0){ - KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, stream addr = %s",ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); + ret = MESA_get_stream_opt(stream, MSO_HAVE_DUP_PKT, (void *)&has_dup_traffic, &have_dup_pkt_len); + if(ret != 0) + { + KNI_LOG_DEBUG(logger, "Intercept error: get MSO_HAVE_DUP_PKT error, ret = %d, stream traceid = %s, " + "stream addr = %s", + ret, pmeinfo->stream_traceid, pmeinfo->stream_addr); pmeinfo->intcp_error = INTERCEPT_ERROR_GET_HAVE_DUP_PKT_ERR; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, FS_OP_ADD, 1); - goto error_out; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_GET_HAVE_DUP_PKT_ERR], 0, + FS_OP_ADD, 1); + + return 1; } - else{ + else + { if(has_dup_traffic == -2){ - KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d,stream traceid = %s, stream addr = %s",has_dup_traffic, pmeinfo->stream_traceid, pmeinfo->stream_addr); + KNI_LOG_ERROR(logger, "Intercept error: has duplicate traffic is not sure,has_dup_traffic = %d," + "stream traceid = %s, stream addr = %s", + has_dup_traffic, pmeinfo->stream_traceid, pmeinfo->stream_addr); pmeinfo->intcp_error = INTERCEPT_ERROR_DUP_PKT_NOT_SURE_ERR; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_PKT_NOT_SURE_ERR], 0, FS_OP_ADD, 1); - goto error_out; + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_PKT_NOT_SURE_ERR], 0, + FS_OP_ADD, 1); + + return 1; } pmeinfo->has_dup_traffic = (uint64_t)has_dup_traffic; } @@ -1465,122 +1559,278 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei { if(pmeinfo->has_dup_traffic == 1 && pmeinfo->pxy_tcp_option.bypass_duplicated_packet == 1) { - KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, streamid = %d", pmeinfo->stream_traceid); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1); - return APP_STATE_FAWPKT | APP_STATE_DROPME; + KNI_LOG_DEBUG(g_kni_handle->local_logger, "Proxy-tcp-option: bypass Duplicated Packet first data, " + "streamid = %d", + pmeinfo->stream_traceid); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_DUP_TRAFFIC], 0, + FS_OP_ADD, 1); + + return 1; } } - // - if(pmeinfo->session_attribute == NULL) - { - KNI_LOG_DEBUG(g_kni_handle->local_logger, "Intercept error: Get share session attribute error,stream traceid = %s", pmeinfo->stream_traceid); - goto error_out; - } + return 0; +} - //dynamic bypass - if(g_kni_handle->ssl_dynamic_bypass_enable == 1){ + +static int is_dynamic_bypass(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, + int thread_seq) +{ + int ret = 0; + void *logger = g_kni_handle->local_logger; + + if(g_kni_handle->ssl_dynamic_bypass_enable == 1) + { if(first_data_ssl_dynamic_bypass(stream, pmeinfo, pktinfo, thread_seq) == 0) { //dynamic bypass fs stat - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DY_PASS_STM], 0, FS_OP_ADD, 1); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DY_PASS_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DY_PASS_STM], 0, + FS_OP_ADD, 1); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DY_PASS_BYTE], 0, + FS_OP_ADD, pktinfo->ip_totlen); //dynamic bypass ipv4 or ipv6 - if(stream->addr.addrtype == ADDR_TYPE_IPV6){ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DY_PASS_IPV6_STM], 0, FS_OP_ADD, 1); + if(stream->addr.addrtype == ADDR_TYPE_IPV6) + { + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DY_PASS_IPV6_STM], 0, + FS_OP_ADD, 1); } - else{ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DY_PASS_IPV4_STM], 0, FS_OP_ADD, 1); + else + { + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DY_PASS_IPV4_STM], 0, + FS_OP_ADD, 1); } - if(pmeinfo->has_dup_traffic == 1){ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1); + if(pmeinfo->has_dup_traffic == 1) + { + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, + FS_OP_ADD, 1); KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid); } pmeinfo->ssl_intercept_state = 0; pmeinfo->is_dynamic_bypass = 1; - if(g_kni_handle->dup_traffic_switch == 1){ - if(pmeinfo->has_dup_traffic == 1){ - ret = dabloom_add(pktinfo, thread_seq); - if(ret < 0){ - KNI_LOG_DEBUG(logger, "stream add dabloom fail, ret=%d, traceid = %s",ret, pmeinfo->stream_traceid); - } - } + + if(g_kni_handle->dup_traffic_switch == 1 && pmeinfo->has_dup_traffic == 1) + { + ret = dabloom_add(pktinfo, thread_seq); + if(ret < 0) + { + KNI_LOG_DEBUG(logger, "stream add dabloom fail, ret=%d, traceid = %s",ret, + pmeinfo->stream_traceid); + } } - return APP_STATE_FAWPKT | APP_STATE_GIVEME; + //return APP_STATE_FAWPKT | APP_STATE_GIVEME; + return 1; } } - //get intercept success first data timestamps send to tfe - set_timestamp_depend_first_data(stream, pmeinfo, pktinfo); - //add cmsg - len = 0; - buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len); - if(buff == NULL){ - KNI_LOG_DEBUG(logger, "Intercept error: failed at add cmsg to packet, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); - pmeinfo->intcp_error = INTERCEPT_ERROR_CMSG_ADD_FAIL; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1); - goto error_out; - } - //add to tuple2stream_htable - ret = tuple2stream_htable_add(pmeinfo->addr_type, pktinfo, stream, pmeinfo, thread_seq); - if(ret < 0){ - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1); - KNI_LOG_DEBUG(logger, "Intercept error: tuple2stm add fail, stream traceid = %s, stream addr = %s", - pmeinfo->stream_traceid, pmeinfo->stream_addr); - pmeinfo->intcp_error = INTERCEPT_ERROR_TUPLE2STM_ADD_FAIL; - goto error_out; - } - //Note: traceid2pme_add_fail, still work. no cmsg - traceid2pme_htable_add(pmeinfo); - //send to tfe - ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type, logger); - if(ret < 0){ - KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, stream addr = %s", - pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr); - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1); - pmeinfo->intcp_error = INTERCEPT_ERROR_SENDTO_TFE_FAIL; - tuple2stream_htable_del(stream, thread_seq); - traceid2pme_htable_del(pmeinfo); - goto error_out; + return 0; +} + + +static void set_proxy_metric_value_by_packet(const struct streaminfo *stream, + struct proxy_metric_value *value) +{ + int ret = 0, i_or_e = 0, pkt_len = 0; + + ret = get_rawpkt_opt_from_streaminfo(stream, RAW_PKT_GET_TOT_LEN, &pkt_len); + if(ret < 0) + { + return; + } + + i_or_e = MESA_dir_link_to_human(stream->routedir); + switch(i_or_e) + { + case 'E': + case 'e': + value->in_bytes += pkt_len; + value->in_pkts++; + break; + case 'I': + case 'i': + value->out_bytes += pkt_len; + value->out_pkts++; + break; + default: + return; + } + + if(value->in_pkts != 0 || value->out_pkts != 0) + { + value->hit_count = 1; + } + + return; +} + +static int is_send_to_tfe_failed(struct streaminfo *stream, struct pme_info *pmeinfo, + struct pkt_info *pktinfo, int thread_seq) +{ + int len = 0, ret = 0; + char *buff = NULL; + void *logger = g_kni_handle->local_logger; + + //session attribute NULL + if(pmeinfo->session_attribute == NULL) + { + KNI_LOG_DEBUG(logger, "Intercept error: Get share session attribute error," + "stream traceid = %s", + pmeinfo->stream_traceid); + FS_operate(g_kni_fs_handle->handle, + g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_CMSG_ADD_FAIL], + 0, FS_OP_ADD, 1); + pmeinfo->intcp_error = INTERCEPT_ERROR_CMSG_ADD_FAIL; + + goto error; + } + + //get intercept success first data timestamps send to tfe + set_timestamp_depend_first_data(stream, pmeinfo, pktinfo); + + //add cmsg info to packet + buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len); + if(buff == NULL) + { + KNI_LOG_DEBUG(logger, "Intercept error: failed at add cmsg to packet, " + "stream traceid = %s, stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, + g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_CMSG_ADD_FAIL], + 0, FS_OP_ADD, 1); + pmeinfo->intcp_error = INTERCEPT_ERROR_CMSG_ADD_FAIL; + + goto error; + } + + ret = tuple2stream_htable_add(pmeinfo->addr_type, pktinfo, stream, pmeinfo, + thread_seq); + if(ret < 0) + { + KNI_LOG_DEBUG(logger, "Intercept error: tuple2stm add fail, " + "stream traceid = %s, stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, + g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_TUPLE2STM_ADD_FAIL], + 0, FS_OP_ADD, 1); + pmeinfo->intcp_error = INTERCEPT_ERROR_TUPLE2STM_ADD_FAIL; + + goto error; + } + + //Note: traceid2pme_add_fail, still work. no cmsg + traceid2pme_htable_add(pmeinfo); + + //send to tfe + ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type, logger); + if(ret < 0) + { + KNI_LOG_DEBUG(logger, "Intercept error: failed at send first packet to tfe%d, stream traceid = %s, " + "stream addr = %s", + pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr); + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCPERR_SENDTO_TFE_FAIL], 0, + FS_OP_ADD, 1); + pmeinfo->intcp_error = INTERCEPT_ERROR_SENDTO_TFE_FAIL; + + tuple2stream_htable_del(stream, thread_seq); + traceid2pme_htable_del(pmeinfo); + + goto error; + } + else{ + KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s, stream addr = %s", + pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr); + } + + if(buff != NULL) + { + FREE(&buff); } - else{ - KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s, stream addr = %s", - pmeinfo->tfe_id, pmeinfo->stream_traceid, pmeinfo->stream_addr); + return 0; + +error: + if(buff != NULL) + { + FREE(&buff); } - //fs stat - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1); - //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen); + return 1; +} + + +static void set_first_data_intercep_fs(struct streaminfo *stream, struct pme_info *pmeinfo) +{ + void *logger = g_kni_handle->local_logger; + + FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1); + //ipv4 or ipv6 - if(stream->addr.addrtype == ADDR_TYPE_IPV6){ + if(stream->addr.addrtype == ADDR_TYPE_IPV6) + { FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1); } - else{ + else + { FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1); } //http or ssl - if(pmeinfo->protocol == PROTO_SSL){ + if(pmeinfo->protocol == PROTO_SSL) + { FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SSL_STM], 0, FS_OP_ADD, 1); } - if(pmeinfo->protocol == PROTO_HTTP){ + if(pmeinfo->protocol == PROTO_HTTP) + { FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1); } //dup_traffic_stm - if(pmeinfo->has_dup_traffic == 1){ + if(pmeinfo->has_dup_traffic == 1) + { FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1); KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid); } - FREE(&buff); - return APP_STATE_DROPPKT | APP_STATE_GIVEME; -error_out: - if(buff != NULL){ - FREE(&buff); - } - return APP_STATE_FAWPKT | APP_STATE_DROPME; +} + +static int first_data_no_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, + struct pkt_info *pktinfo, int thread_seq) +{ + void *logger = g_kni_handle->local_logger; + KNI_LOG_DEBUG(logger, "No_intercept Hit: stream traceid = %s, " + "stream addr = %s", + pmeinfo->stream_traceid, pmeinfo->stream_addr); + + return APP_STATE_FAWPKT | APP_STATE_GIVEME; +} + + +static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, + struct pkt_info *pktinfo, int thread_seq) +{ + + // if(1 == add_intercept_stream_to_tuple2stream(stream, pmeinfo, pktinfo, thread_seq)) + // { + // return APP_STATE_FAWPKT | APP_STATE_DROPME; + // } + + + if(1 == is_intercept_error(stream, pmeinfo, pktinfo, thread_seq)) + { + return APP_STATE_FAWPKT | APP_STATE_GIVEME; + } + + if(1 == is_dynamic_bypass(stream, pmeinfo, pktinfo, thread_seq)) + { + return APP_STATE_FAWPKT | APP_STATE_GIVEME; + } + + if(1 == is_send_to_tfe_failed(stream, pmeinfo, pktinfo, thread_seq)) + { + return APP_STATE_FAWPKT | APP_STATE_GIVEME; + } + + set_first_data_intercep_fs(stream, pmeinfo); + + return APP_STATE_DROPPKT | APP_STATE_GIVEME; } static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){ @@ -1621,6 +1871,8 @@ char* kni_maat_action_trans(enum kni_action action){ return (char*)"none"; case 0x02: return (char*)"intercept"; + case 0x03: + return (char*)"no_intercept"; case 0x80: return (char*)"bypass"; default: @@ -1628,18 +1880,25 @@ char* kni_maat_action_trans(enum kni_action action){ } } - - -char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct pkt_info *pktinfo, int thread_seq){ +char next_data_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, const void *a_packet, struct pkt_info *pktinfo, int thread_seq){ //FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen); int ret, len; void *logger = g_kni_handle->local_logger; struct iphdr *ipv4_hdr = NULL; struct ip6_hdr* ipv6_hdr = NULL; + + set_proxy_metric_value_by_packet(stream, &(pmeinfo->proxy_metric_value)); + if(pktinfo->parse_failed == 1){ KNI_LOG_ERROR(logger, "next_data_intercept: invalid ip header, drop pkt and not send to tfe"); return APP_STATE_DROPPKT | APP_STATE_GIVEME; } + if(pmeinfo->intcp_error != 0) + { + return APP_STATE_FAWPKT | APP_STATE_GIVEME; + } + + //search dabloom if(g_kni_handle->dup_traffic_switch == 1){ if(pmeinfo->has_dup_traffic == 1){ @@ -1688,78 +1947,121 @@ char next_data_intercept(struct pme_info *pmeinfo, const void *a_packet, struct return APP_STATE_DROPPKT | APP_STATE_GIVEME; } -char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){ - //first data packet, get action - void *logger = g_kni_handle->local_logger; - int maat_hit = 0; - size_t n_hit_rule = 0; +static void read_policy_hit_status(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, + int thread_seq) +{ + int maat_hit = 0; + size_t n_hit_rule = 0; + void *logger = g_kni_handle->local_logger; + n_hit_rule = session_matched_rules_copy(stream, TSG_SERVICE_INTERCEPT, &pmeinfo->maat_rule, 1); - //ret = tsg_pull_policy_result(stream, PULL_KNI_RESULT, &(pmeinfo->maat_result), 1, &_identify_info); - //ret == 0, bypass and dropme - if(n_hit_rule == 0){ - pmeinfo->action = KNI_ACTION_NONE; - maat_hit = 0; - KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s", - pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid); - } - else - { - const struct session_runtime_process_context *session_context = session_runtime_process_context_get((const struct streaminfo *)stream); - pmeinfo->n_maat_rule = 1; - pmeinfo->protocol = srt_process_context_get_protocol(session_context); - const char *domain = srt_process_context_get_domain(session_context); - if(domain != NULL) - { - pmeinfo->domain_len = MIN(strlen(domain), (int)sizeof(pmeinfo->domain) - 1); - if(pmeinfo->protocol == PROTO_HTTP) - { - strncpy(pmeinfo->domain.host, domain, pmeinfo->domain_len); - } - if(pmeinfo->protocol == PROTO_SSL) - { - strncpy(pmeinfo->domain.sni, domain, pmeinfo->domain_len); - } - } - else - { - pmeinfo->domain_len = 0; - } + if(n_hit_rule == 0) + { + maat_hit = 0; + pmeinfo->action = KNI_ACTION_NONE; + KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s", + pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid); + } + else + { + maat_hit = 1; + const struct session_runtime_process_context * session_context = + session_runtime_process_context_get((const struct streaminfo *)stream); + + pmeinfo->n_maat_rule = 1; + pmeinfo->protocol = srt_process_context_get_protocol(session_context); + + const char *domain = srt_process_context_get_domain(session_context); + if(domain != NULL) + { + pmeinfo->domain_len = MIN(strlen(domain), (int)sizeof(pmeinfo->domain) - 1); + if(pmeinfo->protocol == PROTO_HTTP) + { + strncpy(pmeinfo->domain.host, domain, pmeinfo->domain_len); + } + if(pmeinfo->protocol == PROTO_SSL) + { + strncpy(pmeinfo->domain.sni, domain, pmeinfo->domain_len); + } + } + else + { + pmeinfo->domain_len = 0; + } + + //pmeinfo->action = KNI_ACTION_INTERCEPT; + pmeinfo->action = (enum kni_action)(pmeinfo->maat_rule.action); + pmeinfo->policy_id = pmeinfo->maat_rule.rule_id; + pmeinfo->do_log = pmeinfo->maat_rule.do_log; + pmeinfo->thread_seq = thread_seq; + pmeinfo->is_dynamic_bypass = 0; + pmeinfo->session_attribute = kni_pull_session_attribute_results(stream,pmeinfo); + + char *action_str = kni_maat_action_trans(pmeinfo->action); + KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, rule_id = %u, action = %d(%s), " + "stream traceid = %s", + pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, + pmeinfo->action, action_str, pmeinfo->stream_traceid); + } +} + + +static int first_data_hit_policy(struct streaminfo *stream, struct pme_info *pmeinfo, + struct pkt_info *pktinfo, int thread_seq) +{ - pmeinfo->action = KNI_ACTION_INTERCEPT; - //pmeinfo->action = (enum kni_action)(pmeinfo->maat_result.action); - pmeinfo->policy_id = pmeinfo->maat_rule.rule_id; - pmeinfo->do_log = pmeinfo->maat_rule.do_log; - pmeinfo->thread_seq = thread_seq; - pmeinfo->is_dynamic_bypass = 0; - pmeinfo->session_attribute = kni_pull_session_attribute_results(stream,pmeinfo); - maat_hit = 1; - char *action_str = kni_maat_action_trans(pmeinfo->action); - KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, rule_id = %u, action = %d(%s), stream traceid = %s", - pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid); - } - switch(pmeinfo->action){ - case KNI_ACTION_INTERCEPT: - pmeinfo->ssl_intercept_state = 1; - //only action = intercept, need sendlog - pmeinfo->tld_handle = TLD_create(-1); - if(g_kni_handle->pxy_tcp_option_enable == 1) - { - pxy_tcp_option_param_get(pmeinfo, logger); -/* -* temp comment in version 23.04 - if(pmeinfo->pxy_tcp_option_is_scan != 1) - { - //pxy_tcp_option_get_param(g_tsg_maat_feather,(const struct streaminfo *)stream,pmeinfo,logger); - pmeinfo->pxy_tcp_option_is_scan = 1; - } -*/ - } - return first_data_intercept(stream, pmeinfo, pktinfo, thread_seq); - default: - //action != intercept,bypass and dropme - return APP_STATE_FAWPKT | APP_STATE_DROPME; - } + void *logger = g_kni_handle->local_logger; + int ret = APP_STATE_FAWPKT | APP_STATE_DROPME; + + set_proxy_metric_value_by_packet(stream, &(pmeinfo->proxy_metric_value)); + + + switch(pmeinfo->action) + { + case KNI_ACTION_INTERCEPT: + pmeinfo->ssl_intercept_state = 1; + pmeinfo->tld_handle = TLD_create(-1); + if(g_kni_handle->pxy_tcp_option_enable == 1) + { + pxy_tcp_option_param_get(pmeinfo, logger); + } + FS_operate(g_kni_fs_handle->handle, + g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_STM], + 0, FS_OP_ADD, 1); + + ret = first_data_intercept(stream, pmeinfo, pktinfo, thread_seq); + break; + + case KNI_ACTION_NO_INTERCEPT: + FS_operate(g_kni_fs_handle->handle, + g_kni_fs_handle->fields[KNI_FIELD_NO_INTCP_STM], + 0, FS_OP_ADD, 1); + + ret = first_data_no_intercept(stream, pmeinfo, pktinfo, thread_seq); + break; + + default: + assert(0); + break; + } + return ret; +} + +char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, + struct pkt_info *pktinfo, int thread_seq) +{ + read_policy_hit_status(stream, pmeinfo, pktinfo, thread_seq); + + if(pmeinfo->action == KNI_ACTION_INTERCEPT || + pmeinfo->action == KNI_ACTION_NO_INTERCEPT) + { + return first_data_hit_policy(stream, pmeinfo, pktinfo, thread_seq); + } + else + { + return APP_STATE_FAWPKT | APP_STATE_DROPME; + } } void dup_traffic_detect(struct pme_info *pmeinfo, struct pkt_info *pktinfo){ @@ -1826,8 +2128,13 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo); //pmeinfo->action has only 2 value: KNI_ACTION_NONE, KNI_ACTION_INTERCEPT if(pmeinfo->action == KNI_ACTION_INTERCEPT){ - return next_data_intercept(pmeinfo, a_packet, &pktinfo, thread_seq); + return next_data_intercept(stream, pmeinfo, a_packet, &pktinfo, thread_seq); } + if(pmeinfo->action == KNI_ACTION_NO_INTERCEPT) + { + set_proxy_metric_value_by_packet(stream, &(pmeinfo->proxy_metric_value)); + return APP_STATE_FAWPKT | APP_STATE_GIVEME; + } //first data if(stream->ptcpdetail->datalen > 0){ return first_data_process(stream, pmeinfo, &pktinfo, thread_seq); @@ -1843,7 +2150,7 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co static int kni_set_policy_into_pem_info(const struct streaminfo *a_stream, struct pme_info *pmeinfo) { - struct _traffic_info *traffic_info = &(pmeinfo->traffic_info); + struct traffic_info *traffic_info = &(pmeinfo->traffic_info); int value_len=sizeof(unsigned long long); if(a_stream == NULL || pmeinfo == NULL) return -1; @@ -1867,13 +2174,22 @@ static char close_opstate(const struct streaminfo *stream, struct pme_info *pmei TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle, (struct streaminfo*)pmeinfo->stream); kni_set_policy_into_pem_info(stream,pmeinfo); //reset clock: when sapp end, start clock - if(pmeinfo->is_dynamic_bypass != 1) - { - MESA_htable_search(g_kni_handle->traceid2pme_htable, (const unsigned char*)pmeinfo->stream_traceid, - strnlen(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid))); - tuple2stream_htable_del(stream, thread_seq); - } + // if(pmeinfo->is_dynamic_bypass != 1) + // { + // MESA_htable_search(g_kni_handle->traceid2pme_htable, (const unsigned char*)pmeinfo->stream_traceid, + // strnlen(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid))); + // tuple2stream_htable_del(stream, thread_seq); + // } + set_proxy_metric_value_by_packet(stream, &(pmeinfo->proxy_metric_value)); + if(pmeinfo->is_dynamic_bypass != 1) + { + MESA_htable_search(g_kni_handle->traceid2pme_htable, (const unsigned char*)pmeinfo->stream_traceid, + strnlen(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid))); + tuple2stream_htable_del(stream, thread_seq); + } return APP_STATE_FAWPKT | APP_STATE_DROPME; + case KNI_ACTION_NO_INTERCEPT: + set_proxy_metric_value_by_packet(stream, &(pmeinfo->proxy_metric_value)); //stream has no data. default: return APP_STATE_FAWPKT | APP_STATE_DROPME; @@ -1893,11 +2209,89 @@ static void pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, return; } +/*sapp release: bypass or intercept +dropme has 3 status: + 0. Not hit intercept and no intercept maat rule. + Action != KNI_ACTION_INTERCEPT + 1. Hit no intercept maat rule. + Action == KNI_ACTION_INTERCEPT && maat_rule.action == TSG_ACTION_NO_INTERCEPT + 2. Hit intercept maat rule and intercept error. + Action == KNI_ACTION_INTERCEPT && + maat_rule.action == TSG_ACTION_NO_INTERCEPT && + maat_rule.intercept_error < 0 + 3. Hit intercept maat rule and no intercept error. + Action == KNI_ACTION_INTERCEPT && + maat_rule.action == TSG_ACTION_NO_INTERCEPT && + maat_rule.intercept_error == 0 +*/ +static void deal_app_state_dropme(struct pme_info *pmeinfo, int thread_seq) +{ + int can_destroy = 0; + + if(pmeinfo == NULL) + { + return; + } + + //not hit intercept and not intercept rule + if(pmeinfo->action != KNI_ACTION_INTERCEPT && + pmeinfo->action != KNI_ACTION_NO_INTERCEPT) + { + stream_destroy(pmeinfo); + return; + } + + //hit no intercept rule + if(pmeinfo->action == KNI_ACTION_NO_INTERCEPT) + { + set_proxy_rule_hits_metric(pmeinfo, thread_seq); + stream_destroy(pmeinfo); + return; + } + + //hit intercept rule and intercept error + if(pmeinfo->action == KNI_ACTION_INTERCEPT && + pmeinfo->intcp_error < 0) + { + pmeinfo->ssl_intercept_state = 0; + FS_operate(g_kni_fs_handle->handle, + g_kni_fs_handle->fields[KNI_FIELD_BYP_INTCPERR], + 0, FS_OP_ADD, 1); + TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle, + (struct streaminfo*)pmeinfo->stream); + set_proxy_rule_hits_metric(pmeinfo, thread_seq); + stream_destroy(pmeinfo); + return; + } + + //hit intercept rule and no intercept error + if(pmeinfo->action == KNI_ACTION_INTERCEPT && + pmeinfo->intcp_error == 0) + { + if(pmeinfo->is_dynamic_bypass == 0) + { + can_destroy = judge_stream_can_destroy(pmeinfo, CALLER_SAPP); + if(can_destroy == 1) + { + traceid2pme_htable_del(pmeinfo); + set_proxy_rule_hits_metric(pmeinfo, thread_seq); + stream_destroy(pmeinfo); + } + } + else + { + set_proxy_rule_hits_metric(pmeinfo, thread_seq); + stream_destroy(pmeinfo); + } + + } + return; +} + //from syn extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thread_seq, const void* a_packet){ void *logger = g_kni_handle->local_logger; int ret; - int can_destroy; struct pme_info *pmeinfo = *(struct pme_info **)pme; /* a_packet == NULL && not op_state_close, continue close: a_packet may be null, if a_packet = null, do not send to tfe @@ -1937,44 +2331,10 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre stream->pktstate, pmeinfo->stream_traceid, pmeinfo->stream_addr); break; } - //sapp release: bypass or intercept - /* dropme has 3 status: - 0. not intercept: action != KNI_ACTION_INTERCEPT - 1. intercept failed: action = KNI_ACTION_INTERCEPT, intercept_error < 0 - 2. intercept succeed, normal closed: action = KNI_ACTION_INTERCEPT, intercept_error = 0 - */ - if((ret & APP_STATE_DROPME)){ - if(pmeinfo->action != KNI_ACTION_INTERCEPT){ - if(pmeinfo != NULL){ - stream_destroy(pmeinfo); - } - } - else{ - if(pmeinfo->intcp_error < 0){ - pmeinfo->ssl_intercept_state = 0; - FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_INTCPERR], 0, FS_OP_ADD, 1); - if(pmeinfo != NULL){ - //pmeinfo->policy_id = -1; - TLD_append_streaminfo(g_tsg_log_instance, pmeinfo->tld_handle, (struct streaminfo*)pmeinfo->stream); - stream_destroy(pmeinfo); - } - } - else{ - if(pmeinfo->is_dynamic_bypass == 0) // stream is dynamic bypass 0: not dynamic bypass 1: dynamic bypass - { - can_destroy = judge_stream_can_destroy(pmeinfo, CALLER_SAPP); - if(can_destroy == 1){ - traceid2pme_htable_del(pmeinfo); - stream_destroy(pmeinfo); - } - } - else - { - stream_destroy(pmeinfo); - } - - } - } + + if((ret & APP_STATE_DROPME)) + { + deal_app_state_dropme(pmeinfo, thread_seq); } return ret; } @@ -2186,7 +2546,6 @@ static int wrapped_kni_cmsg_get(struct pme_info *pmeinfo, struct kni_cmsg *cmsg, } - static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size, void *user_args){ struct traceid2pme_search_cb_args *args = (struct traceid2pme_search_cb_args*)user_args; void *logger = args->logger; @@ -2492,7 +2851,8 @@ static struct kni_field_stat_handle * fs_init(const char *profile){ fs_handle->fields[KNI_FIELD_HTTP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "http_stm"); fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_stm"); fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_B"); - + + fs_handle->fields[KNI_FIELD_NO_INTCP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "no_intcp_rdy_stm"); //intercept ready stream: success + failed fs_handle->fields[KNI_FIELD_INTCP_READY_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_rdy_stm"); //fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_rdy_B"); @@ -2606,6 +2966,7 @@ static int traceid2pme_htable_expire_notify_cb(void *data, int eliminate_type){ if(can_destroy == 1){ FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_ID2PME_DEL_SUCC], 0, FS_OP_ADD, 1); FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_ID2PME_CNT], 0, FS_OP_ADD, -1); + set_proxy_rule_hits_metric(pmeinfo, g_kni_handle->thread_count); stream_destroy(pmeinfo); return 1; } @@ -2703,6 +3064,7 @@ extern "C" int kni_init(){ struct thread_tfe_cmsg_receiver_args *cmsg_receiver_args; MESA_htable_handle traceid2pme_htable = NULL; struct tfe_mgr *_tfe_mgr = NULL; + int n_pxy_fs_thread = 0; //char label_buff[MAX_STRING_LEN*4]={0}; tfe_cmsg_enum_to_string(); int ret = MESA_load_profile_string_nodef(profile, section, "log_path", log_path, sizeof(log_path)); @@ -2883,6 +3245,16 @@ extern "C" int kni_init(){ } g_kni_fs_handle = fs_handle; + n_pxy_fs_thread = get_thread_count() + 1; + g_kni_handle->proxy_fieldstat = proxy_fieldstat_init(profile, "proxy_hits", + n_pxy_fs_thread, + local_logger); + if(g_kni_handle->proxy_fieldstat == NULL) + { + KNI_LOG_ERROR(local_logger, "Failed at init proxy fieldstat"); + goto error_out; + } + //init traceid2pme_htable struct kni_htable_opt opt; memset(&opt, 0, sizeof(opt)); diff --git a/entry/src/kni_fieldstat.cpp b/entry/src/kni_fieldstat.cpp new file mode 100644 index 0000000..a72764f --- /dev/null +++ b/entry/src/kni_fieldstat.cpp @@ -0,0 +1,235 @@ +#include <stdlib.h> +#include "kni_fieldstat.h" +#include "kni_utils.h" + +static int read_fieldstat_tags(struct proxy_metric_tag *metric_tags, + struct fieldstat_tag tags[]) +{ + int n_tags = 0; + + tags[n_tags].key = "vsys_id"; + tags[n_tags].value_type = 0; + tags[n_tags].value_int = metric_tags->vsys_id; + n_tags++; + + tags[n_tags].key = "rule_id"; + tags[n_tags].value_type = 0; + tags[n_tags].value_int = metric_tags->rule_id; + n_tags++; + + if(metric_tags->pinning_status == 1) + { + tags[n_tags].key = "pinning_status"; + tags[n_tags].value_type = 0; + tags[n_tags].value_int = metric_tags->pinning_status; + n_tags++; + } + + tags[n_tags].key = "action"; + tags[n_tags].value_type = 0; + // tags[n_tags].value_int = (hit_no_intercept == 1 ? 3 : 2); + tags[n_tags].value_int = metric_tags->action; + n_tags++; + + return n_tags; +} + + +void proxy_set_metric_value(struct proxy_fieldstat *pxy_fs, + struct proxy_metric_tag *metric_tags, + struct proxy_metric_value *metric_value, + int thread_id) +{ + int n_tags = 0; + const char *metric_row_name = "proxy_rule_hits"; + struct fieldstat_tag fieldstat_tags[5]; + + n_tags = read_fieldstat_tags(metric_tags, fieldstat_tags); + if(metric_value->hit_count > 0) + { + fieldstat_dynamic_table_metric_value_incrby( + pxy_fs->instance, + pxy_fs->table_id, + pxy_fs->column_ids[PROXY_METRIC_COLUMN_HIT_COUNT], + metric_row_name, + metric_value->hit_count, + fieldstat_tags, + (size_t)n_tags, + thread_id); + } + + if(metric_value->in_bytes > 0) + { + fieldstat_dynamic_table_metric_value_incrby( + pxy_fs->instance, + pxy_fs->table_id, + pxy_fs->column_ids[PROXY_METRIC_COLUMN_IN_BYTES], + metric_row_name, + metric_value->in_bytes, + fieldstat_tags, + (size_t)n_tags, + thread_id); + } + + if(metric_value->in_pkts > 0) + { + fieldstat_dynamic_table_metric_value_incrby( + pxy_fs->instance, + pxy_fs->table_id, + pxy_fs->column_ids[PROXY_METRIC_COLUMN_IN_PKTS], + metric_row_name, + metric_value->in_pkts, + fieldstat_tags, + (size_t)n_tags, + thread_id); + } + + if(metric_value->out_bytes > 0) + { + fieldstat_dynamic_table_metric_value_incrby( + pxy_fs->instance, + pxy_fs->table_id, + pxy_fs->column_ids[PROXY_METRIC_COLUMN_OUT_BYTES], + metric_row_name, + metric_value->out_bytes, + fieldstat_tags, + (size_t)n_tags, + thread_id); + } + + if(metric_value->out_pkts > 0) + { + fieldstat_dynamic_table_metric_value_incrby( + pxy_fs->instance, + pxy_fs->table_id, + pxy_fs->column_ids[PROXY_METRIC_COLUMN_OUT_PKTS], + metric_row_name, + metric_value->out_pkts, + fieldstat_tags, + (size_t)n_tags, + thread_id); + } + +} + +struct proxy_fieldstat *proxy_fieldstat_new(char *app_name, int n_thread, + const char *telegraf_ip, + unsigned short telegraf_port, + int interval_ms, + void *local_logger) +{ + struct proxy_fieldstat *pxy_fs = NULL; + + const char *column_field[PROXY_METRIC_COLUMN_MAX] = { + "hit_count", "in_bytes","out_bytes", "in_pkts","out_pkts"}; + enum field_type column_type[PROXY_METRIC_COLUMN_MAX] = { + FIELD_TYPE_COUNTER, + FIELD_TYPE_COUNTER, + FIELD_TYPE_COUNTER, + FIELD_TYPE_COUNTER, + FIELD_TYPE_COUNTER + }; + + pxy_fs = (struct proxy_fieldstat *)calloc(1,sizeof(struct proxy_fieldstat)); + pxy_fs->instance = fieldstat_dynamic_instance_new(app_name, n_thread); + + if(pxy_fs->instance == NULL) + { + goto error; + } + + pxy_fs->n_thread = n_thread; + fieldstat_dynamic_set_line_protocol_server(pxy_fs->instance, telegraf_ip, + telegraf_port); + fieldstat_dynamic_set_output_interval(pxy_fs->instance, interval_ms); + + pxy_fs->table_id = fieldstat_register_dynamic_table( + pxy_fs->instance, + "proxy_rule_hits", + column_field, + column_type, + (size_t)PROXY_METRIC_COLUMN_MAX, + pxy_fs->column_ids); + + if(pxy_fs->table_id < 0) + { + goto error; + } + + fieldstat_dynamic_instance_start(pxy_fs->instance); + return pxy_fs; + +error: + if(pxy_fs) + { + free(pxy_fs); + pxy_fs = NULL; + } + return NULL; +} + +void proxy_fieldstat_free(struct proxy_fieldstat *pxy_fs) +{ + if(pxy_fs) + { + if(pxy_fs->instance) + { + fieldstat_dynamic_instance_free(pxy_fs->instance); + pxy_fs->instance = NULL; + } + free(pxy_fs); + pxy_fs = NULL; + } +} + + +struct proxy_fieldstat *proxy_fieldstat_init(const char *profile, + const char *section, + int n_thread, + void *logger) +{ + int interval_ms = 0; + unsigned short telegraf_port = 0; + char telegraf_ip[KNI_ADDR_MAX] = {0}; + char app_name[KNI_STRING_MAX] = {0}; + struct proxy_fieldstat *pxy_fs = NULL; + + + MESA_load_profile_string_def(profile, section, "app_name", app_name, + sizeof(app_name), "proxy_rule_hits"); + + MESA_load_profile_string_nodef(profile, section, "telegraf_ip", + telegraf_ip, sizeof(telegraf_ip)); + + MESA_load_profile_short_nodef(profile, section, "telegraf_port", + (short *)&(telegraf_port)); + + MESA_load_profile_int_def(profile, section, "interval_ms", &interval_ms, + 1000); + + pxy_fs = proxy_fieldstat_new(app_name, n_thread, telegraf_ip, + telegraf_port, interval_ms, logger); + if (pxy_fs == NULL) + { + KNI_LOG_ERROR(logger, "proxy fieldstat init failed, error to create fieldstat metric."); + return NULL; + } + KNI_LOG_ERROR(logger, "proxy fieldstat telegraf_ip : %s", telegraf_ip); + KNI_LOG_ERROR(logger, "proxy fieldstat telegraf_port : %d", telegraf_port); + KNI_LOG_ERROR(logger, "proxy fieldstat app_name : %s", app_name); + KNI_LOG_ERROR(logger, "proxy fieldstat interval_ms : %d", interval_ms); + + return pxy_fs; +} + +void proxy_fieldstat_destory(struct proxy_fieldstat *pxy_fs, void *logger) +{ + if(pxy_fs) + { + proxy_fieldstat_free(pxy_fs); + pxy_fs = NULL; + } + KNI_LOG_ERROR(logger, "Destory proxy fieldstat!"); + return; +} + diff --git a/vendor/CMakeLists.txt b/vendor/CMakeLists.txt index 13d52cd..cd5a0bf 100644 --- a/vendor/CMakeLists.txt +++ b/vendor/CMakeLists.txt @@ -84,6 +84,10 @@ add_library(MESA_field_stat SHARED IMPORTED GLOBAL) set_property(TARGET MESA_field_stat PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libMESA_field_stat2.so) set_property(TARGET MESA_field_stat PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR}) +add_library(fieldstat3 SHARED IMPORTED GLOBAL) +set_property(TARGET fieldstat3 PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libfieldstat3.so) +set_property(TARGET fieldstat3 PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR}) + add_library(rdkafka SHARED IMPORTED GLOBAL) set_property(TARGET rdkafka PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/librdkafka.so) set_property(TARGET rdkafka PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR}) |