zhao/OpenAppFilter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix som bugs an optimize code format

Browse Source
This commit is contained in:
derry 2022-06-15 00:10:15 +08:00
parent 8d60913208
commit 18728fe05f
8 changed files with 839 additions and 858 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
oaf/Makefile
View File

@ -3,9 +3,6 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=oaf
PKG_VERSION:=5.0
PKG_RELEASE:=1
include $(INCLUDE_DIR)/package.mk
PKG_AUTOLOAD:=oaf

303
oaf/src/af_client.c
View File

@ -25,36 +25,39 @@
#include "app_filter.h"
#include "cJSON.h"
DEFINE_RWLOCK(af_client_lock);
DEFINE_RWLOCK(af_client_lock);
u32 total_client = 0;
struct list_head af_client_list_table[MAX_AF_CLIENT_HASH_SIZE];
int af_send_msg_to_user(char *pbuf, uint16_t len);
static void
static void
nf_client_list_init(void)
{
int i;
AF_CLIENT_LOCK_W();
for(i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i ++){
INIT_LIST_HEAD(&af_client_list_table[i]);
}
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++)
{
INIT_LIST_HEAD(&af_client_list_table[i]);
}
AF_CLIENT_UNLOCK_W();
AF_INFO("client list init......ok\n");
}
static void
static void
nf_client_list_clear(void)
{
int i;
af_client_info_t * p = NULL;
af_client_info_t *p = NULL;
char mac_str[32] = {0};
AF_DEBUG("clean list\n");
AF_CLIENT_LOCK_W();
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE;i++){
while(!list_empty(&af_client_list_table[i])){
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++)
{
while (!list_empty(&af_client_list_table[i]))
{
p = list_first_entry(&af_client_list_table[i], af_client_info_t, hlist);
memset(mac_str, 0x0, sizeof(mac_str));
sprintf(mac_str, MAC_FMT, MAC_ARRAY(p->mac));
@ -66,19 +69,16 @@ nf_client_list_clear(void)
AF_CLIENT_UNLOCK_W();
}
void af_client_list_reset_report_num(void)
{
int i;
af_client_info_t * node = NULL;
char mac_str[32] = {0};
AF_INFO("reset report num");
af_client_info_t *node = NULL;
AF_CLIENT_LOCK_W();
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE;i++){
list_for_each_entry(node, &af_client_list_table[i], hlist){
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++)
{
list_for_each_entry(node, &af_client_list_table[i], hlist)
{
node->report_count = 0;
printk("reset mac="MAC_FMT" report num to 0\n", MAC_ARRAY(node->mac));
}
}
AF_CLIENT_UNLOCK_W();
@ -92,73 +92,82 @@ int get_mac_hash_code(unsigned char *mac)
return mac[5] & (MAX_AF_CLIENT_HASH_SIZE - 1);
}
af_client_info_t * find_af_client(unsigned char *mac)
af_client_info_t *find_af_client(unsigned char *mac)
{
af_client_info_t *node;
unsigned int index;
af_client_info_t *node;
unsigned int index;
index = get_mac_hash_code(mac);
list_for_each_entry(node, &af_client_list_table[index], hlist){
if (0 == memcmp(node->mac, mac, 6)){
index = get_mac_hash_code(mac);
list_for_each_entry(node, &af_client_list_table[index], hlist)
{
if (0 == memcmp(node->mac, mac, 6))
{
node->update_jiffies = jiffies;
return node;
}
}
return NULL;
}
}
return NULL;
}
af_client_info_t *find_af_client_by_ip(unsigned int ip)
{
af_client_info_t *node;
af_client_info_t *node;
int i;
for(i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++){
list_for_each_entry(node, &af_client_list_table[i], hlist){
if (node->ip == ip){
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++)
{
list_for_each_entry(node, &af_client_list_table[i], hlist)
{
if (node->ip == ip)
{
AF_LMT_DEBUG("match node->ip=%pI4, ip=%pI4\n", &node->ip, &ip);
return node;
}
}
}
}
}
return NULL;
return NULL;
}
static af_client_info_t *
nf_client_add(unsigned char *mac)
{
af_client_info_t *node;
af_client_info_t *node;
int index = 0;
node = (af_client_info_t *)kmalloc(sizeof(af_client_info_t), GFP_ATOMIC);
if (node == NULL) {
AF_ERROR("kmalloc failed\n");
return NULL;
}
if (node == NULL)
{
AF_ERROR("kmalloc failed\n");
return NULL;
}
memset(node, 0, sizeof(af_client_info_t));
memcpy(node->mac, mac, MAC_ADDR_LEN);
node->create_jiffies = jiffies;
node->update_jiffies = jiffies;
index = get_mac_hash_code(mac);
AF_LMT_INFO("new client mac="MAC_FMT"\n", MAC_ARRAY(node->mac));
index = get_mac_hash_code(mac);
AF_LMT_INFO("new client mac=" MAC_FMT "\n", MAC_ARRAY(node->mac));
total_client++;
list_add(&(node->hlist), &af_client_list_table[index]);
return node;
return node;
}
void check_client_expire(void)
{
af_client_info_t *node;
af_client_info_t *node;
int i;
AF_CLIENT_LOCK_W();
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++){
list_for_each_entry(node, &af_client_list_table[i], hlist) {
AF_DEBUG("mac:"MAC_FMT" update:%lu interval:%lu\n", MAC_ARRAY(node->mac),
node->update_jiffies, (jiffies - node->update_jiffies) / HZ);
if (jiffies > (node->update_jiffies + MAX_CLIENT_ACTIVE_TIME * HZ)) {
AF_INFO("del client:"MAC_FMT"\n", MAC_ARRAY(node->mac));
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++)
{
list_for_each_entry(node, &af_client_list_table[i], hlist)
{
AF_DEBUG("mac:" MAC_FMT " update:%lu interval:%lu\n", MAC_ARRAY(node->mac),
node->update_jiffies, (jiffies - node->update_jiffies) / HZ);
if (jiffies > (node->update_jiffies + MAX_CLIENT_ACTIVE_TIME * HZ))
{
AF_INFO("del client:" MAC_FMT "\n", MAC_ARRAY(node->mac));
list_del(&(node->hlist));
kfree(node);
AF_CLIENT_UNLOCK_W();
@ -177,37 +186,50 @@ void flush_expired_visit_info(af_client_info_t *node)
u_int32_t cur_timep = 0;
int timeout = 0;
cur_timep = af_get_timestamp_sec();
for (i = 0; i < MAX_RECORD_APP_NUM; i++){
if (node->visit_info[i].app_id == 0){
for (i = 0; i < MAX_RECORD_APP_NUM; i++)
{
if (node->visit_info[i].app_id == 0)
{
return;
}
}
for (i = 0; i < MAX_RECORD_APP_NUM; i++){
for (i = 0; i < MAX_RECORD_APP_NUM; i++)
{
if (count >= MAX_EXPIRED_VISIT_INFO_COUNT)
break;
if (node->visit_info[i].total_num > 3){
if (node->visit_info[i].total_num > 3)
{
timeout = 180;
}
else{
else
{
timeout = 60;
}
if (cur_timep - node->visit_info[i].latest_time > timeout){
// 3?¡§o?¨¤??3y????
if (cur_timep - node->visit_info[i].latest_time > timeout)
{
// 3?<3F><>o?<3F><>??3y????
memset(&node->visit_info[i], 0x0, sizeof(app_visit_info_t));
count++;
}
}
}
int __af_visit_info_report(af_client_info_t *node){
int __af_visit_info_report(af_client_info_t *node)
{
unsigned char mac_str[32] = {0};
unsigned char ip_str[32] = {0};
int i, j;
cJSON *root_obj = cJSON_CreateObject();
if(!root_obj){
int i;
int count = 0;
char *out = NULL;
cJSON *visit_obj = NULL;
cJSON *visit_info_array = NULL;
cJSON *root_obj = NULL;
root_obj = cJSON_CreateObject();
if (!root_obj)
{
AF_ERROR("create json obj failed");
return 0;
}
@ -216,35 +238,30 @@ int __af_visit_info_report(af_client_info_t *node){
cJSON_AddStringToObject(root_obj, "mac", mac_str);
cJSON_AddStringToObject(root_obj, "ip", ip_str);
cJSON_AddNumberToObject(root_obj, "app_num", node->visit_app_num);
cJSON *visit_info_array = cJSON_CreateArray();
int count = 0;
for(i = 0; i < MAX_RECORD_APP_NUM; i++){
if(node->visit_info[i].app_id == 0)
visit_info_array = cJSON_CreateArray();
for (i = 0; i < MAX_RECORD_APP_NUM; i++)
{
if (node->visit_info[i].app_id == 0)
continue;
if(node->visit_info[i].total_num < 3)
if (node->visit_info[i].total_num < 3)
continue;
count++;
cJSON *visit_obj = cJSON_CreateObject();
visit_obj = cJSON_CreateObject();
cJSON_AddNumberToObject(visit_obj, "appid", node->visit_info[i].app_id);
cJSON_AddNumberToObject(visit_obj, "latest_action", node->visit_info[i].latest_action);
//cJSON_AddNumberToObject(visit_obj, "latest_time", node->visit_info[i].latest_time);
//cJSON_AddNumberToObject(visit_obj, "total_num", node->visit_info[i].total_num);
//cJSON_AddNumberToObject(visit_obj, "drop_num", node->visit_info[i].drop_num);
cJSON_AddNumberToObject(visit_obj, "up_bytes", node->visit_info[i].total_up_bytes);
cJSON_AddNumberToObject(visit_obj, "down_bytes", node->visit_info[i].total_down_bytes);
//clear
memset((char *)&node->visit_info[i], 0x0, sizeof(app_visit_info_t));
cJSON_AddItemToArray(visit_info_array, visit_obj);
}
cJSON_AddItemToObject(root_obj, "visit_info", visit_info_array);
char *out = cJSON_Print(root_obj);
if(!out)
out = cJSON_Print(root_obj);
if (!out)
return 0;
//cJSON_Minify(out);
if (count > 0 || node->report_count == 0){
cJSON_Minify(out);
if (count > 0 || node->report_count == 0)
{
AF_INFO("report:%s count=%d\n", out, node->report_count);
node->report_count++;
af_send_msg_to_user(out, strlen(out));
@ -253,13 +270,16 @@ int __af_visit_info_report(af_client_info_t *node){
kfree(out);
return 0;
}
void af_visit_info_report(void){
af_client_info_t *node;
void af_visit_info_report(void)
{
af_client_info_t *node;
int i;
AF_CLIENT_LOCK_W();
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++){
list_for_each_entry(node, &af_client_list_table[i], hlist) {
//flush_expired_visit_info(node);
for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++)
{
list_for_each_entry(node, &af_client_list_table[i], hlist)
{
// flush_expired_visit_info(node);
AF_INFO("report %s\n", node->mac);
__af_visit_info_report(node);
}
@ -268,24 +288,28 @@ void af_visit_info_report(void){
}
static inline int get_packet_dir(struct net_device *in)
{
if (0 == strncmp(in->name, "br", 2)){
if (0 == strncmp(in->name, "br", 2))
{
return PKT_DIR_UP;
}
else{
else
{
return PKT_DIR_DOWN;
}
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
static u_int32_t af_client_hook(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state) {
struct sk_buff *skb,
const struct nf_hook_state *state)
{
#else
static u_int32_t af_client_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *)){
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
#endif
struct ethhdr *ethhdr = NULL;
unsigned char smac[ETH_ALEN];
@ -294,53 +318,61 @@ static u_int32_t af_client_hook(unsigned int hook,
struct iphdr *iph = NULL;
// 4.10-->4.11 nfct-->_nfct
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
struct nf_conn *ct = (struct nf_conn *)skb->_nfct;
#else
struct nf_conn *ct = (struct nf_conn *)skb->nfct;
#endif
if (ct == NULL) {
if (ct == NULL)
{
return NF_ACCEPT;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0)
if(!skb->dev)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
if (!skb->dev)
return NF_ACCEPT;
pkt_dir = get_packet_dir(skb->dev);
#else
if (!in){
if (!in)
{
AF_ERROR("in is NULL\n");
return NF_ACCEPT;
}
pkt_dir = get_packet_dir(in);
#endif
if(PKT_DIR_UP != pkt_dir)
if (PKT_DIR_UP != pkt_dir)
return NF_ACCEPT;
ethhdr = eth_hdr(skb);
if (ethhdr) {
memcpy(smac, ethhdr->h_source, ETH_ALEN);
} else {
memcpy(smac, &skb->cb[40], ETH_ALEN);
}
ethhdr = eth_hdr(skb);
if (ethhdr)
{
memcpy(smac, ethhdr->h_source, ETH_ALEN);
}
else
{
memcpy(smac, &skb->cb[40], ETH_ALEN);
}
iph = ip_hdr(skb);
if (!iph) {
if (!iph)
{
return NF_ACCEPT;
}
AF_CLIENT_LOCK_W();
nfc = find_af_client(smac);
if (!nfc){
if (!nfc)
{
if (skb->dev)
AF_DEBUG("from dev:%s [%s] %pI4--->%pI4", skb->dev->name, (iph->protocol == IPPROTO_TCP ? "TCP" : "UDP"),
&iph->saddr, &iph->daddr);
AF_DEBUG("from dev:%s [%s] %pI4--->%pI4", skb->dev->name, (iph->protocol == IPPROTO_TCP ? "TCP" : "UDP"),
&iph->saddr, &iph->daddr);
nfc = nf_client_add(smac);
}
if(nfc && nfc->ip != iph->saddr){
AF_DEBUG("update node "MAC_FMT" ip %pI4--->%pI4\n", MAC_ARRAY(nfc->mac), &nfc->ip, &iph->saddr);
if (nfc && nfc->ip != iph->saddr)
{
AF_DEBUG("update node " MAC_FMT " ip %pI4--->%pI4\n", MAC_ARRAY(nfc->mac), &nfc->ip, &iph->saddr);
nfc->ip = iph->saddr;
}
AF_CLIENT_UNLOCK_W();
@ -348,52 +380,47 @@ static u_int32_t af_client_hook(unsigned int hook,
return NF_ACCEPT;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
static struct nf_hook_ops af_client_ops[] = {
{
.hook = af_client_hook,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_FIRST + 1,
.hook = af_client_hook,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_FIRST + 1,
},
};
#else
static struct nf_hook_ops af_client_ops[] = {
{
.hook = af_client_hook,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_FIRST + 1,
.hook = af_client_hook,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_FIRST + 1,
},
};
#endif
int af_client_init(void)
int af_client_init(void)
{
nf_client_list_init();
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
nf_register_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops));
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
nf_register_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops));
#else
nf_register_hooks(af_client_ops, ARRAY_SIZE(af_client_ops));
#endif
AF_INFO("init app afclient ........ok\n");
return 0;
}
void af_client_exit(void)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
nf_unregister_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops));
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
nf_unregister_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops));
#else
nf_unregister_hooks(af_client_ops, ARRAY_SIZE(af_client_ops));
#endif
nf_client_list_clear();
return ;
return;
}

63
oaf/src/af_client.h
View File

@ -2,38 +2,37 @@
#define __AF_CLIENT_H__
#include "app_filter.h"
extern rwlock_t af_client_lock;
extern rwlock_t af_client_lock;
extern u32 nfc_debug_level;
#define MAX_AF_CLIENT_HASH_SIZE 64
#define NF_CLIENT_TIMER_EXPIRE 1
#define MAX_CLIENT_ACTIVE_TIME 90
#define NF_CLIENT_TIMER_EXPIRE 1
#define MAX_CLIENT_ACTIVE_TIME 90
#define AF_CLIENT_LOCK_R() read_lock_bh(&af_client_lock);
#define AF_CLIENT_UNLOCK_R() read_unlock_bh(&af_client_lock);
#define AF_CLIENT_LOCK_W() write_lock_bh(&af_client_lock);
#define AF_CLIENT_UNLOCK_W() write_unlock_bh(&af_client_lock);
#define AF_CLIENT_LOCK_R() read_lock_bh(&af_client_lock);
#define AF_CLIENT_UNLOCK_R() read_unlock_bh(&af_client_lock);
#define AF_CLIENT_LOCK_W() write_lock_bh(&af_client_lock);
#define AF_CLIENT_UNLOCK_W() write_unlock_bh(&af_client_lock);
#define NIPQUAD(addr) \
((unsigned char *)&addr)[0], \
((unsigned char *)&addr)[1], \
((unsigned char *)&addr)[2], \
((unsigned char *)&addr)[3]
#define NIPQUAD(addr) \
((unsigned char *)&addr)[0], \
((unsigned char *)&addr)[1], \
((unsigned char *)&addr)[2], \
((unsigned char *)&addr)[3]
#define NIPQUAD_FMT "%u.%u.%u.%u"
enum NFC_PKT_DIR{
enum NFC_PKT_DIR
{
PKT_DIR_DOWN,
PKT_DIR_UP
};
#define MAX_VISIT_HISTORY_TIME 24
#define MAX_RECORD_APP_NUM 64
typedef struct app_visit_info{
typedef struct app_visit_info
{
unsigned int app_id;
unsigned int total_num;
unsigned int drop_num;
@ -42,27 +41,25 @@ typedef struct app_visit_info{
unsigned int total_down_bytes;
unsigned int total_up_bytes;
unsigned long history_time[MAX_VISIT_HISTORY_TIME];
unsigned int action[MAX_VISIT_HISTORY_TIME];
}app_visit_info_t;
unsigned int action[MAX_VISIT_HISTORY_TIME];
} app_visit_info_t;
typedef struct af_client_info {
struct list_head hlist;
unsigned char mac[MAC_ADDR_LEN];
unsigned int ip;
unsigned long create_jiffies;
unsigned long update_jiffies;
unsigned int visit_app_num;
typedef struct af_client_info
{
struct list_head hlist;
unsigned char mac[MAC_ADDR_LEN];
unsigned int ip;
unsigned long create_jiffies;
unsigned long update_jiffies;
unsigned int visit_app_num;
int report_count;
app_visit_info_t visit_info[MAX_RECORD_APP_NUM];
}af_client_info_t;
app_visit_info_t visit_info[MAX_RECORD_APP_NUM];
} af_client_info_t;
int af_client_init(void);
void af_client_exit(void);
af_client_info_t * find_af_client_by_ip(unsigned int ip);
af_client_info_t *find_af_client_by_ip(unsigned int ip);
void check_client_expire(void);

118
oaf/src/af_client_fs.c
View File

@ -24,7 +24,8 @@
#include "af_client.h"
extern struct list_head af_client_list_table[MAX_AF_CLIENT_HASH_SIZE];
struct af_client_iter_state {
struct af_client_iter_state
{
unsigned int bucket;
void *head;
};
@ -32,31 +33,37 @@ struct af_client_iter_state {
static void *af_client_get_first(struct seq_file *seq)
{
struct af_client_iter_state *st = seq->private;
for (st->bucket = 0;st->bucket < MAX_AF_CLIENT_HASH_SIZE;st->bucket++){
if(!list_empty(&(af_client_list_table[st->bucket]))){
st->head = &(af_client_list_table[st->bucket]);
return af_client_list_table[st->bucket].next;
}
for (st->bucket = 0; st->bucket < MAX_AF_CLIENT_HASH_SIZE; st->bucket++)
{
if (!list_empty(&(af_client_list_table[st->bucket])))
{
st->head = &(af_client_list_table[st->bucket]);
return af_client_list_table[st->bucket].next;
}
}
return NULL;
}
static void *af_client_get_next(struct seq_file *seq,
void *head)
void *head)
{
struct af_client_iter_state *st = seq->private;
struct hlist_node * node = (struct hlist_node *)head;
struct hlist_node *node = (struct hlist_node *)head;
node = node->next;
if (node != st->head){
if (node != st->head)
{
return node;
}
else{
else
{
st->bucket++;
for (;st->bucket < MAX_AF_CLIENT_HASH_SIZE;st->bucket++) {
if(!list_empty(&(af_client_list_table[st->bucket]))){
for (; st->bucket < MAX_AF_CLIENT_HASH_SIZE; st->bucket++)
{
if (!list_empty(&(af_client_list_table[st->bucket])))
{
st->head = &(af_client_list_table[st->bucket]);
return af_client_list_table[st->bucket].next;
return af_client_list_table[st->bucket].next;
}
}
return NULL;
@ -69,23 +76,24 @@ static void *af_client_get_idx(struct seq_file *seq, loff_t pos)
if (head)
while (pos && (head = af_client_get_next(seq, head)))
pos--;
pos--;
return pos ? NULL : head;
}
static void *af_client_seq_start(struct seq_file *s, loff_t *pos)
{
AF_CLIENT_LOCK_R();
if (*pos == 0){
AF_CLIENT_LOCK_R();
if (*pos == 0)
{
return SEQ_START_TOKEN;
}
return af_client_get_idx(s, *pos - 1);
}
static void *af_client_seq_next(struct seq_file *s, void *v, loff_t *pos)
{
{
(*pos)++;
if (v == SEQ_START_TOKEN)
return af_client_get_idx(s, 0);
@ -94,39 +102,34 @@ static void *af_client_seq_next(struct seq_file *s, void *v, loff_t *pos)
}
static void af_client_seq_stop(struct seq_file *s, void *v)
{
// seq_printf(s, "%s", "]");
AF_CLIENT_UNLOCK_R();
{
AF_CLIENT_UNLOCK_R();
}
static int af_client_seq_show(struct seq_file *s, void *v)
{
unsigned char mac_str[32] = {0};
unsigned char ip_str[32] = {0};
static int index = 0;
af_client_info_t *node = (af_client_info_t *)v;
if (v == SEQ_START_TOKEN) {
index = 0;
seq_printf(s, "%-4s %-20s %-20s\n", "Id", "Mac", "Ip");
unsigned char ip_str[32] = {0};
static int index = 0;
af_client_info_t *node = (af_client_info_t *)v;
if (v == SEQ_START_TOKEN)
{
index = 0;
seq_printf(s, "%-4s %-20s %-20s\n", "Id", "Mac", "Ip");
return 0;
}
// if(index > 0)
// seq_printf(s, "%s", ",");
index++;
sprintf(mac_str, MAC_FMT, MAC_ARRAY(node->mac));
sprintf(ip_str, "%pI4", &node->ip);
seq_printf(s, "%-4d %-20s %-20s\n", index, mac_str, ip_str);
index++;
sprintf(mac_str, MAC_FMT, MAC_ARRAY(node->mac));
sprintf(ip_str, "%pI4", &node->ip);
seq_printf(s, "%-4d %-20s %-20s\n", index, mac_str, ip_str);
return 0;
}
static const struct seq_operations nf_client_seq_ops = {
.start = af_client_seq_start,
.next = af_client_seq_next,
.stop = af_client_seq_stop,
.show = af_client_seq_show
};
.next = af_client_seq_next,
.stop = af_client_seq_stop,
.show = af_client_seq_show};
static int af_client_open(struct inode *inode, struct file *file)
{
@ -139,7 +142,8 @@ static int af_client_open(struct inode *inode, struct file *file)
return -ENOMEM;
err = seq_open(file, &nf_client_seq_ops);
if (err) {
if (err)
{
kfree(iter);
return err;
}
@ -149,37 +153,34 @@ static int af_client_open(struct inode *inode, struct file *file)
return 0;
}
#if LINUX_VERSION_CODE <= KERNEL_VERSION(5,5,0)
#if LINUX_VERSION_CODE <= KERNEL_VERSION(5, 5, 0)
static const struct file_operations af_client_fops = {
.owner = THIS_MODULE,
.open = af_client_open,
.read = seq_read,
.llseek = seq_lseek,
.release = seq_release_private,
.owner = THIS_MODULE,
.open = af_client_open,
.read = seq_read,
.llseek = seq_lseek,
.release = seq_release_private,
};
#else
static const struct proc_ops af_client_fops = {
.proc_flags = PROC_ENTRY_PERMANENT,
.proc_read = seq_read,
.proc_open = af_client_open,
.proc_lseek = seq_lseek,
.proc_release = seq_release_private,
.proc_flags = PROC_ENTRY_PERMANENT,
.proc_read = seq_read,
.proc_open = af_client_open,
.proc_lseek = seq_lseek,
.proc_release = seq_release_private,
};
#endif
#define AF_CLIENT_PROC_STR "af_client"
int init_af_client_procfs(void)
{
struct proc_dir_entry *pde;
struct net *net = &init_net;
// pde = proc_create(AF_CLIENT_PROC_STR, 0440, net->proc_net, &af_client_fops);
pde = proc_create(AF_CLIENT_PROC_STR, 0440, net->proc_net, &af_client_fops);
pde = proc_create(AF_CLIENT_PROC_STR, 0440, net->proc_net, &af_client_fops);
if (!pde) {
if (!pde)
{
AF_ERROR("nf_client proc file created error\n");
return -1;
}
@ -187,8 +188,7 @@ int init_af_client_procfs(void)
}
void finit_af_client_procfs(void)
{
{
struct net *net = &init_net;
remove_proc_entry(AF_CLIENT_PROC_STR, net->proc_net);
}

858
oaf/src/app_filter.c
View File

File diff suppressed because it is too large Load Diff

6
oaf/src/app_filter.h
View File

@ -1,10 +1,10 @@
#ifndef APP_FILTER_H
#define APP_FILTER_H
#define AF_VERSION "5.0.1"
#define AF_VERSION "5.0"
#define AF_FEATURE_CONFIG_FILE "/tmp/feature.cfg"
#define MAX_PARSE_PKT_NUM 16
#define MAX_PARSE_PKT_NUM 64
#define MIN_HTTP_DATA_LEN 16
#define MAX_APP_NAME_LEN 64
#define MAX_FEATURE_NUM_PER_APP 16
@ -92,7 +92,7 @@ typedef struct https_proto{
}https_proto_t;
typedef struct flow_info{
struct nf_conn *ct; // <20><><EFBFBD>Ӹ<EFBFBD><D3B8><EFBFBD>ָ<EFBFBD><D6B8>
struct nf_conn *ct;
u_int32_t src;
u_int32_t dst;
int l4_protocol;

344
oaf/src/app_filter_config.c
View File

@ -22,26 +22,28 @@
DEFINE_RWLOCK(af_rule_lock);
#define af_rule_read_lock() read_lock_bh(&af_rule_lock);
#define af_rule_read_unlock() read_unlock_bh(&af_rule_lock);
#define af_rule_write_lock() write_lock_bh(&af_rule_lock);
#define af_rule_write_unlock() write_unlock_bh(&af_rule_lock);
#define af_rule_read_lock() read_lock_bh(&af_rule_lock);
#define af_rule_read_unlock() read_unlock_bh(&af_rule_lock);
#define af_rule_write_lock() write_lock_bh(&af_rule_lock);
#define af_rule_write_unlock() write_unlock_bh(&af_rule_lock);
static struct mutex af_cdev_mutex;
struct af_config_dev {
dev_t id;
struct cdev char_dev;
struct class *c;
struct af_config_dev
{
dev_t id;
struct cdev char_dev;
struct class *c;
};
struct af_config_dev g_af_dev;
struct af_cdev_file {
size_t size;
char buf[256 << 10];
struct af_cdev_file
{
size_t size;
char buf[256 << 10];
};
enum AF_CONFIG_CMD{
enum AF_CONFIG_CMD
{
AF_CMD_ADD_APPID = 1,
AF_CMD_DEL_APPID,
AF_CMD_CLEAN_APPID,
@ -50,89 +52,92 @@ enum AF_CONFIG_CMD{
char g_app_id_array[AF_MAX_APP_TYPE_NUM][AF_MAX_APP_NUM] = {0};
void af_show_app_status(void)
{
int i, j;
AF_DEBUG("#########show app status##########\n");
for (i = 0; i < AF_MAX_APP_TYPE_NUM; i++) {
for (j = 0; j < AF_MAX_APP_NUM; j++) {
for (i = 0; i < AF_MAX_APP_TYPE_NUM; i++)
{
for (j = 0; j < AF_MAX_APP_NUM; j++)
{
af_rule_read_lock();
if (g_app_id_array[i][j] == AF_TRUE) {
if (g_app_id_array[i][j] == AF_TRUE)
{
AF_DEBUG("%d, %d\n", i, j);
}
af_rule_read_unlock();
}
}
AF_DEBUG("\n\n\n");
}
int af_change_app_status(cJSON * data_obj, int status)
int af_change_app_status(cJSON *data_obj, int status)
{
int i;
int id;
int type;
if (!data_obj) {
cJSON *appid_arr = NULL;
if (!data_obj)
{
AF_ERROR("data obj is null\n");
return -1;
}
cJSON *appid_arr = cJSON_GetObjectItem(data_obj, "apps");
if (!appid_arr){
appid_arr = cJSON_GetObjectItem(data_obj, "apps");
if (!appid_arr)
{
AF_ERROR("apps obj is null\n");
return -1;
}
for (i = 0; i < cJSON_GetArraySize(appid_arr); i++) {
for (i = 0; i < cJSON_GetArraySize(appid_arr); i++)
{
cJSON *appid_obj = cJSON_GetArrayItem(appid_arr, i);
if (!appid_obj){
AF_ERROR("appid obj is null\n");
if (!appid_obj)
return -1;
}
id = AF_APP_ID(appid_obj->valueint);
type = AF_APP_TYPE(appid_obj->valueint);
AF_DEBUG("appid:%d, type = %d, id = %d\n", appid_obj->valueint, type, id);
af_rule_write_lock();
g_app_id_array[type][id] = status;
af_rule_write_unlock();
}
return 0;
}
DEFINE_RWLOCK(af_mac_lock);
DEFINE_RWLOCK(af_mac_lock);
#define MAX_AF_MAC_HASH_SIZE 64
#define AF_MAC_LOCK_R() read_lock_bh(&af_mac_lock);
#define AF_MAC_UNLOCK_R() read_unlock_bh(&af_mac_lock);
#define AF_MAC_LOCK_W() write_lock_bh(&af_mac_lock);
#define AF_MAC_UNLOCK_W() write_unlock_bh(&af_mac_lock);
#define AF_MAC_LOCK_R() read_lock_bh(&af_mac_lock);
#define AF_MAC_UNLOCK_R() read_unlock_bh(&af_mac_lock);
#define AF_MAC_LOCK_W() write_lock_bh(&af_mac_lock);
#define AF_MAC_UNLOCK_W() write_unlock_bh(&af_mac_lock);
u32 total_mac = 0;
struct list_head af_mac_list_table[MAX_AF_MAC_HASH_SIZE];
void
af_mac_list_init(void)
void af_mac_list_init(void)
{
int i;
AF_MAC_LOCK_W();
for(i = 0; i < MAX_AF_MAC_HASH_SIZE; i ++){
INIT_LIST_HEAD(&af_mac_list_table[i]);
}
for (i = 0; i < MAX_AF_MAC_HASH_SIZE; i++)
{
INIT_LIST_HEAD(&af_mac_list_table[i]);
}
AF_MAC_UNLOCK_W();
AF_INFO("client list init......ok\n");
}
void
af_mac_list_clear(void)
void af_mac_list_clear(void)
{
int i;
af_mac_info_t * p = NULL;
af_mac_info_t *p = NULL;
char mac_str[32] = {0};
AF_DEBUG("clean list\n");
AF_MAC_LOCK_W();
for (i = 0; i < MAX_AF_MAC_HASH_SIZE;i++){
while(!list_empty(&af_mac_list_table[i])){
for (i = 0; i < MAX_AF_MAC_HASH_SIZE; i++)
{
while (!list_empty(&af_mac_list_table[i]))
{
p = list_first_entry(&af_mac_list_table[i], af_mac_info_t, hlist);
memset(mac_str, 0x0, sizeof(mac_str));
sprintf(mac_str, MAC_FMT, MAC_ARRAY(p->mac));
@ -145,7 +150,6 @@ af_mac_list_clear(void)
AF_MAC_UNLOCK_W();
}
int hash_mac(unsigned char *mac)
{
if (!mac)
@ -154,57 +158,62 @@ int hash_mac(unsigned char *mac)
return mac[5] & (MAX_AF_MAC_HASH_SIZE - 1);
}
af_mac_info_t * find_af_mac(unsigned char *mac)
af_mac_info_t *find_af_mac(unsigned char *mac)
{
af_mac_info_t *node;
unsigned int index;
af_mac_info_t *node;
unsigned int index;
index = hash_mac(mac);
list_for_each_entry(node, &af_mac_list_table[index], hlist){
if (0 == memcmp(node->mac, mac, 6)){
AF_DEBUG("match mac:"MAC_FMT"\n", MAC_ARRAY(node->mac));
index = hash_mac(mac);
list_for_each_entry(node, &af_mac_list_table[index], hlist)
{
if (0 == memcmp(node->mac, mac, 6))
{
AF_DEBUG("match mac:" MAC_FMT "\n", MAC_ARRAY(node->mac));
return node;
}
}
return NULL;
}
}
return NULL;
}
static af_mac_info_t *
af_mac_add(unsigned char *mac)
{
af_mac_info_t *node;
af_mac_info_t *node;
int index = 0;
node = (af_mac_info_t *)kmalloc(sizeof(af_mac_info_t), GFP_ATOMIC);
if (node == NULL) {
AF_ERROR("kmalloc failed\n");
return NULL;
}
if (node == NULL)
{
AF_ERROR("kmalloc failed\n");
return NULL;
}
memset(node, 0, sizeof(af_mac_info_t));
memcpy(node->mac, mac, MAC_ADDR_LEN);
index = hash_mac(mac);
AF_LMT_INFO("new client mac="MAC_FMT"\n", MAC_ARRAY(node->mac));
index = hash_mac(mac);
AF_LMT_INFO("new client mac=" MAC_FMT "\n", MAC_ARRAY(node->mac));
total_mac++;
list_add(&(node->hlist), &af_mac_list_table[index]);
return node;
return node;
}
int is_user_match_enable(void){
int is_user_match_enable(void)
{
return total_mac > 0;
}
int mac_to_hex(u8 *mac, u8 *mac_hex){
int mac_to_hex(u8 *mac, u8 *mac_hex)
{
u32 mac_tmp[MAC_ADDR_LEN];
int ret = 0, i = 0;
ret = sscanf(mac, "%02x:%02x:%02x:%02x:%02x:%02x",
(unsigned int *)&mac_tmp[0],
(unsigned int *)&mac_tmp[1],
(unsigned int *)&mac_tmp[2],
(unsigned int *)&mac_tmp[3],
(unsigned int *)&mac_tmp[4],
(unsigned int *)&mac_tmp[5]);
ret = sscanf(mac, "%02x:%02x:%02x:%02x:%02x:%02x",
(unsigned int *)&mac_tmp[0],
(unsigned int *)&mac_tmp[1],
(unsigned int *)&mac_tmp[2],
(unsigned int *)&mac_tmp[3],
(unsigned int *)&mac_tmp[4],
(unsigned int *)&mac_tmp[5]);
if (MAC_ADDR_LEN != ret)
return -1;
for (i = 0; i < MAC_ADDR_LEN; i++)
@ -213,29 +222,33 @@ int mac_to_hex(u8 *mac, u8 *mac_hex){
}
return 0;
}
int af_set_mac_list(cJSON * data_obj)
int af_set_mac_list(cJSON *data_obj)
{
int i;
int id;
int type;
cJSON *mac_arr = NULL;
u8 mac_hex[MAC_ADDR_LEN] = {0};
if (!data_obj) {
if (!data_obj)
{
AF_ERROR("data obj is null\n");
return -1;
}
cJSON *mac_arr = cJSON_GetObjectItem(data_obj, "mac_list");
if (!mac_arr){
mac_arr = cJSON_GetObjectItem(data_obj, "mac_list");
if (!mac_arr)
{
AF_ERROR("apps obj is null\n");
return -1;
}
af_mac_list_clear();
for (i = 0; i < cJSON_GetArraySize(mac_arr); i++) {
for (i = 0; i < cJSON_GetArraySize(mac_arr); i++)
{
cJSON *mac_obj = cJSON_GetArrayItem(mac_arr, i);
if (!mac_obj){
if (!mac_obj)
{
AF_ERROR("appid obj is null\n");
return -1;
}
if (-1 == mac_to_hex(mac_obj->valuestring, mac_hex)){
if (-1 == mac_to_hex(mac_obj->valuestring, mac_hex))
{
continue;
}
af_mac_add(mac_hex);
@ -247,9 +260,11 @@ int af_set_mac_list(cJSON * data_obj)
void af_init_app_status(void)
{
int i, j;
for (i = 0; i < AF_MAX_APP_TYPE_NUM; i++) {
for (j = 0; j < AF_MAX_APP_NUM; j++) {
for (i = 0; i < AF_MAX_APP_TYPE_NUM; i++)
{
for (j = 0; j < AF_MAX_APP_NUM; j++)
{
af_rule_write_lock();
g_app_id_array[i][j] = AF_FALSE;
af_rule_write_unlock();
@ -282,26 +297,30 @@ clean
*/
int af_config_handle(char *config, unsigned int len)
{
cJSON * config_obj = NULL;
cJSON * cmd_obj = NULL;
cJSON * data_obj = NULL;
if (!config || len == 0) {
cJSON *config_obj = NULL;
cJSON *cmd_obj = NULL;
cJSON *data_obj = NULL;
if (!config || len == 0)
{
AF_ERROR("config or len is invalid\n");
return -1;
}
config_obj = cJSON_Parse(config);
if (!config_obj){
if (!config_obj)
{
AF_ERROR("config_obj is NULL\n");
return -1;
}
cmd_obj = cJSON_GetObjectItem(config_obj, "op");
if (!cmd_obj){
if (!cmd_obj)
{
AF_ERROR("not find op object\n");
return -1;
}
data_obj = cJSON_GetObjectItem(config_obj, "data");
switch(cmd_obj->valueint) {
switch (cmd_obj->valueint)
{
case AF_CMD_ADD_APPID:
if (!data_obj)
break;
@ -324,112 +343,113 @@ int af_config_handle(char *config, unsigned int len)
}
af_show_app_status();
return 0;
}
static int af_cdev_open(struct inode *inode, struct file *filp)
{
struct af_cdev_file *file;
file = vzalloc(sizeof(*file));
if (!file)
return -EINVAL;
struct af_cdev_file *file;
file = vzalloc(sizeof(*file));
if (!file)
return -EINVAL;
mutex_lock(&af_cdev_mutex);
filp->private_data = file;
return 0;
mutex_lock(&af_cdev_mutex);
filp->private_data = file;
return 0;
}
static ssize_t af_cdev_read(struct file *filp, char *buf, size_t count, loff_t *off)
{
return 0;
return 0;
}
static int af_cdev_release(struct inode *inode, struct file *filp)
{
struct af_cdev_file *file = filp->private_data;
AF_DEBUG("config size: %d,data = %s\n", (int)file->size, file->buf);
struct af_cdev_file *file = filp->private_data;
AF_DEBUG("config size: %d,data = %s\n", (int)file->size, file->buf);
af_config_handle(file->buf, file->size);
filp->private_data = NULL;
mutex_unlock(&af_cdev_mutex);
vfree(file);
return 0;
filp->private_data = NULL;
mutex_unlock(&af_cdev_mutex);
vfree(file);
return 0;
}
static ssize_t af_cdev_write(struct file *filp, const char *buffer, size_t count, loff_t *off)
{
struct af_cdev_file *file = filp->private_data;
int ret;
if (file->size + count > sizeof(file->buf)) {
AF_ERROR("config overflow, cur_size: %d, block_size: %d, max_size: %d",
(int)file->size, (int)count, (int)sizeof(file->buf));
return -EINVAL;
}
struct af_cdev_file *file = filp->private_data;
int ret;
if (file->size + count > sizeof(file->buf))
{
AF_ERROR("config overflow, cur_size: %d, block_size: %d, max_size: %d",
(int)file->size, (int)count, (int)sizeof(file->buf));
return -EINVAL;
}
ret = copy_from_user(file->buf + file->size, buffer, count);
if (ret != 0)
return -EINVAL;
ret = copy_from_user(file->buf + file->size, buffer, count);
if (ret != 0)
return -EINVAL;
file->size += count;
return count;
file->size += count;
return count;
}
static struct file_operations af_cdev_ops = {
owner: THIS_MODULE,
release: af_cdev_release,
open: af_cdev_open,
write: af_cdev_write,
read: af_cdev_read,
owner : THIS_MODULE,
release : af_cdev_release,
open : af_cdev_open,
write : af_cdev_write,
read : af_cdev_read,
};
int af_register_dev(void)
{
struct device *dev;
int res;
mutex_init(&af_cdev_mutex);
struct device *dev;
int res;
mutex_init(&af_cdev_mutex);
res = alloc_chrdev_region(&g_af_dev.id, 0, 1, AF_DEV_NAME);
if (res != 0) {
return -EINVAL;
}
res = alloc_chrdev_region(&g_af_dev.id, 0, 1, AF_DEV_NAME);
if (res != 0)
{
return -EINVAL;
}
cdev_init(&g_af_dev.char_dev, &af_cdev_ops);
res = cdev_add(&g_af_dev.char_dev, g_af_dev.id, 1);
if (res < 0) {
goto REGION_OUT;
}
cdev_init(&g_af_dev.char_dev, &af_cdev_ops);
res = cdev_add(&g_af_dev.char_dev, g_af_dev.id, 1);
if (res < 0)
{
goto REGION_OUT;
}
g_af_dev.c= class_create(THIS_MODULE, AF_DEV_NAME);
if (IS_ERR_OR_NULL(g_af_dev.c)) {
goto CDEV_OUT;
}
g_af_dev.c = class_create(THIS_MODULE, AF_DEV_NAME);
if (IS_ERR_OR_NULL(g_af_dev.c))
{
goto CDEV_OUT;
}
dev = device_create(g_af_dev.c, NULL, g_af_dev.id, NULL, AF_DEV_NAME);
if (IS_ERR_OR_NULL(dev)) {
goto CLASS_OUT;
}
dev = device_create(g_af_dev.c, NULL, g_af_dev.id, NULL, AF_DEV_NAME);
if (IS_ERR_OR_NULL(dev))
{
goto CLASS_OUT;
}
AF_INFO("register char dev....ok\n");
return 0;
return 0;
CLASS_OUT:
class_destroy(g_af_dev.c);
class_destroy(g_af_dev.c);
CDEV_OUT:
cdev_del(&g_af_dev.char_dev);
cdev_del(&g_af_dev.char_dev);
REGION_OUT:
unregister_chrdev_region(g_af_dev.id, 1);
AF_ERROR("register char dev....fail\n");
return -EINVAL;
}
unregister_chrdev_region(g_af_dev.id, 1);
AF_ERROR("register char dev....fail\n");
return -EINVAL;
}
void af_unregister_dev(void)
{
device_destroy(g_af_dev.c, g_af_dev.id);
class_destroy(g_af_dev.c);
cdev_del(&g_af_dev.char_dev);
unregister_chrdev_region(g_af_dev.id, 1);
class_destroy(g_af_dev.c);
cdev_del(&g_af_dev.char_dev);
unregister_chrdev_region(g_af_dev.id, 1);
AF_INFO("unregister char dev....ok\n");
}

2
oaf/src/cJSON.c
View File

@ -118,7 +118,7 @@ void cJSON_Delete(cJSON *c)
/* Parse the input text to generate a number, and populate the result into item. */
static const char *parse_number(cJSON *item,const char *num)
{
int n=0,sign=1,scale=0;int subscale=0,signsubscale=1;
int n=0,sign=1;
if (*num=='-') sign=-1,num++; /* Has sign? */
if (*num=='0') num++; /* is zero */