diff --git a/oaf/Makefile b/oaf/Makefile index 7b6fc45..6a51fc2 100755 --- a/oaf/Makefile +++ b/oaf/Makefile @@ -3,9 +3,6 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=oaf -PKG_VERSION:=5.0 -PKG_RELEASE:=1 - include $(INCLUDE_DIR)/package.mk PKG_AUTOLOAD:=oaf diff --git a/oaf/src/af_client.c b/oaf/src/af_client.c index b03f4f2..af0a079 100755 --- a/oaf/src/af_client.c +++ b/oaf/src/af_client.c @@ -25,36 +25,39 @@ #include "app_filter.h" #include "cJSON.h" -DEFINE_RWLOCK(af_client_lock); +DEFINE_RWLOCK(af_client_lock); u32 total_client = 0; struct list_head af_client_list_table[MAX_AF_CLIENT_HASH_SIZE]; int af_send_msg_to_user(char *pbuf, uint16_t len); -static void +static void nf_client_list_init(void) { int i; AF_CLIENT_LOCK_W(); - for(i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i ++){ - INIT_LIST_HEAD(&af_client_list_table[i]); - } + for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++) + { + INIT_LIST_HEAD(&af_client_list_table[i]); + } AF_CLIENT_UNLOCK_W(); AF_INFO("client list init......ok\n"); } -static void +static void nf_client_list_clear(void) { int i; - af_client_info_t * p = NULL; + af_client_info_t *p = NULL; char mac_str[32] = {0}; - + AF_DEBUG("clean list\n"); AF_CLIENT_LOCK_W(); - for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE;i++){ - while(!list_empty(&af_client_list_table[i])){ + for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++) + { + while (!list_empty(&af_client_list_table[i])) + { p = list_first_entry(&af_client_list_table[i], af_client_info_t, hlist); memset(mac_str, 0x0, sizeof(mac_str)); sprintf(mac_str, MAC_FMT, MAC_ARRAY(p->mac)); @@ -66,19 +69,16 @@ nf_client_list_clear(void) AF_CLIENT_UNLOCK_W(); } - void af_client_list_reset_report_num(void) { int i; - af_client_info_t * node = NULL; - char mac_str[32] = {0}; - - AF_INFO("reset report num"); + af_client_info_t *node = NULL; AF_CLIENT_LOCK_W(); - for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE;i++){ - list_for_each_entry(node, &af_client_list_table[i], hlist){ + for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++) + { + list_for_each_entry(node, &af_client_list_table[i], hlist) + { node->report_count = 0; - printk("reset mac="MAC_FMT" report num to 0\n", MAC_ARRAY(node->mac)); } } AF_CLIENT_UNLOCK_W(); @@ -92,73 +92,82 @@ int get_mac_hash_code(unsigned char *mac) return mac[5] & (MAX_AF_CLIENT_HASH_SIZE - 1); } -af_client_info_t * find_af_client(unsigned char *mac) +af_client_info_t *find_af_client(unsigned char *mac) { - af_client_info_t *node; - unsigned int index; + af_client_info_t *node; + unsigned int index; - index = get_mac_hash_code(mac); - list_for_each_entry(node, &af_client_list_table[index], hlist){ - if (0 == memcmp(node->mac, mac, 6)){ + index = get_mac_hash_code(mac); + list_for_each_entry(node, &af_client_list_table[index], hlist) + { + if (0 == memcmp(node->mac, mac, 6)) + { node->update_jiffies = jiffies; return node; - } - } - return NULL; + } + } + return NULL; } af_client_info_t *find_af_client_by_ip(unsigned int ip) { - af_client_info_t *node; + af_client_info_t *node; int i; - - for(i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++){ - list_for_each_entry(node, &af_client_list_table[i], hlist){ - if (node->ip == ip){ + + for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++) + { + list_for_each_entry(node, &af_client_list_table[i], hlist) + { + if (node->ip == ip) + { AF_LMT_DEBUG("match node->ip=%pI4, ip=%pI4\n", &node->ip, &ip); return node; - } - } + } + } } - return NULL; + return NULL; } static af_client_info_t * nf_client_add(unsigned char *mac) { - af_client_info_t *node; + af_client_info_t *node; int index = 0; - + node = (af_client_info_t *)kmalloc(sizeof(af_client_info_t), GFP_ATOMIC); - if (node == NULL) { - AF_ERROR("kmalloc failed\n"); - return NULL; - } + if (node == NULL) + { + AF_ERROR("kmalloc failed\n"); + return NULL; + } memset(node, 0, sizeof(af_client_info_t)); memcpy(node->mac, mac, MAC_ADDR_LEN); - + node->create_jiffies = jiffies; node->update_jiffies = jiffies; - index = get_mac_hash_code(mac); - - AF_LMT_INFO("new client mac="MAC_FMT"\n", MAC_ARRAY(node->mac)); + index = get_mac_hash_code(mac); + + AF_LMT_INFO("new client mac=" MAC_FMT "\n", MAC_ARRAY(node->mac)); total_client++; list_add(&(node->hlist), &af_client_list_table[index]); - return node; + return node; } void check_client_expire(void) { - af_client_info_t *node; + af_client_info_t *node; int i; AF_CLIENT_LOCK_W(); - for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++){ - list_for_each_entry(node, &af_client_list_table[i], hlist) { - AF_DEBUG("mac:"MAC_FMT" update:%lu interval:%lu\n", MAC_ARRAY(node->mac), - node->update_jiffies, (jiffies - node->update_jiffies) / HZ); - if (jiffies > (node->update_jiffies + MAX_CLIENT_ACTIVE_TIME * HZ)) { - AF_INFO("del client:"MAC_FMT"\n", MAC_ARRAY(node->mac)); + for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++) + { + list_for_each_entry(node, &af_client_list_table[i], hlist) + { + AF_DEBUG("mac:" MAC_FMT " update:%lu interval:%lu\n", MAC_ARRAY(node->mac), + node->update_jiffies, (jiffies - node->update_jiffies) / HZ); + if (jiffies > (node->update_jiffies + MAX_CLIENT_ACTIVE_TIME * HZ)) + { + AF_INFO("del client:" MAC_FMT "\n", MAC_ARRAY(node->mac)); list_del(&(node->hlist)); kfree(node); AF_CLIENT_UNLOCK_W(); @@ -177,37 +186,50 @@ void flush_expired_visit_info(af_client_info_t *node) u_int32_t cur_timep = 0; int timeout = 0; cur_timep = af_get_timestamp_sec(); - for (i = 0; i < MAX_RECORD_APP_NUM; i++){ - if (node->visit_info[i].app_id == 0){ + for (i = 0; i < MAX_RECORD_APP_NUM; i++) + { + if (node->visit_info[i].app_id == 0) + { return; } } - for (i = 0; i < MAX_RECORD_APP_NUM; i++){ + for (i = 0; i < MAX_RECORD_APP_NUM; i++) + { if (count >= MAX_EXPIRED_VISIT_INFO_COUNT) break; - - if (node->visit_info[i].total_num > 3){ + + if (node->visit_info[i].total_num > 3) + { timeout = 180; } - else{ + else + { timeout = 60; } - - if (cur_timep - node->visit_info[i].latest_time > timeout){ - // 3?¡§o?¨¤??3y???? + + if (cur_timep - node->visit_info[i].latest_time > timeout) + { + // 3?��o?��??3y???? memset(&node->visit_info[i], 0x0, sizeof(app_visit_info_t)); count++; } } - } -int __af_visit_info_report(af_client_info_t *node){ +int __af_visit_info_report(af_client_info_t *node) +{ unsigned char mac_str[32] = {0}; unsigned char ip_str[32] = {0}; - int i, j; - cJSON *root_obj = cJSON_CreateObject(); - if(!root_obj){ + int i; + int count = 0; + char *out = NULL; + cJSON *visit_obj = NULL; + cJSON *visit_info_array = NULL; + cJSON *root_obj = NULL; + + root_obj = cJSON_CreateObject(); + if (!root_obj) + { AF_ERROR("create json obj failed"); return 0; } @@ -216,35 +238,30 @@ int __af_visit_info_report(af_client_info_t *node){ cJSON_AddStringToObject(root_obj, "mac", mac_str); cJSON_AddStringToObject(root_obj, "ip", ip_str); cJSON_AddNumberToObject(root_obj, "app_num", node->visit_app_num); - cJSON *visit_info_array = cJSON_CreateArray(); - int count = 0; - for(i = 0; i < MAX_RECORD_APP_NUM; i++){ - if(node->visit_info[i].app_id == 0) + visit_info_array = cJSON_CreateArray(); + for (i = 0; i < MAX_RECORD_APP_NUM; i++) + { + if (node->visit_info[i].app_id == 0) continue; - if(node->visit_info[i].total_num < 3) + if (node->visit_info[i].total_num < 3) continue; count++; - cJSON *visit_obj = cJSON_CreateObject(); + visit_obj = cJSON_CreateObject(); cJSON_AddNumberToObject(visit_obj, "appid", node->visit_info[i].app_id); cJSON_AddNumberToObject(visit_obj, "latest_action", node->visit_info[i].latest_action); - //cJSON_AddNumberToObject(visit_obj, "latest_time", node->visit_info[i].latest_time); - //cJSON_AddNumberToObject(visit_obj, "total_num", node->visit_info[i].total_num); - //cJSON_AddNumberToObject(visit_obj, "drop_num", node->visit_info[i].drop_num); - cJSON_AddNumberToObject(visit_obj, "up_bytes", node->visit_info[i].total_up_bytes); - cJSON_AddNumberToObject(visit_obj, "down_bytes", node->visit_info[i].total_down_bytes); - //clear memset((char *)&node->visit_info[i], 0x0, sizeof(app_visit_info_t)); cJSON_AddItemToArray(visit_info_array, visit_obj); } - + cJSON_AddItemToObject(root_obj, "visit_info", visit_info_array); - char *out = cJSON_Print(root_obj); - if(!out) + out = cJSON_Print(root_obj); + if (!out) return 0; - //cJSON_Minify(out); - if (count > 0 || node->report_count == 0){ + cJSON_Minify(out); + if (count > 0 || node->report_count == 0) + { AF_INFO("report:%s count=%d\n", out, node->report_count); node->report_count++; af_send_msg_to_user(out, strlen(out)); @@ -253,13 +270,16 @@ int __af_visit_info_report(af_client_info_t *node){ kfree(out); return 0; } -void af_visit_info_report(void){ - af_client_info_t *node; +void af_visit_info_report(void) +{ + af_client_info_t *node; int i; AF_CLIENT_LOCK_W(); - for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++){ - list_for_each_entry(node, &af_client_list_table[i], hlist) { - //flush_expired_visit_info(node); + for (i = 0; i < MAX_AF_CLIENT_HASH_SIZE; i++) + { + list_for_each_entry(node, &af_client_list_table[i], hlist) + { + // flush_expired_visit_info(node); AF_INFO("report %s\n", node->mac); __af_visit_info_report(node); } @@ -268,24 +288,28 @@ void af_visit_info_report(void){ } static inline int get_packet_dir(struct net_device *in) { - if (0 == strncmp(in->name, "br", 2)){ + if (0 == strncmp(in->name, "br", 2)) + { return PKT_DIR_UP; } - else{ + else + { return PKT_DIR_DOWN; } } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) static u_int32_t af_client_hook(void *priv, - struct sk_buff *skb, - const struct nf_hook_state *state) { + struct sk_buff *skb, + const struct nf_hook_state *state) +{ #else static u_int32_t af_client_hook(unsigned int hook, - struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)){ + struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) +{ #endif struct ethhdr *ethhdr = NULL; unsigned char smac[ETH_ALEN]; @@ -294,53 +318,61 @@ static u_int32_t af_client_hook(unsigned int hook, struct iphdr *iph = NULL; // 4.10-->4.11 nfct-->_nfct -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) struct nf_conn *ct = (struct nf_conn *)skb->_nfct; #else struct nf_conn *ct = (struct nf_conn *)skb->nfct; #endif - if (ct == NULL) { + if (ct == NULL) + { return NF_ACCEPT; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0) - if(!skb->dev) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) + if (!skb->dev) return NF_ACCEPT; pkt_dir = get_packet_dir(skb->dev); #else - if (!in){ + if (!in) + { AF_ERROR("in is NULL\n"); return NF_ACCEPT; } pkt_dir = get_packet_dir(in); #endif - if(PKT_DIR_UP != pkt_dir) + if (PKT_DIR_UP != pkt_dir) return NF_ACCEPT; - ethhdr = eth_hdr(skb); - if (ethhdr) { - memcpy(smac, ethhdr->h_source, ETH_ALEN); - } else { - memcpy(smac, &skb->cb[40], ETH_ALEN); - } + ethhdr = eth_hdr(skb); + if (ethhdr) + { + memcpy(smac, ethhdr->h_source, ETH_ALEN); + } + else + { + memcpy(smac, &skb->cb[40], ETH_ALEN); + } iph = ip_hdr(skb); - if (!iph) { + if (!iph) + { return NF_ACCEPT; } AF_CLIENT_LOCK_W(); nfc = find_af_client(smac); - if (!nfc){ + if (!nfc) + { if (skb->dev) - AF_DEBUG("from dev:%s [%s] %pI4--->%pI4", skb->dev->name, (iph->protocol == IPPROTO_TCP ? "TCP" : "UDP"), - &iph->saddr, &iph->daddr); + AF_DEBUG("from dev:%s [%s] %pI4--->%pI4", skb->dev->name, (iph->protocol == IPPROTO_TCP ? "TCP" : "UDP"), + &iph->saddr, &iph->daddr); nfc = nf_client_add(smac); } - if(nfc && nfc->ip != iph->saddr){ - AF_DEBUG("update node "MAC_FMT" ip %pI4--->%pI4\n", MAC_ARRAY(nfc->mac), &nfc->ip, &iph->saddr); + if (nfc && nfc->ip != iph->saddr) + { + AF_DEBUG("update node " MAC_FMT " ip %pI4--->%pI4\n", MAC_ARRAY(nfc->mac), &nfc->ip, &iph->saddr); nfc->ip = iph->saddr; } AF_CLIENT_UNLOCK_W(); @@ -348,52 +380,47 @@ static u_int32_t af_client_hook(unsigned int hook, return NF_ACCEPT; } - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) static struct nf_hook_ops af_client_ops[] = { { - .hook = af_client_hook, - .pf = PF_INET, - .hooknum = NF_INET_FORWARD, - .priority = NF_IP_PRI_FIRST + 1, + .hook = af_client_hook, + .pf = PF_INET, + .hooknum = NF_INET_FORWARD, + .priority = NF_IP_PRI_FIRST + 1, }, }; #else static struct nf_hook_ops af_client_ops[] = { { - .hook = af_client_hook, - .owner = THIS_MODULE, - .pf = PF_INET, - .hooknum = NF_INET_FORWARD, - .priority = NF_IP_PRI_FIRST + 1, + .hook = af_client_hook, + .owner = THIS_MODULE, + .pf = PF_INET, + .hooknum = NF_INET_FORWARD, + .priority = NF_IP_PRI_FIRST + 1, }, }; #endif - -int af_client_init(void) +int af_client_init(void) { nf_client_list_init(); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0) - nf_register_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops)); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0) + nf_register_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops)); #else nf_register_hooks(af_client_ops, ARRAY_SIZE(af_client_ops)); #endif AF_INFO("init app afclient ........ok\n"); - + return 0; } - void af_client_exit(void) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0) - nf_unregister_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops)); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0) + nf_unregister_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops)); #else nf_unregister_hooks(af_client_ops, ARRAY_SIZE(af_client_ops)); #endif nf_client_list_clear(); - return ; + return; } - - diff --git a/oaf/src/af_client.h b/oaf/src/af_client.h index d56f0c3..9cc2126 100755 --- a/oaf/src/af_client.h +++ b/oaf/src/af_client.h @@ -2,38 +2,37 @@ #define __AF_CLIENT_H__ #include "app_filter.h" -extern rwlock_t af_client_lock; +extern rwlock_t af_client_lock; extern u32 nfc_debug_level; - + #define MAX_AF_CLIENT_HASH_SIZE 64 -#define NF_CLIENT_TIMER_EXPIRE 1 -#define MAX_CLIENT_ACTIVE_TIME 90 +#define NF_CLIENT_TIMER_EXPIRE 1 +#define MAX_CLIENT_ACTIVE_TIME 90 +#define AF_CLIENT_LOCK_R() read_lock_bh(&af_client_lock); +#define AF_CLIENT_UNLOCK_R() read_unlock_bh(&af_client_lock); +#define AF_CLIENT_LOCK_W() write_lock_bh(&af_client_lock); +#define AF_CLIENT_UNLOCK_W() write_unlock_bh(&af_client_lock); -#define AF_CLIENT_LOCK_R() read_lock_bh(&af_client_lock); -#define AF_CLIENT_UNLOCK_R() read_unlock_bh(&af_client_lock); -#define AF_CLIENT_LOCK_W() write_lock_bh(&af_client_lock); -#define AF_CLIENT_UNLOCK_W() write_unlock_bh(&af_client_lock); - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] +#define NIPQUAD(addr) \ + ((unsigned char *)&addr)[0], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[3] #define NIPQUAD_FMT "%u.%u.%u.%u" -enum NFC_PKT_DIR{ +enum NFC_PKT_DIR +{ PKT_DIR_DOWN, PKT_DIR_UP }; - #define MAX_VISIT_HISTORY_TIME 24 #define MAX_RECORD_APP_NUM 64 - -typedef struct app_visit_info{ +typedef struct app_visit_info +{ unsigned int app_id; unsigned int total_num; unsigned int drop_num; @@ -42,27 +41,25 @@ typedef struct app_visit_info{ unsigned int total_down_bytes; unsigned int total_up_bytes; unsigned long history_time[MAX_VISIT_HISTORY_TIME]; - unsigned int action[MAX_VISIT_HISTORY_TIME]; -}app_visit_info_t; + unsigned int action[MAX_VISIT_HISTORY_TIME]; +} app_visit_info_t; -typedef struct af_client_info { - struct list_head hlist; - unsigned char mac[MAC_ADDR_LEN]; - unsigned int ip; - unsigned long create_jiffies; - unsigned long update_jiffies; - unsigned int visit_app_num; +typedef struct af_client_info +{ + struct list_head hlist; + unsigned char mac[MAC_ADDR_LEN]; + unsigned int ip; + unsigned long create_jiffies; + unsigned long update_jiffies; + unsigned int visit_app_num; int report_count; - app_visit_info_t visit_info[MAX_RECORD_APP_NUM]; -}af_client_info_t; - - - + app_visit_info_t visit_info[MAX_RECORD_APP_NUM]; +} af_client_info_t; int af_client_init(void); void af_client_exit(void); -af_client_info_t * find_af_client_by_ip(unsigned int ip); +af_client_info_t *find_af_client_by_ip(unsigned int ip); void check_client_expire(void); diff --git a/oaf/src/af_client_fs.c b/oaf/src/af_client_fs.c index f42020e..6037988 100755 --- a/oaf/src/af_client_fs.c +++ b/oaf/src/af_client_fs.c @@ -24,7 +24,8 @@ #include "af_client.h" extern struct list_head af_client_list_table[MAX_AF_CLIENT_HASH_SIZE]; -struct af_client_iter_state { +struct af_client_iter_state +{ unsigned int bucket; void *head; }; @@ -32,31 +33,37 @@ struct af_client_iter_state { static void *af_client_get_first(struct seq_file *seq) { struct af_client_iter_state *st = seq->private; - for (st->bucket = 0;st->bucket < MAX_AF_CLIENT_HASH_SIZE;st->bucket++){ - if(!list_empty(&(af_client_list_table[st->bucket]))){ - st->head = &(af_client_list_table[st->bucket]); - return af_client_list_table[st->bucket].next; - } + for (st->bucket = 0; st->bucket < MAX_AF_CLIENT_HASH_SIZE; st->bucket++) + { + if (!list_empty(&(af_client_list_table[st->bucket]))) + { + st->head = &(af_client_list_table[st->bucket]); + return af_client_list_table[st->bucket].next; + } } return NULL; } static void *af_client_get_next(struct seq_file *seq, - void *head) + void *head) { struct af_client_iter_state *st = seq->private; - struct hlist_node * node = (struct hlist_node *)head; + struct hlist_node *node = (struct hlist_node *)head; node = node->next; - if (node != st->head){ + if (node != st->head) + { return node; } - else{ + else + { st->bucket++; - for (;st->bucket < MAX_AF_CLIENT_HASH_SIZE;st->bucket++) { - if(!list_empty(&(af_client_list_table[st->bucket]))){ + for (; st->bucket < MAX_AF_CLIENT_HASH_SIZE; st->bucket++) + { + if (!list_empty(&(af_client_list_table[st->bucket]))) + { st->head = &(af_client_list_table[st->bucket]); - return af_client_list_table[st->bucket].next; + return af_client_list_table[st->bucket].next; } } return NULL; @@ -69,23 +76,24 @@ static void *af_client_get_idx(struct seq_file *seq, loff_t pos) if (head) while (pos && (head = af_client_get_next(seq, head))) - pos--; + pos--; return pos ? NULL : head; } static void *af_client_seq_start(struct seq_file *s, loff_t *pos) { - AF_CLIENT_LOCK_R(); - if (*pos == 0){ + AF_CLIENT_LOCK_R(); + if (*pos == 0) + { return SEQ_START_TOKEN; } - + return af_client_get_idx(s, *pos - 1); } static void *af_client_seq_next(struct seq_file *s, void *v, loff_t *pos) -{ +{ (*pos)++; if (v == SEQ_START_TOKEN) return af_client_get_idx(s, 0); @@ -94,39 +102,34 @@ static void *af_client_seq_next(struct seq_file *s, void *v, loff_t *pos) } static void af_client_seq_stop(struct seq_file *s, void *v) -{ -// seq_printf(s, "%s", "]"); - AF_CLIENT_UNLOCK_R(); +{ + AF_CLIENT_UNLOCK_R(); } static int af_client_seq_show(struct seq_file *s, void *v) { unsigned char mac_str[32] = {0}; - unsigned char ip_str[32] = {0}; - static int index = 0; - af_client_info_t *node = (af_client_info_t *)v; - if (v == SEQ_START_TOKEN) { - index = 0; - seq_printf(s, "%-4s %-20s %-20s\n", "Id", "Mac", "Ip"); + unsigned char ip_str[32] = {0}; + static int index = 0; + af_client_info_t *node = (af_client_info_t *)v; + if (v == SEQ_START_TOKEN) + { + index = 0; + seq_printf(s, "%-4s %-20s %-20s\n", "Id", "Mac", "Ip"); return 0; } -// if(index > 0) - // seq_printf(s, "%s", ","); - index++; - sprintf(mac_str, MAC_FMT, MAC_ARRAY(node->mac)); - sprintf(ip_str, "%pI4", &node->ip); - seq_printf(s, "%-4d %-20s %-20s\n", index, mac_str, ip_str); + index++; + sprintf(mac_str, MAC_FMT, MAC_ARRAY(node->mac)); + sprintf(ip_str, "%pI4", &node->ip); + seq_printf(s, "%-4d %-20s %-20s\n", index, mac_str, ip_str); return 0; } - static const struct seq_operations nf_client_seq_ops = { .start = af_client_seq_start, - .next = af_client_seq_next, - .stop = af_client_seq_stop, - .show = af_client_seq_show -}; - + .next = af_client_seq_next, + .stop = af_client_seq_stop, + .show = af_client_seq_show}; static int af_client_open(struct inode *inode, struct file *file) { @@ -139,7 +142,8 @@ static int af_client_open(struct inode *inode, struct file *file) return -ENOMEM; err = seq_open(file, &nf_client_seq_ops); - if (err) { + if (err) + { kfree(iter); return err; } @@ -149,37 +153,34 @@ static int af_client_open(struct inode *inode, struct file *file) return 0; } - -#if LINUX_VERSION_CODE <= KERNEL_VERSION(5,5,0) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(5, 5, 0) static const struct file_operations af_client_fops = { - .owner = THIS_MODULE, - .open = af_client_open, - .read = seq_read, - .llseek = seq_lseek, - .release = seq_release_private, + .owner = THIS_MODULE, + .open = af_client_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release_private, }; #else static const struct proc_ops af_client_fops = { - .proc_flags = PROC_ENTRY_PERMANENT, - .proc_read = seq_read, - .proc_open = af_client_open, - .proc_lseek = seq_lseek, - .proc_release = seq_release_private, + .proc_flags = PROC_ENTRY_PERMANENT, + .proc_read = seq_read, + .proc_open = af_client_open, + .proc_lseek = seq_lseek, + .proc_release = seq_release_private, }; #endif #define AF_CLIENT_PROC_STR "af_client" - int init_af_client_procfs(void) { struct proc_dir_entry *pde; struct net *net = &init_net; - // pde = proc_create(AF_CLIENT_PROC_STR, 0440, net->proc_net, &af_client_fops); - - pde = proc_create(AF_CLIENT_PROC_STR, 0440, net->proc_net, &af_client_fops); + pde = proc_create(AF_CLIENT_PROC_STR, 0440, net->proc_net, &af_client_fops); - if (!pde) { + if (!pde) + { AF_ERROR("nf_client proc file created error\n"); return -1; } @@ -187,8 +188,7 @@ int init_af_client_procfs(void) } void finit_af_client_procfs(void) -{ +{ struct net *net = &init_net; remove_proc_entry(AF_CLIENT_PROC_STR, net->proc_net); } - diff --git a/oaf/src/app_filter.c b/oaf/src/app_filter.c index 5e90e96..ec42554 100755 --- a/oaf/src/app_filter.c +++ b/oaf/src/app_filter.c @@ -17,83 +17,32 @@ #include #include #include - #include "app_filter.h" #include "af_utils.h" #include "af_log.h" #include "af_client.h" #include "af_client_fs.h" +#include "cJSON.h" MODULE_LICENSE("GPL"); MODULE_AUTHOR("destan19@126.com"); MODULE_DESCRIPTION("app filter module"); -MODULE_VERSION("3.0.1"); +MODULE_VERSION("5.0"); struct list_head af_feature_head = LIST_HEAD_INIT(af_feature_head); DEFINE_RWLOCK(af_feature_lock); -#define feature_list_read_lock() read_lock_bh(&af_feature_lock); -#define feature_list_read_unlock() read_unlock_bh(&af_feature_lock); -#define feature_list_write_lock() write_lock_bh(&af_feature_lock); -#define feature_list_write_unlock() write_unlock_bh(&af_feature_lock); - +#define feature_list_read_lock() read_lock_bh(&af_feature_lock); +#define feature_list_read_unlock() read_unlock_bh(&af_feature_lock); +#define feature_list_write_lock() write_lock_bh(&af_feature_lock); +#define feature_list_write_unlock() write_unlock_bh(&af_feature_lock); #define SET_APPID(mark, appid) (mark = appid) #define GET_APPID(mark) (mark) +#define MAX_OAF_NETLINK_MSG_LEN 1024 -#if 0 -static void show_feature_list(void) -{ - af_feature_node_t *n,*node; - unsigned int count = 0; - feature_list_read_lock(); - if(!list_empty(&af_feature_head)) { // handle qos - list_for_each_entry_safe(node, n, &af_feature_head, head) { - count ++; - printk("[%d] id=%d appname:%s, dport:%d, host:%s, request:%s\n", - count, - node->app_id, node->app_name, - node->dport,node->host_url, node->request_url); - int i; - for (i = 0;i < node->pos_num;i++){ - printk("(%d:%x)-->", - node->pos_info[i].pos, - node->pos_info[i].value); - - } - printk("\n----------------------------------------\n\n\n"); - } - } - feature_list_read_unlock(); -} -static af_feature_node_t* af_find_feature(char *app_id) -{ - af_feature_node_t *node; - feature_list_read_lock(); - - if (!list_empty(&af_feature_head)) { - list_for_each_entry(node, &af_feature_head, head) { - if (node->app_id == app_id){ - feature_list_read_unlock(); - return node; - } - } - } - feature_list_read_unlock(); - return NULL; -} -#endif - - - -int __add_app_feature(int appid, - char *name, - int proto, - int src_port, - int dst_port, - char *host_url, - char *request_url, - char *dict) +int __add_app_feature(int appid, char *name, int proto, int src_port, + int dst_port, char *host_url, char *request_url, char *dict) { af_feature_node_t *node = NULL; char *p = dict; @@ -102,11 +51,13 @@ int __add_app_feature(int appid, int index = 0; int value = 0; node = kzalloc(sizeof(af_feature_node_t), GFP_KERNEL); - if (node == NULL) { + if (node == NULL) + { printk("malloc feature memory error\n"); return -1; } - else { + else + { node->app_id = appid; strcpy(node->app_name, name); node->proto = proto; @@ -119,26 +70,29 @@ int __add_app_feature(int appid, begin = dict; index = 0; value = 0; - - while (*p++) { - if (*p == '|'){ + while (*p++) + { + if (*p == '|') + { memset(pos, 0x0, sizeof(pos)); strncpy(pos, begin, p - begin); - k_sscanf(pos, "%d:%x",&index, &value); + k_sscanf(pos, "%d:%x", &index, &value); begin = p + 1; node->pos_info[node->pos_num].pos = index; node->pos_info[node->pos_num].value = value; node->pos_num++; } } - - if (begin != dict) { + + if (begin != dict) + { strncpy(pos, begin, p - begin); } - else{ + else + { strcpy(pos, dict); } - k_sscanf(pos, "%d:%x",&index, &value); + k_sscanf(pos, "%d:%x", &index, &value); node->pos_info[node->pos_num].pos = index; node->pos_info[node->pos_num].value = value; node->pos_num++; @@ -148,12 +102,13 @@ int __add_app_feature(int appid, } return 0; } + //[tcp;;443;baidu.com;;] int add_app_feature(int appid, char *name, char *feature) { char proto_str[16] = {0}; char src_port_str[16] = {0}; - + char dst_port_str[16] = {0}; char host_url[32] = {0}; char request_url[128] = {0}; @@ -164,19 +119,21 @@ int add_app_feature(int appid, char *name, char *feature) int param_num = 0; int dst_port = 0; int src_port = 0; - - if (!name || !feature) { + + if (!name || !feature) + { AF_ERROR("error, name or feature is null\n"); return -1; } // tcp;8000;www.sina.com;0:get_name;00:0a-01:11 - - while(*p++) { + while (*p++) + { if (*p != ';') continue; - - switch(param_num){ - + + switch (param_num) + { + case AF_PROTO_PARAM_INDEX: strncpy(proto_str, begin, p - begin); break; @@ -186,19 +143,20 @@ int add_app_feature(int appid, char *name, char *feature) case AF_DST_PORT_PARAM_INDEX: strncpy(dst_port_str, begin, p - begin); break; - + case AF_HOST_URL_PARAM_INDEX: strncpy(host_url, begin, p - begin); break; - + case AF_REQUEST_URL_PARAM_INDEX: strncpy(request_url, begin, p - begin); break; } - param_num ++; + param_num++; begin = p + 1; } - if (AF_DICT_PARAM_INDEX != param_num && strlen(feature) > MIN_FEATURE_STR_LEN) { + if (AF_DICT_PARAM_INDEX != param_num && strlen(feature) > MIN_FEATURE_STR_LEN) + { AF_ERROR("invalid feature:%s\n", feature); return -1; } @@ -208,50 +166,41 @@ int add_app_feature(int appid, char *name, char *feature) proto = IPPROTO_TCP; else if (0 == strcmp(proto_str, "udp")) proto = IPPROTO_UDP; - else { + else + { AF_DEBUG("proto %s is not support\n", proto_str); return -1; } - sscanf(src_port_str, "%d", &src_port); - sscanf(dst_port_str, "%d", &dst_port); - - __add_app_feature(appid, - name, - proto, - src_port, - dst_port, - host_url, - request_url, - dict); - + __add_app_feature(appid, name, proto, src_port, dst_port, host_url, request_url, dict); return 0; } - void af_init_feature(char *feature_str) { int app_id; char app_name[128] = {0}; char feature_buf[MAX_FEATURE_LINE_LEN] = {0}; char *p = feature_str; - char *pos = NULL; + char *pos = NULL; int len = 0; char *begin = NULL; - char feature[MAX_FEATURE_STR_LEN];; + char feature[MAX_FEATURE_STR_LEN]; - if (strstr(feature_str,"#")) + if (strstr(feature_str, "#")) return; - - k_sscanf(feature_str, "%d%[^:]", &app_id, app_name); - while(*p++) { - if (*p == '['){ + k_sscanf(feature_str, "%d%[^:]", &app_id, app_name); + while (*p++) + { + if (*p == '[') + { pos = p + 1; continue; } - if (*p == ']' && pos != NULL) { + if (*p == ']' && pos != NULL) + { len = p - pos; } } @@ -262,18 +211,21 @@ void af_init_feature(char *feature_str) p = feature_buf; begin = feature_buf; - while(*p++){ - if (*p == ',') { + while (*p++) + { + if (*p == ',') + { memset(feature, 0x0, sizeof(feature)); - strncpy((char *)feature, begin, p - begin); - + strncpy((char *)feature, begin, p - begin); + add_app_feature(app_id, app_name, feature); begin = p + 1; - } + } } - if (p != begin){ + if (p != begin) + { memset(feature, 0x0, sizeof(feature)); - strncpy((char *)feature, begin, p - begin); + strncpy((char *)feature, begin, p - begin); add_app_feature(app_id, app_name, feature); } } @@ -282,43 +234,43 @@ void load_feature_buf_from_file(char **config_buf) { struct inode *inode = NULL; struct file *fp = NULL; - mm_segment_t fs; off_t size; fp = filp_open(AF_FEATURE_CONFIG_FILE, O_RDONLY, 0); - if(IS_ERR(fp)) { + if (IS_ERR(fp)) + { printk("open feature file failed\n"); return; } inode = fp->f_inode; size = inode->i_size; - if (size == 0) { + if (size == 0) + { return; } - *config_buf = (char *) kzalloc( sizeof(char) * size, GFP_KERNEL); - if(NULL == *config_buf ) { + *config_buf = (char *)kzalloc(sizeof(char) * size, GFP_KERNEL); + if (NULL == *config_buf) + { AF_ERROR("alloc buf fail\n"); filp_close(fp, NULL); return; } -#if LINUX_VERSION_CODE <= KERNEL_VERSION(5,7,19) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(5, 7, 19) fs = get_fs(); set_fs(KERNEL_DS); #endif - // 4.14rc3 vfs_read-->kernel_read -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,14,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) kernel_read(fp, *config_buf, size, &(fp->f_pos)); #else vfs_read(fp, *config_buf, size, &(fp->f_pos)); #endif -#if LINUX_VERSION_CODE <= KERNEL_VERSION(5,7,19) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(5, 7, 19) set_fs(fs); #endif - filp_close(fp, NULL); } @@ -328,18 +280,20 @@ int load_feature_config(void) char *p; char *begin; char line[MAX_FEATURE_LINE_LEN] = {0}; - AF_INFO("begin load feature config.....\n"); + load_feature_buf_from_file(&feature_buf); - if (!feature_buf) { + if (!feature_buf) + { AF_ERROR("error, feature buf is null\n"); return -1; } - - p = begin = feature_buf; - while(*p++) { - if (*p == '\n'){ - if (p - begin < MIN_FEATURE_LINE_LEN || p - begin > MAX_FEATURE_LINE_LEN ) { + while (*p++) + { + if (*p == '\n') + { + if (p - begin < MIN_FEATURE_LINE_LEN || p - begin > MAX_FEATURE_LINE_LEN) + { begin = p + 1; continue; } @@ -349,8 +303,9 @@ int load_feature_config(void) begin = p + 1; } } - if (p != begin) { - if (p - begin < MIN_FEATURE_LINE_LEN || p - begin > MAX_FEATURE_LINE_LEN ) + if (p != begin) + { + if (p - begin < MIN_FEATURE_LINE_LEN || p - begin > MAX_FEATURE_LINE_LEN) return 0; memset(line, 0x0, sizeof(line)); strncpy(line, begin, p - begin); @@ -366,7 +321,8 @@ static void af_clean_feature_list(void) { af_feature_node_t *node; feature_list_write_lock(); - while(!list_empty(&af_feature_head)) { + while (!list_empty(&af_feature_head)) + { node = list_first_entry(&af_feature_head, af_feature_node_t, head); list_del(&(node->head)); kfree(node); @@ -374,186 +330,199 @@ static void af_clean_feature_list(void) feature_list_write_unlock(); } - -int parse_flow_base(struct sk_buff *skb, flow_info_t *flow) +int parse_flow_base(struct sk_buff *skb, flow_info_t *flow) { - struct tcphdr * tcph = NULL; - struct udphdr * udph = NULL; + struct tcphdr *tcph = NULL; + struct udphdr *udph = NULL; struct nf_conn *ct = NULL; struct iphdr *iph = NULL; - if (!skb) { + if (!skb) return -1; - } - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0) ct = (struct nf_conn *)skb->_nfct; #else ct = (struct nf_conn *)skb->nfct; #endif - if (!ct) { + if (!ct) return -1; - } iph = ip_hdr(skb); - if (!iph) { + if (!iph) return -1; - } flow->ct = ct; flow->src = iph->saddr; flow->dst = iph->daddr; flow->l4_protocol = iph->protocol; - switch (iph->protocol) { - case IPPROTO_TCP: - tcph = (struct tcphdr *)(iph + 1); - flow->l4_data = skb->data + iph->ihl * 4 + tcph->doff * 4; - flow->l4_len = ntohs(iph->tot_len) - iph->ihl * 4 - tcph->doff * 4; - flow->dport = htons(tcph->dest); - flow->sport = htons(tcph->source); - return 0; - case IPPROTO_UDP: - udph = (struct udphdr *)(iph + 1); - flow->l4_data = skb->data + iph->ihl * 4 + 8; - flow->l4_len = ntohs(udph->len) - 8; - flow->dport = htons(udph->dest); - flow->sport = htons(udph->source); - return 0; - case IPPROTO_ICMP: - break; - default: - return -1; + switch (iph->protocol) + { + case IPPROTO_TCP: + tcph = (struct tcphdr *)(iph + 1); + flow->l4_data = skb->data + iph->ihl * 4 + tcph->doff * 4; + flow->l4_len = ntohs(iph->tot_len) - iph->ihl * 4 - tcph->doff * 4; + flow->dport = htons(tcph->dest); + flow->sport = htons(tcph->source); + return 0; + case IPPROTO_UDP: + udph = (struct udphdr *)(iph + 1); + flow->l4_data = skb->data + iph->ihl * 4 + 8; + flow->l4_len = ntohs(udph->len) - 8; + flow->dport = htons(udph->dest); + flow->sport = htons(udph->source); + return 0; + case IPPROTO_ICMP: + break; + default: + return -1; } return -1; } - -int parse_https_proto(flow_info_t *flow) { - int i ; - short url_len = 0 ; - char * p = flow->l4_data; +int parse_https_proto(flow_info_t *flow) +{ + int i; + short url_len = 0; + char *p = flow->l4_data; int data_len = flow->l4_len; - - if (NULL == flow) { + + if (NULL == flow) + { AF_ERROR("flow is NULL\n"); return -1; } - if (NULL == p || data_len == 0) { + if (NULL == p || data_len == 0) + { return -1; } if (!(p[0] == 0x16 && p[1] == 0x03 && p[2] == 0x01)) return -1; - - for(i = 0; i < data_len; i++) { - if(i + HTTPS_URL_OFFSET >= data_len) { + + for (i = 0; i < data_len; i++) + { + if (i + HTTPS_URL_OFFSET >= data_len) + { return -1; } - - if(p[i] == 0x0 && p[i + 1] == 0x0 && p[i + 2] == 0x0 && p[i + 3] != 0x0) { + + if (p[i] == 0x0 && p[i + 1] == 0x0 && p[i + 2] == 0x0 && p[i + 3] != 0x0) + { // 2 bytes - memcpy(&url_len , p + i + HTTPS_LEN_OFFSET, 2); - if(ntohs(url_len) <= 0 || ntohs(url_len) > data_len) { - continue ; + memcpy(&url_len, p + i + HTTPS_LEN_OFFSET, 2); + if (ntohs(url_len) <= 0 || ntohs(url_len) > data_len) + { + continue; } - - if(i + HTTPS_URL_OFFSET + ntohs(url_len) < data_len) { - //dump_hex("https hex", p, data_len); + if (i + HTTPS_URL_OFFSET + ntohs(url_len) < data_len) + { flow->https.match = AF_TRUE; flow->https.url_pos = p + i + HTTPS_URL_OFFSET; - // dump_str("https url2", flow->https.url_pos, ntohs(url_len)); flow->https.url_len = ntohs(url_len); - return 0; + return 0; } } } return -1; } - -void parse_http_proto(flow_info_t *flow) +void parse_http_proto(flow_info_t *flow) { int i = 0; int start = 0; char *data = NULL; int data_len = 0; - if (!flow) { + if (!flow) + { AF_ERROR("flow is null\n"); return; } - if (flow->l4_protocol != IPPROTO_TCP) { + if (flow->l4_protocol != IPPROTO_TCP) + { return; } data = flow->l4_data; data_len = flow->l4_len; - if (data_len < MIN_HTTP_DATA_LEN) { + if (data_len < MIN_HTTP_DATA_LEN) + { return; } if (flow->sport != 80 && flow->dport != 80) return; - for (i = 0; i < data_len; i++) { - if (data[i] == 0x0d && data[i + 1] == 0x0a){ - if (0 == memcmp(&data[start], "POST ", 5)) { + for (i = 0; i < data_len; i++) + { + if (data[i] == 0x0d && data[i + 1] == 0x0a) + { + if (0 == memcmp(&data[start], "POST ", 5)) + { flow->http.match = AF_TRUE; flow->http.method = HTTP_METHOD_POST; flow->http.url_pos = data + start + 5; flow->http.url_len = i - start - 5; - //dump_str("get request", flow->http.url_pos, flow->http.url_len); } - else if(0 == memcmp(&data[start], "GET ", 4)) { + else if (0 == memcmp(&data[start], "GET ", 4)) + { flow->http.match = AF_TRUE; flow->http.method = HTTP_METHOD_GET; flow->http.url_pos = data + start + 4; flow->http.url_len = i - start - 4; - //dump_str("post request", flow->http.url_pos, flow->http.url_len); } - else if (0 == memcmp(&data[start], "Host:", 5) ){ + else if (0 == memcmp(&data[start], "Host:", 5)) + { flow->http.host_pos = data + start + 6; flow->http.host_len = i - start - 6; - //dump_str("host ", flow->http.host_pos, flow->http.host_len); } - if (data[i + 2] == 0x0d && data[i + 3] == 0x0a){ + if (data[i + 2] == 0x0d && data[i + 3] == 0x0a) + { flow->http.data_pos = data + i + 4; flow->http.data_len = data_len - i - 4; break; } // 0x0d 0x0a - start = i + 2; + start = i + 2; } } } -static void dump_http_flow_info(http_proto_t *http) { - if (!http) { +static void dump_http_flow_info(http_proto_t *http) +{ + if (!http) + { AF_ERROR("http ptr is NULL\n"); - return ; + return; } if (!http->match) - return; - if (http->method == HTTP_METHOD_GET){ - printk("Http method: "HTTP_GET_METHOD_STR"\n"); + return; + if (http->method == HTTP_METHOD_GET) + { + printk("Http method: " HTTP_GET_METHOD_STR "\n"); } - else if (http->method == HTTP_METHOD_POST) { - printk("Http method: "HTTP_POST_METHOD_STR"\n"); + else if (http->method == HTTP_METHOD_POST) + { + printk("Http method: " HTTP_POST_METHOD_STR "\n"); } - if (http->url_len > 0 && http->url_pos){ + if (http->url_len > 0 && http->url_pos) + { dump_str("Request url", http->url_pos, http->url_len); } - if (http->host_len > 0 && http->host_pos){ + if (http->host_len > 0 && http->host_pos) + { dump_str("Host", http->host_pos, http->host_len); } printk("--------------------------------------------------------\n\n\n"); } -static void dump_https_flow_info(https_proto_t *https) { - if (!https) { +static void dump_https_flow_info(https_proto_t *https) +{ + if (!https) + { AF_ERROR("https ptr is NULL\n"); - return ; + return; } if (!https->match) - return; - + return; - if (https->url_len > 0 && https->url_pos){ + if (https->url_len > 0 && https->url_pos) + { dump_str("https server name", https->url_pos, https->url_len); } @@ -561,23 +530,28 @@ static void dump_https_flow_info(https_proto_t *https) { } static void dump_flow_info(flow_info_t *flow) { - if (!flow) { + if (!flow) + { AF_ERROR("flow is null\n"); return; } - if (flow->l4_len > 0){ - AF_LMT_INFO("src="NIPQUAD_FMT",dst="NIPQUAD_FMT",sport: %d, dport: %d, data_len: %d\n", - NIPQUAD(flow->src), NIPQUAD(flow->dst), flow->sport, flow->dport, flow->l4_len); + if (flow->l4_len > 0) + { + AF_LMT_INFO("src=" NIPQUAD_FMT ",dst=" NIPQUAD_FMT ",sport: %d, dport: %d, data_len: %d\n", + NIPQUAD(flow->src), NIPQUAD(flow->dst), flow->sport, flow->dport, flow->l4_len); } - if (flow->l4_protocol == IPPROTO_TCP) { - if (AF_TRUE == flow->http.match) { + if (flow->l4_protocol == IPPROTO_TCP) + { + if (AF_TRUE == flow->http.match) + { printk("-------------------http protocol-------------------------\n"); printk("protocol:TCP , sport: %-8d, dport: %-8d, data_len: %-8d\n", - flow->sport, flow->dport, flow->l4_len); + flow->sport, flow->dport, flow->l4_len); dump_http_flow_info(&flow->http); } - if (AF_TRUE == flow->https.match) { + if (AF_TRUE == flow->https.match) + { printk("-------------------https protocol-------------------------\n"); dump_https_flow_info(&flow->https); } @@ -587,22 +561,28 @@ int af_match_by_pos(flow_info_t *flow, af_feature_node_t *node) { int i; unsigned int pos = 0; - + if (!flow || !node) return AF_FALSE; - if (node->pos_num > 0) { - for (i = 0;i < node->pos_num; i++){ + if (node->pos_num > 0) + { + for (i = 0; i < node->pos_num; i++) + { // -1 - if(node->pos_info[i].pos < 0) { + if (node->pos_info[i].pos < 0) + { pos = flow->l4_len + node->pos_info[i].pos; } - else{ + else + { pos = node->pos_info[i].pos; } - if (pos >= flow->l4_len){ + if (pos >= flow->l4_len) + { return AF_FALSE; - } - if (flow->l4_data[pos] != node->pos_info[i].value){ + } + if (flow->l4_data[pos] != node->pos_info[i].value) + { return AF_FALSE; } } @@ -619,36 +599,39 @@ int af_match_by_url(flow_info_t *flow, af_feature_node_t *node) if (!flow || !node) return AF_FALSE; // match host or https url - if (flow->https.match == AF_TRUE && flow->https.url_pos) { + if (flow->https.match == AF_TRUE && flow->https.url_pos) + { if (flow->https.url_len >= MAX_URL_MATCH_LEN) strncpy(reg_url_buf, flow->https.url_pos, MAX_URL_MATCH_LEN - 1); else strncpy(reg_url_buf, flow->https.url_pos, flow->https.url_len); } - else if (flow->http.match == AF_TRUE && flow->http.host_pos) { + else if (flow->http.match == AF_TRUE && flow->http.host_pos) + { if (flow->http.host_len >= MAX_URL_MATCH_LEN) strncpy(reg_url_buf, flow->http.host_pos, MAX_URL_MATCH_LEN - 1); else strncpy(reg_url_buf, flow->http.host_pos, flow->http.host_len); } - if (strlen(reg_url_buf) > 0 && strlen(node->host_url) > 0 - && regexp_match(node->host_url, reg_url_buf)){ - AF_DEBUG("match url:%s reg = %s, appid=%d\n", - reg_url_buf, node->host_url, node->app_id); + if (strlen(reg_url_buf) > 0 && strlen(node->host_url) > 0 && regexp_match(node->host_url, reg_url_buf)) + { + AF_DEBUG("match url:%s reg = %s, appid=%d\n", + reg_url_buf, node->host_url, node->app_id); return AF_TRUE; } - + // match request url - if (flow->http.match == AF_TRUE && flow->http.url_pos) { + if (flow->http.match == AF_TRUE && flow->http.url_pos) + { memset(reg_url_buf, 0x0, sizeof(reg_url_buf)); if (flow->http.url_len >= MAX_URL_MATCH_LEN) strncpy(reg_url_buf, flow->http.url_pos, MAX_URL_MATCH_LEN - 1); else strncpy(reg_url_buf, flow->http.url_pos, flow->http.url_len); - if(strlen(reg_url_buf) > 0 && strlen(node->request_url) - && regexp_match(node->request_url, reg_url_buf)){ + if (strlen(reg_url_buf) > 0 && strlen(node->request_url) && regexp_match(node->request_url, reg_url_buf)) + { AF_DEBUG("match request:%s reg:%s appid=%d\n", - reg_url_buf, node->request_url, node->app_id); + reg_url_buf, node->request_url, node->app_id); return AF_TRUE; } } @@ -658,7 +641,8 @@ int af_match_by_url(flow_info_t *flow, af_feature_node_t *node) int af_match_one(flow_info_t *flow, af_feature_node_t *node) { int ret = AF_FALSE; - if (!flow || !node){ + if (!flow || !node) + { AF_ERROR("node or flow is NULL\n"); return AF_FALSE; } @@ -667,24 +651,29 @@ int af_match_one(flow_info_t *flow, af_feature_node_t *node) if (flow->l4_len == 0) return AF_FALSE; - if (node->sport != 0 && flow->sport != node->sport ){ + if (node->sport != 0 && flow->sport != node->sport) + { return AF_FALSE; } - if (node->dport != 0 && flow->dport != node->dport) { + if (node->dport != 0 && flow->dport != node->dport) + { return AF_FALSE; } - + if (strlen(node->request_url) > 0 || - strlen(node->host_url) > 0){ + strlen(node->host_url) > 0) + { ret = af_match_by_url(flow, node); } - else if (node->pos_num > 0){ + else if (node->pos_num > 0) + { ret = af_match_by_pos(flow, node); } - else{ + else + { AF_DEBUG("node is empty, match sport:%d,dport:%d, appid = %d\n", - node->sport, node->dport, node->app_id); + node->sport, node->dport, node->app_id); return AF_TRUE; } return ret; @@ -692,33 +681,38 @@ int af_match_one(flow_info_t *flow, af_feature_node_t *node) int app_filter_match(flow_info_t *flow) { - af_feature_node_t *n,*node; + af_feature_node_t *n, *node; af_client_info_t *client = NULL; feature_list_read_lock(); - if(!list_empty(&af_feature_head)) { - list_for_each_entry_safe(node, n, &af_feature_head, head) { - if(af_match_one(flow, node)) + if (!list_empty(&af_feature_head)) + { + list_for_each_entry_safe(node, n, &af_feature_head, head) + { + if (af_match_one(flow, node)) { flow->app_id = node->app_id; strncpy(flow->app_name, node->app_name, sizeof(flow->app_name) - 1); client = find_af_client_by_ip(flow->src); - if (!client){ + if (!client) + { goto EXIT; } - if (is_user_match_enable() && !find_af_mac(client->mac)){ - AF_DEBUG("not match mac:"MAC_FMT"\n", MAC_ARRAY(client->mac)); + if (is_user_match_enable() && !find_af_mac(client->mac)) + { + AF_DEBUG("not match mac:" MAC_FMT "\n", MAC_ARRAY(client->mac)); goto EXIT; } - if (af_get_app_status(node->app_id)){ + if (af_get_app_status(node->app_id)) + { flow->drop = AF_TRUE; feature_list_read_unlock(); return AF_TRUE; } - else { + else + { goto EXIT; } } - } } EXIT: @@ -729,12 +723,13 @@ EXIT: #define APP_FILTER_DROP_BITS 0x80000000 - - -static int af_get_visit_index(af_client_info_t *node, int app_id){ +static int af_get_visit_index(af_client_info_t *node, int app_id) +{ int i; - for(i = 0; i < MAX_RECORD_APP_NUM; i++){ - if(node->visit_info[i].app_id == app_id || node->visit_info[i].app_id == 0){ + for (i = 0; i < MAX_RECORD_APP_NUM; i++) + { + if (node->visit_info[i].app_id == app_id || node->visit_info[i].app_id == 0) + { return i; } } @@ -742,151 +737,122 @@ static int af_get_visit_index(af_client_info_t *node, int app_id){ return 0; } - int __af_update_client_app_info(flow_info_t *flow, af_client_info_t *node) { - int i; int index = -1; - if(!node) + if (!node) return -1; - if(!flow) + if (!flow) return -1; - int found = 0; index = af_get_visit_index(node, flow->app_id); - if(index < 0 || index >= MAX_RECORD_APP_NUM){ + if (index < 0 || index >= MAX_RECORD_APP_NUM) + { AF_ERROR("invalid index:%d\n\n", index); return 0; } // todo: up bytes node->visit_info[index].total_down_bytes += flow->l4_len + 66; - //AF_ERROR("%s %pI4(%d)--> %pI4(%d) len = %d\n ", IPPROTO_TCP == flow->l4_protocol ? "tcp" :"udp", - // &flow->src, flow->sport, &flow->dst, flow->dport, flow->l4_len); -// AF_ERROR("index = %d, appid:%d, total:%d KB, cur len=%d\n",index, - /// flow->app_id, node->visit_info[index].total_down_bytes / 1024, flow->l4_len); - //} node->visit_info[index].total_num++; - if(flow->drop) + if (flow->drop) node->visit_info[index].drop_num++; - + node->visit_info[index].app_id = flow->app_id; node->visit_info[index].latest_time = af_get_timestamp_sec(); node->visit_info[index].latest_action = flow->drop; - AF_INFO("[%d] %pI4 visit %s(%d), time=%d action=%s, %d/%d\n", index, &node->ip, flow->app_name, flow->app_id, - node->visit_info[index].latest_time, node->visit_info[index].latest_action ? "Drop" : "Accept", - node->visit_info[index].drop_num, node->visit_info[index].total_num); - // todo: history return 0; } void af_update_client_app_info(flow_info_t *flow) { - int i; - int index = 0; af_client_info_t *node = NULL; - if(!flow) + if (!flow) return; - if(flow->app_id <= 0) + if (flow->app_id <= 0) return; AF_CLIENT_LOCK_W(); node = find_af_client_by_ip(flow->src); - if(node){ + if (node) + { __af_update_client_app_info(flow, node); } AF_CLIENT_UNLOCK_W(); } - - int af_send_msg_to_user(char *pbuf, uint16_t len); - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) static u_int32_t app_filter_hook(void *priv, - struct sk_buff *skb, - const struct nf_hook_state *state) { + struct sk_buff *skb, + const struct nf_hook_state *state) +{ #else static u_int32_t app_filter_hook(unsigned int hook, - struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)){ + struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) +{ #endif - static int bytes1 = 0; unsigned long long total_packets = 0; flow_info_t flow; -// 4.10-->4.11 nfct-->_nfct -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0) - struct nf_conn *ct = (struct nf_conn *)skb->_nfct; -#else - struct nf_conn *ct = (struct nf_conn *)skb->nfct; -#endif - if (!g_oaf_enable){ - return NF_ACCEPT; - } - if(ct == NULL) { - return NF_ACCEPT; - } - if(!nf_ct_is_confirmed(ct)){ - - return NF_ACCEPT; - } - -#if defined(CONFIG_NF_CONNTRACK_MARK) - if(ct->mark != 0){ - //AF_LMT_ERROR("mark = %x, appid = %x\n", ct->mark, GET_APPID(ct->mark)); - if(APP_FILTER_DROP_BITS == (ct->mark & APP_FILTER_DROP_BITS)){ - return NF_DROP; - } -} -#endif -#if 0 -// 3.12.74-->3.13-rc1 -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,13,0) + enum ip_conntrack_info ctinfo; + struct nf_conn *ct = NULL; struct nf_conn_acct *acct; + if (!g_oaf_enable) + return NF_ACCEPT; + + ct = nf_ct_get(skb, &ctinfo); + if (ct == NULL) + return NF_ACCEPT; + +#if defined(CONFIG_NF_CONNTRACK_MARK) + if (ct->mark != 0) + { + if (APP_FILTER_DROP_BITS == (ct->mark & APP_FILTER_DROP_BITS)) + return NF_DROP; + } +#endif +// 3.12.74-->3.13-rc1 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0) acct = nf_conn_acct_find(ct); if(!acct) return NF_ACCEPT; total_packets = (unsigned long long)atomic64_read(&acct->counter[IP_CT_DIR_ORIGINAL].packets) + (unsigned long long)atomic64_read(&acct->counter[IP_CT_DIR_REPLY].packets); #else - struct nf_conn_counter *counter; counter = nf_conn_acct_find(ct); - if (!counter) return NF_ACCEPT; - total_packets = (unsigned long long)atomic64_read(&counter[IP_CT_DIR_ORIGINAL].packets) + (unsigned long long)atomic64_read(&counter[IP_CT_DIR_REPLY].packets); - #endif if(total_packets > MAX_PARSE_PKT_NUM){ return NF_ACCEPT; } -#endif memset((char *)&flow, 0x0, sizeof(flow_info_t)); - if(parse_flow_base(skb, &flow) < 0){ + if (parse_flow_base(skb, &flow) < 0) return NF_ACCEPT; - } -// int appid = GET_APPID(ct->mark); parse_http_proto(&flow); parse_https_proto(&flow); if (TEST_MODE()) dump_flow_info(&flow); app_filter_match(&flow); - if (flow.app_id != 0){ - //SET_APPID(ct->mark, flow.app_id); - if (flow.app_id > 1000 && flow.app_id <= 8999){ + if (flow.app_id != 0) + { + if (flow.app_id > 1000 && flow.app_id <= 8999) + { af_update_client_app_info(&flow); - AF_LMT_INFO("match %s %pI4(%d)--> %pI4(%d) len = %d, %d\n ", IPPROTO_TCP == flow.l4_protocol ? "tcp" :"udp", + AF_LMT_INFO("match %s %pI4(%d)--> %pI4(%d) len = %d, %d\n ", IPPROTO_TCP == flow.l4_protocol ? "tcp" : "udp", &flow.src, flow.sport, &flow.dst, flow.dport, skb->len, flow.app_id); } } - if(flow.drop){ + if (flow.drop) + { #if defined(CONFIG_NF_CONNTRACK_MARK) ct->mark |= APP_FILTER_DROP_BITS; #endif @@ -896,52 +862,32 @@ static u_int32_t app_filter_hook(unsigned int hook, return NF_ACCEPT; } - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) static struct nf_hook_ops app_filter_ops[] __read_mostly = { { - .hook = app_filter_hook, - .pf = PF_INET, - .hooknum = NF_INET_FORWARD, - .priority = NF_IP_PRI_MANGLE + 1, + .hook = app_filter_hook, + .pf = PF_INET, + .hooknum = NF_INET_FORWARD, + .priority = NF_IP_PRI_MANGLE + 1, }, }; #else static struct nf_hook_ops app_filter_ops[] __read_mostly = { { - .hook = app_filter_hook, - .owner = THIS_MODULE, - .pf = PF_INET, - .hooknum = NF_INET_FORWARD, - .priority = NF_IP_PRI_MANGLE + 1, + .hook = app_filter_hook, + .owner = THIS_MODULE, + .pf = PF_INET, + .hooknum = NF_INET_FORWARD, + .priority = NF_IP_PRI_MANGLE + 1, }, }; #endif -#include "cJSON.h" -void TEST_cJSON(void) -{ - cJSON * root = NULL; - char *out = NULL; - root = cJSON_CreateObject(); - if (!root) { - AF_ERROR("create obj failed\n"); - return; - } - cJSON_AddNumberToObject(root, "id", 123); - cJSON_AddStringToObject(root, "name", "derry"); - out = cJSON_Print(root); - printk("out = %s\n", out); - cJSON_Delete(root); - kfree(out); -} - - -struct timer_list oaf_timer; +struct timer_list oaf_timer; int report_flag = 0; #define OAF_TIMER_INTERVAL 1 -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,15,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0) static void oaf_timer_func(struct timer_list *t) #else static void oaf_timer_func(unsigned long ptr) @@ -950,132 +896,132 @@ static void oaf_timer_func(unsigned long ptr) static int count = 0; if (count % 60 == 0) check_client_expire(); - if (count % 60 == 0 || report_flag){ + if (count % 60 == 0 || report_flag) + { report_flag = 0; af_visit_info_report(); } count++; - mod_timer(&oaf_timer, jiffies + OAF_TIMER_INTERVAL * HZ); + mod_timer(&oaf_timer, jiffies + OAF_TIMER_INTERVAL * HZ); } - void init_oaf_timer(void) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,15,0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0) timer_setup(&oaf_timer, oaf_timer_func, 0); #else - setup_timer(&oaf_timer, oaf_timer_func, OAF_TIMER_INTERVAL * HZ); + setup_timer(&oaf_timer, oaf_timer_func, OAF_TIMER_INTERVAL * HZ); #endif - mod_timer(&oaf_timer, jiffies + OAF_TIMER_INTERVAL * HZ); + mod_timer(&oaf_timer, jiffies + OAF_TIMER_INTERVAL * HZ); AF_INFO("init oaf timer...ok"); } void fini_oaf_timer(void) { - del_timer_sync(&oaf_timer); + del_timer_sync(&oaf_timer); AF_INFO("del oaf timer...ok"); } - static struct sock *oaf_sock = NULL; - int af_send_msg_to_user(char *pbuf, uint16_t len) { - struct sk_buff *nl_skb; - struct nlmsghdr *nlh; - - int ret; - if (len > MAX_OAF_NL_MSG_LEN){ - - return -1; - } - - nl_skb = nlmsg_new(len + sizeof(struct af_msg_hdr), GFP_ATOMIC); - if(!nl_skb) - { - printk("netlink alloc failure\n"); - return -1; - } - - nlh = nlmsg_put(nl_skb, 0, 0, OAF_NETLINK_ID, len + sizeof(struct af_msg_hdr), 0); - if(nlh == NULL) - { - printk("error, nlh is NULL\n"); - nlmsg_free(nl_skb); - return -1; - } - + struct sk_buff *nl_skb; + struct nlmsghdr *nlh; + //todo: kmalloc char msg_buf[MAX_OAF_NL_MSG_LEN] = {0}; - struct af_msg_hdr *hdr = (struct af_msg_hdr *)msg_buf; + struct af_msg_hdr *hdr = NULL; + char *p_data = NULL; + int ret; + if (len >= MAX_OAF_NL_MSG_LEN) + return -1; + + memset(msg_buf, 0x0, sizeof(msg_buf)); + nl_skb = nlmsg_new(len + sizeof(struct af_msg_hdr), GFP_ATOMIC); + if (!nl_skb) + { + printk("netlink alloc failure\n"); + return -1; + } + + nlh = nlmsg_put(nl_skb, 0, 0, OAF_NETLINK_ID, len + sizeof(struct af_msg_hdr), 0); + if (nlh == NULL) + { + printk("error, nlh is NULL\n"); + nlmsg_free(nl_skb); + return -1; + } + + hdr = (struct af_msg_hdr *)msg_buf; hdr->magic = 0xa0b0c0d0; hdr->len = len; - char *p_data = msg_buf + sizeof(struct af_msg_hdr); + p_data = msg_buf + sizeof(struct af_msg_hdr); memcpy(p_data, pbuf, len); - memcpy(nlmsg_data(nlh), msg_buf, len + sizeof(struct af_msg_hdr)); - ret = netlink_unicast(oaf_sock, nl_skb, 999, MSG_DONTWAIT); - return ret; + memcpy(nlmsg_data(nlh), msg_buf, len + sizeof(struct af_msg_hdr)); + ret = netlink_unicast(oaf_sock, nl_skb, 999, MSG_DONTWAIT); + return ret; } -#define MAX_OAF_NETLINK_MSG_LEN 1024 -static void oaf_user_msg_handle(af_msg_t *msg){ - printk("oaf msg handle, action = %d\n", msg->action); - switch(msg->action){ - case AF_MSG_INIT: - printk("module init.........\n"); - af_client_list_reset_report_num(); - report_flag = 1; - break; - default: - break; +static void oaf_user_msg_handle(af_msg_t *msg) +{ + switch (msg->action) + { + case AF_MSG_INIT: + af_client_list_reset_report_num(); + report_flag = 1; + break; + default: + break; } } static void oaf_msg_rcv(struct sk_buff *skb) { - struct nlmsghdr *nlh = NULL; - char *umsg = NULL; - printk("recv user msg\n"); - if(skb->len >= nlmsg_total_size(0)) - { - nlh = nlmsg_hdr(skb); - umsg = NLMSG_DATA(nlh); - - struct af_msg_hdr *af_hdr = (struct af_msg_hdr *)umsg; - if (af_hdr->magic != 0xa0b0c0d0){ + struct nlmsghdr *nlh = NULL; + char *umsg = NULL; + void *udata = NULL; + struct af_msg_hdr *af_hdr = NULL; + if (skb->len >= nlmsg_total_size(0)) + { + nlh = nlmsg_hdr(skb); + umsg = NLMSG_DATA(nlh); + af_hdr = (struct af_msg_hdr *)umsg; + if (af_hdr->magic != 0xa0b0c0d0) + { printk("magic error %x\n", af_hdr->magic); return; } - if (af_hdr->len <= 0 || af_hdr->len >= MAX_OAF_NETLINK_MSG_LEN){ + if (af_hdr->len <= 0 || af_hdr->len >= MAX_OAF_NETLINK_MSG_LEN) + { printk("data len error\n"); return; } - void *udata = umsg + sizeof(struct af_msg_hdr); + udata = umsg + sizeof(struct af_msg_hdr); - if(udata) - oaf_user_msg_handle((af_msg_t *)udata); - } + if (udata) + oaf_user_msg_handle((af_msg_t *)udata); + } } int netlink_oaf_init(void) { - struct netlink_kernel_cfg nl_cfg = {0}; - nl_cfg.input = oaf_msg_rcv; - oaf_sock = netlink_kernel_create(&init_net, OAF_NETLINK_ID, &nl_cfg); + struct netlink_kernel_cfg nl_cfg = {0}; + nl_cfg.input = oaf_msg_rcv; + oaf_sock = netlink_kernel_create(&init_net, OAF_NETLINK_ID, &nl_cfg); - if (NULL == oaf_sock) - { + if (NULL == oaf_sock) + { AF_ERROR("init oaf netlink failed, id=%d\n", OAF_NETLINK_ID); - return -1; - } - AF_INFO("init oaf netlink ok, id = %d\n", OAF_NETLINK_ID); - return 0; + return -1; + } + AF_INFO("init oaf netlink ok, id = %d\n", OAF_NETLINK_ID); + return 0; } - static int __init app_filter_init(void) { - printk("appfilter version:"AF_VERSION"\n"); - if (0 != load_feature_config()){ + printk("appfilter version:" AF_VERSION "\n"); + if (0 != load_feature_config()) + { printk("load feature failed\n"); return -1; } @@ -1085,28 +1031,24 @@ static int __init app_filter_init(void) af_register_dev(); af_mac_list_init(); af_init_app_status(); - init_af_client_procfs(); -// show_feature_list(); af_client_init(); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0) - nf_register_net_hooks(&init_net, app_filter_ops, ARRAY_SIZE(app_filter_ops)); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0) + nf_register_net_hooks(&init_net, app_filter_ops, ARRAY_SIZE(app_filter_ops)); #else nf_register_hooks(app_filter_ops, ARRAY_SIZE(app_filter_ops)); #endif init_oaf_timer(); - AF_INFO("init app filter ........ok\n"); return 0; } - static void app_filter_fini(void) { AF_INFO("app filter module exit\n"); fini_oaf_timer(); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0) - nf_unregister_net_hooks(&init_net, app_filter_ops, ARRAY_SIZE(app_filter_ops)); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0) + nf_unregister_net_hooks(&init_net, app_filter_ops, ARRAY_SIZE(app_filter_ops)); #else nf_unregister_hooks(app_filter_ops, ARRAY_SIZE(app_filter_ops)); #endif @@ -1117,12 +1059,10 @@ static void app_filter_fini(void) af_log_exit(); af_client_exit(); finit_af_client_procfs(); - if (oaf_sock) - netlink_kernel_release(oaf_sock); - return ; + if (oaf_sock) + netlink_kernel_release(oaf_sock); + return; } - module_init(app_filter_init); module_exit(app_filter_fini); - diff --git a/oaf/src/app_filter.h b/oaf/src/app_filter.h index 4312c01..fd59d8a 100755 --- a/oaf/src/app_filter.h +++ b/oaf/src/app_filter.h @@ -1,10 +1,10 @@ #ifndef APP_FILTER_H #define APP_FILTER_H -#define AF_VERSION "5.0.1" +#define AF_VERSION "5.0" #define AF_FEATURE_CONFIG_FILE "/tmp/feature.cfg" -#define MAX_PARSE_PKT_NUM 16 +#define MAX_PARSE_PKT_NUM 64 #define MIN_HTTP_DATA_LEN 16 #define MAX_APP_NAME_LEN 64 #define MAX_FEATURE_NUM_PER_APP 16 @@ -92,7 +92,7 @@ typedef struct https_proto{ }https_proto_t; typedef struct flow_info{ - struct nf_conn *ct; // ���Ӹ���ָ�� + struct nf_conn *ct; u_int32_t src; u_int32_t dst; int l4_protocol; diff --git a/oaf/src/app_filter_config.c b/oaf/src/app_filter_config.c index 023a0d5..58a07d9 100755 --- a/oaf/src/app_filter_config.c +++ b/oaf/src/app_filter_config.c @@ -22,26 +22,28 @@ DEFINE_RWLOCK(af_rule_lock); -#define af_rule_read_lock() read_lock_bh(&af_rule_lock); -#define af_rule_read_unlock() read_unlock_bh(&af_rule_lock); -#define af_rule_write_lock() write_lock_bh(&af_rule_lock); -#define af_rule_write_unlock() write_unlock_bh(&af_rule_lock); - +#define af_rule_read_lock() read_lock_bh(&af_rule_lock); +#define af_rule_read_unlock() read_unlock_bh(&af_rule_lock); +#define af_rule_write_lock() write_lock_bh(&af_rule_lock); +#define af_rule_write_unlock() write_unlock_bh(&af_rule_lock); static struct mutex af_cdev_mutex; -struct af_config_dev { - dev_t id; - struct cdev char_dev; - struct class *c; +struct af_config_dev +{ + dev_t id; + struct cdev char_dev; + struct class *c; }; struct af_config_dev g_af_dev; -struct af_cdev_file { - size_t size; - char buf[256 << 10]; +struct af_cdev_file +{ + size_t size; + char buf[256 << 10]; }; - -enum AF_CONFIG_CMD{ + +enum AF_CONFIG_CMD +{ AF_CMD_ADD_APPID = 1, AF_CMD_DEL_APPID, AF_CMD_CLEAN_APPID, @@ -50,89 +52,92 @@ enum AF_CONFIG_CMD{ char g_app_id_array[AF_MAX_APP_TYPE_NUM][AF_MAX_APP_NUM] = {0}; - void af_show_app_status(void) { int i, j; AF_DEBUG("#########show app status##########\n"); - for (i = 0; i < AF_MAX_APP_TYPE_NUM; i++) { - for (j = 0; j < AF_MAX_APP_NUM; j++) { - + for (i = 0; i < AF_MAX_APP_TYPE_NUM; i++) + { + for (j = 0; j < AF_MAX_APP_NUM; j++) + { + af_rule_read_lock(); - if (g_app_id_array[i][j] == AF_TRUE) { + if (g_app_id_array[i][j] == AF_TRUE) + { AF_DEBUG("%d, %d\n", i, j); } af_rule_read_unlock(); } } - + AF_DEBUG("\n\n\n"); } -int af_change_app_status(cJSON * data_obj, int status) +int af_change_app_status(cJSON *data_obj, int status) { int i; int id; int type; - if (!data_obj) { + cJSON *appid_arr = NULL; + if (!data_obj) + { AF_ERROR("data obj is null\n"); return -1; } - cJSON *appid_arr = cJSON_GetObjectItem(data_obj, "apps"); - if (!appid_arr){ + appid_arr = cJSON_GetObjectItem(data_obj, "apps"); + if (!appid_arr) + { AF_ERROR("apps obj is null\n"); return -1; } - for (i = 0; i < cJSON_GetArraySize(appid_arr); i++) { + for (i = 0; i < cJSON_GetArraySize(appid_arr); i++) + { cJSON *appid_obj = cJSON_GetArrayItem(appid_arr, i); - if (!appid_obj){ - AF_ERROR("appid obj is null\n"); + if (!appid_obj) return -1; - } id = AF_APP_ID(appid_obj->valueint); type = AF_APP_TYPE(appid_obj->valueint); - AF_DEBUG("appid:%d, type = %d, id = %d\n", appid_obj->valueint, type, id); - af_rule_write_lock(); g_app_id_array[type][id] = status; af_rule_write_unlock(); } - + return 0; } -DEFINE_RWLOCK(af_mac_lock); +DEFINE_RWLOCK(af_mac_lock); #define MAX_AF_MAC_HASH_SIZE 64 -#define AF_MAC_LOCK_R() read_lock_bh(&af_mac_lock); -#define AF_MAC_UNLOCK_R() read_unlock_bh(&af_mac_lock); -#define AF_MAC_LOCK_W() write_lock_bh(&af_mac_lock); -#define AF_MAC_UNLOCK_W() write_unlock_bh(&af_mac_lock); +#define AF_MAC_LOCK_R() read_lock_bh(&af_mac_lock); +#define AF_MAC_UNLOCK_R() read_unlock_bh(&af_mac_lock); +#define AF_MAC_LOCK_W() write_lock_bh(&af_mac_lock); +#define AF_MAC_UNLOCK_W() write_unlock_bh(&af_mac_lock); u32 total_mac = 0; struct list_head af_mac_list_table[MAX_AF_MAC_HASH_SIZE]; -void -af_mac_list_init(void) +void af_mac_list_init(void) { int i; AF_MAC_LOCK_W(); - for(i = 0; i < MAX_AF_MAC_HASH_SIZE; i ++){ - INIT_LIST_HEAD(&af_mac_list_table[i]); - } + for (i = 0; i < MAX_AF_MAC_HASH_SIZE; i++) + { + INIT_LIST_HEAD(&af_mac_list_table[i]); + } AF_MAC_UNLOCK_W(); AF_INFO("client list init......ok\n"); } -void -af_mac_list_clear(void) +void af_mac_list_clear(void) { int i; - af_mac_info_t * p = NULL; + af_mac_info_t *p = NULL; char mac_str[32] = {0}; - + AF_DEBUG("clean list\n"); AF_MAC_LOCK_W(); - for (i = 0; i < MAX_AF_MAC_HASH_SIZE;i++){ - while(!list_empty(&af_mac_list_table[i])){ + for (i = 0; i < MAX_AF_MAC_HASH_SIZE; i++) + { + while (!list_empty(&af_mac_list_table[i])) + { p = list_first_entry(&af_mac_list_table[i], af_mac_info_t, hlist); memset(mac_str, 0x0, sizeof(mac_str)); sprintf(mac_str, MAC_FMT, MAC_ARRAY(p->mac)); @@ -145,7 +150,6 @@ af_mac_list_clear(void) AF_MAC_UNLOCK_W(); } - int hash_mac(unsigned char *mac) { if (!mac) @@ -154,57 +158,62 @@ int hash_mac(unsigned char *mac) return mac[5] & (MAX_AF_MAC_HASH_SIZE - 1); } -af_mac_info_t * find_af_mac(unsigned char *mac) +af_mac_info_t *find_af_mac(unsigned char *mac) { - af_mac_info_t *node; - unsigned int index; + af_mac_info_t *node; + unsigned int index; - index = hash_mac(mac); - list_for_each_entry(node, &af_mac_list_table[index], hlist){ - if (0 == memcmp(node->mac, mac, 6)){ - AF_DEBUG("match mac:"MAC_FMT"\n", MAC_ARRAY(node->mac)); + index = hash_mac(mac); + list_for_each_entry(node, &af_mac_list_table[index], hlist) + { + if (0 == memcmp(node->mac, mac, 6)) + { + AF_DEBUG("match mac:" MAC_FMT "\n", MAC_ARRAY(node->mac)); return node; - } - } - return NULL; + } + } + return NULL; } static af_mac_info_t * af_mac_add(unsigned char *mac) { - af_mac_info_t *node; + af_mac_info_t *node; int index = 0; - + node = (af_mac_info_t *)kmalloc(sizeof(af_mac_info_t), GFP_ATOMIC); - if (node == NULL) { - AF_ERROR("kmalloc failed\n"); - return NULL; - } + if (node == NULL) + { + AF_ERROR("kmalloc failed\n"); + return NULL; + } memset(node, 0, sizeof(af_mac_info_t)); memcpy(node->mac, mac, MAC_ADDR_LEN); - - index = hash_mac(mac); - - AF_LMT_INFO("new client mac="MAC_FMT"\n", MAC_ARRAY(node->mac)); + + index = hash_mac(mac); + + AF_LMT_INFO("new client mac=" MAC_FMT "\n", MAC_ARRAY(node->mac)); total_mac++; list_add(&(node->hlist), &af_mac_list_table[index]); - return node; + return node; } -int is_user_match_enable(void){ +int is_user_match_enable(void) +{ return total_mac > 0; } -int mac_to_hex(u8 *mac, u8 *mac_hex){ +int mac_to_hex(u8 *mac, u8 *mac_hex) +{ u32 mac_tmp[MAC_ADDR_LEN]; int ret = 0, i = 0; - ret = sscanf(mac, "%02x:%02x:%02x:%02x:%02x:%02x", - (unsigned int *)&mac_tmp[0], - (unsigned int *)&mac_tmp[1], - (unsigned int *)&mac_tmp[2], - (unsigned int *)&mac_tmp[3], - (unsigned int *)&mac_tmp[4], - (unsigned int *)&mac_tmp[5]); + ret = sscanf(mac, "%02x:%02x:%02x:%02x:%02x:%02x", + (unsigned int *)&mac_tmp[0], + (unsigned int *)&mac_tmp[1], + (unsigned int *)&mac_tmp[2], + (unsigned int *)&mac_tmp[3], + (unsigned int *)&mac_tmp[4], + (unsigned int *)&mac_tmp[5]); if (MAC_ADDR_LEN != ret) return -1; for (i = 0; i < MAC_ADDR_LEN; i++) @@ -213,29 +222,33 @@ int mac_to_hex(u8 *mac, u8 *mac_hex){ } return 0; } -int af_set_mac_list(cJSON * data_obj) +int af_set_mac_list(cJSON *data_obj) { int i; - int id; - int type; + cJSON *mac_arr = NULL; u8 mac_hex[MAC_ADDR_LEN] = {0}; - if (!data_obj) { + if (!data_obj) + { AF_ERROR("data obj is null\n"); return -1; } - cJSON *mac_arr = cJSON_GetObjectItem(data_obj, "mac_list"); - if (!mac_arr){ + mac_arr = cJSON_GetObjectItem(data_obj, "mac_list"); + if (!mac_arr) + { AF_ERROR("apps obj is null\n"); return -1; } af_mac_list_clear(); - for (i = 0; i < cJSON_GetArraySize(mac_arr); i++) { + for (i = 0; i < cJSON_GetArraySize(mac_arr); i++) + { cJSON *mac_obj = cJSON_GetArrayItem(mac_arr, i); - if (!mac_obj){ + if (!mac_obj) + { AF_ERROR("appid obj is null\n"); return -1; } - if (-1 == mac_to_hex(mac_obj->valuestring, mac_hex)){ + if (-1 == mac_to_hex(mac_obj->valuestring, mac_hex)) + { continue; } af_mac_add(mac_hex); @@ -247,9 +260,11 @@ int af_set_mac_list(cJSON * data_obj) void af_init_app_status(void) { int i, j; - - for (i = 0; i < AF_MAX_APP_TYPE_NUM; i++) { - for (j = 0; j < AF_MAX_APP_NUM; j++) { + + for (i = 0; i < AF_MAX_APP_TYPE_NUM; i++) + { + for (j = 0; j < AF_MAX_APP_NUM; j++) + { af_rule_write_lock(); g_app_id_array[i][j] = AF_FALSE; af_rule_write_unlock(); @@ -282,26 +297,30 @@ clean */ int af_config_handle(char *config, unsigned int len) { - cJSON * config_obj = NULL; - cJSON * cmd_obj = NULL; - cJSON * data_obj = NULL; - if (!config || len == 0) { + cJSON *config_obj = NULL; + cJSON *cmd_obj = NULL; + cJSON *data_obj = NULL; + if (!config || len == 0) + { AF_ERROR("config or len is invalid\n"); return -1; } config_obj = cJSON_Parse(config); - if (!config_obj){ + if (!config_obj) + { AF_ERROR("config_obj is NULL\n"); return -1; } cmd_obj = cJSON_GetObjectItem(config_obj, "op"); - if (!cmd_obj){ + if (!cmd_obj) + { AF_ERROR("not find op object\n"); return -1; } data_obj = cJSON_GetObjectItem(config_obj, "data"); - switch(cmd_obj->valueint) { + switch (cmd_obj->valueint) + { case AF_CMD_ADD_APPID: if (!data_obj) break; @@ -324,112 +343,113 @@ int af_config_handle(char *config, unsigned int len) } af_show_app_status(); return 0; - } - static int af_cdev_open(struct inode *inode, struct file *filp) { - struct af_cdev_file *file; - file = vzalloc(sizeof(*file)); - if (!file) - return -EINVAL; + struct af_cdev_file *file; + file = vzalloc(sizeof(*file)); + if (!file) + return -EINVAL; - mutex_lock(&af_cdev_mutex); - filp->private_data = file; - return 0; + mutex_lock(&af_cdev_mutex); + filp->private_data = file; + return 0; } static ssize_t af_cdev_read(struct file *filp, char *buf, size_t count, loff_t *off) { - return 0; + return 0; } static int af_cdev_release(struct inode *inode, struct file *filp) { - struct af_cdev_file *file = filp->private_data; - AF_DEBUG("config size: %d,data = %s\n", (int)file->size, file->buf); + struct af_cdev_file *file = filp->private_data; + AF_DEBUG("config size: %d,data = %s\n", (int)file->size, file->buf); af_config_handle(file->buf, file->size); - filp->private_data = NULL; - mutex_unlock(&af_cdev_mutex); - vfree(file); - return 0; + filp->private_data = NULL; + mutex_unlock(&af_cdev_mutex); + vfree(file); + return 0; } static ssize_t af_cdev_write(struct file *filp, const char *buffer, size_t count, loff_t *off) { - struct af_cdev_file *file = filp->private_data; - int ret; - if (file->size + count > sizeof(file->buf)) { - AF_ERROR("config overflow, cur_size: %d, block_size: %d, max_size: %d", - (int)file->size, (int)count, (int)sizeof(file->buf)); - return -EINVAL; - } + struct af_cdev_file *file = filp->private_data; + int ret; + if (file->size + count > sizeof(file->buf)) + { + AF_ERROR("config overflow, cur_size: %d, block_size: %d, max_size: %d", + (int)file->size, (int)count, (int)sizeof(file->buf)); + return -EINVAL; + } - ret = copy_from_user(file->buf + file->size, buffer, count); - if (ret != 0) - return -EINVAL; + ret = copy_from_user(file->buf + file->size, buffer, count); + if (ret != 0) + return -EINVAL; - file->size += count; - return count; + file->size += count; + return count; } static struct file_operations af_cdev_ops = { - owner: THIS_MODULE, - release: af_cdev_release, - open: af_cdev_open, - write: af_cdev_write, - read: af_cdev_read, + owner : THIS_MODULE, + release : af_cdev_release, + open : af_cdev_open, + write : af_cdev_write, + read : af_cdev_read, }; int af_register_dev(void) { - struct device *dev; - int res; - mutex_init(&af_cdev_mutex); + struct device *dev; + int res; + mutex_init(&af_cdev_mutex); - res = alloc_chrdev_region(&g_af_dev.id, 0, 1, AF_DEV_NAME); - if (res != 0) { - return -EINVAL; - } + res = alloc_chrdev_region(&g_af_dev.id, 0, 1, AF_DEV_NAME); + if (res != 0) + { + return -EINVAL; + } - cdev_init(&g_af_dev.char_dev, &af_cdev_ops); - res = cdev_add(&g_af_dev.char_dev, g_af_dev.id, 1); - if (res < 0) { - goto REGION_OUT; - } + cdev_init(&g_af_dev.char_dev, &af_cdev_ops); + res = cdev_add(&g_af_dev.char_dev, g_af_dev.id, 1); + if (res < 0) + { + goto REGION_OUT; + } - g_af_dev.c= class_create(THIS_MODULE, AF_DEV_NAME); - if (IS_ERR_OR_NULL(g_af_dev.c)) { - goto CDEV_OUT; - } + g_af_dev.c = class_create(THIS_MODULE, AF_DEV_NAME); + if (IS_ERR_OR_NULL(g_af_dev.c)) + { + goto CDEV_OUT; + } - dev = device_create(g_af_dev.c, NULL, g_af_dev.id, NULL, AF_DEV_NAME); - if (IS_ERR_OR_NULL(dev)) { - goto CLASS_OUT; - } + dev = device_create(g_af_dev.c, NULL, g_af_dev.id, NULL, AF_DEV_NAME); + if (IS_ERR_OR_NULL(dev)) + { + goto CLASS_OUT; + } AF_INFO("register char dev....ok\n"); - return 0; + return 0; CLASS_OUT: - class_destroy(g_af_dev.c); + class_destroy(g_af_dev.c); CDEV_OUT: - cdev_del(&g_af_dev.char_dev); + cdev_del(&g_af_dev.char_dev); REGION_OUT: - unregister_chrdev_region(g_af_dev.id, 1); - - AF_ERROR("register char dev....fail\n"); - return -EINVAL; -} + unregister_chrdev_region(g_af_dev.id, 1); + AF_ERROR("register char dev....fail\n"); + return -EINVAL; +} void af_unregister_dev(void) { device_destroy(g_af_dev.c, g_af_dev.id); - class_destroy(g_af_dev.c); - cdev_del(&g_af_dev.char_dev); - unregister_chrdev_region(g_af_dev.id, 1); + class_destroy(g_af_dev.c); + cdev_del(&g_af_dev.char_dev); + unregister_chrdev_region(g_af_dev.id, 1); AF_INFO("unregister char dev....ok\n"); } - diff --git a/oaf/src/cJSON.c b/oaf/src/cJSON.c index e71f1d8..7dcb2e5 100755 --- a/oaf/src/cJSON.c +++ b/oaf/src/cJSON.c @@ -118,7 +118,7 @@ void cJSON_Delete(cJSON *c) /* Parse the input text to generate a number, and populate the result into item. */ static const char *parse_number(cJSON *item,const char *num) { - int n=0,sign=1,scale=0;int subscale=0,signsubscale=1; + int n=0,sign=1; if (*num=='-') sign=-1,num++; /* Has sign? */ if (*num=='0') num++; /* is zero */