add oaf log info

oaf/src/Makefile

@@ -1,2 +1,2 @@
-oaf-objs := app_filter.o af_utils.o  regexp.o cJSON.o app_filter_config.o
+oaf-objs := app_filter.o af_utils.o  regexp.o cJSON.o app_filter_config.o af_log.o
 obj-m += oaf.o

oaf/src/af_log.c

@@ -0,0 +1,69 @@
+#include <linux/init.h>
+#include <linux/fs.h>
+#include <linux/version.h>
+#include <linux/seq_file.h>
+#include <linux/list.h>
+#include <linux/sysctl.h>
+
+#include "af_log.h"
+int af_log_lvl = 2;
+int af_test_mode = 0;
+/* 
+	cat /proc/sys/oaf/debug
+*/
+static struct ctl_table oaf_table[] = {
+	{
+		.procname	= "debug",
+		.data		= &af_log_lvl,
+		.maxlen 	= sizeof(int),
+		.mode		= 0666,
+		.proc_handler	= proc_dointvec,
+	},
+	{
+		.procname	= "test_mode",
+		.data		= &af_test_mode,
+		.maxlen 	= sizeof(int),
+		.mode		= 0666,
+		.proc_handler	= proc_dointvec,
+	},
+	{
+	}
+};
+
+static struct ctl_table oaf_root_table[] = {
+	{
+		.procname	= "oaf",
+		.mode		= 0555,
+		.child		= oaf_table,
+	},
+	{}
+};
+static struct ctl_table_header *oaf_table_header;
+
+
+static int af_init_log_sysctl(void)
+{
+	struct ctl_table_header *hdr;
+	oaf_table_header = register_sysctl_table(oaf_root_table);
+	if (oaf_table_header == NULL){
+		printk("init log sysctl...failed\n");
+		return -ENOMEM;
+	}
+	printk("init oaf sysctl...ok\n");
+	return 0;
+}
+
+static int af_fini_log_sysctl(void)
+{
+	if (oaf_table_header)
+		unregister_sysctl_table(oaf_table_header);
+	return 0;
+}
+
+int af_log_init(void){
+	af_init_log_sysctl();
+}
+
+int af_log_exit(void){
+	af_fini_log_sysctl();
+}

oaf/src/af_log.h

@@ -0,0 +1,32 @@
+#ifndef __AF_DEBUG_H__
+#define __AF_DEBUG_H__
+extern int af_log_lvl;
+extern int af_test_mode;
+#define LOG(level, fmt, ...) do { \
+    if ((level) <= af_log_lvl) { \
+        printk(fmt, ##__VA_ARGS__); \
+    } \
+} while (0)
+
+#define LLOG(level, fmt, ...) do { \
+	if ((level) <= af_log_lvl) { \
+		pr_info_ratelimited(fmt, ##__VA_ARGS__); \
+	} \
+} while (0)
+
+
+#define AF_ERROR(...)			LOG(0, ##__VA_ARGS__)
+#define AF_WARN(...)         	LOG(1, ##__VA_ARGS__)
+#define AF_INFO(...)         	LOG(2, ##__VA_ARGS__)
+#define AF_DEBUG(...)       	LOG(3, ##__VA_ARGS__)
+
+#define AF_LMT_ERROR(...)      	LLOG(0, ##__VA_ARGS__)
+#define AF_LMT_WARN(...)       	LLOG(1, ##__VA_ARGS__)
+#define AF_LMT_INFO(...)       	LLOG(2, ##__VA_ARGS__)
+#define AF_LMT_DEBUG(...)     	LLOG(3, ##__VA_ARGS__)
+
+
+#define TEST_MODE() (af_test_mode)
+int af_log_init(void);
+int af_log_exit(void);
+#endif

oaf/src/app_filter.c

@@ -22,14 +22,12 @@
 
 #include "app_filter.h"
 #include "af_utils.h"
-
+#include "af_log.h"
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("destan19@126.com");
 MODULE_DESCRIPTION("app filter module");
 MODULE_VERSION("1.0.1");
 struct list_head af_feature_head = LIST_HEAD_INIT(af_feature_head);
-#define AF_FEATURE_CONFIG_FILE "/etc/appfilter/feature.cfg"
-//#define AF_DEV_NAME "appfilter"
 
 DEFINE_RWLOCK(af_feature_lock);
 
@@ -37,38 +35,7 @@ DEFINE_RWLOCK(af_feature_lock);
 #define feature_list_read_unlock() 		read_unlock_bh(&af_feature_lock);
 #define feature_list_write_lock() 		write_lock_bh(&af_feature_lock);
 #define feature_list_write_unlock()		write_unlock_bh(&af_feature_lock);
-// ×¢ÒâÓÐÖØ´«±¨ÎÄ
-#define MAX_PARSE_PKT_NUM 16
-#define MIN_HTTP_DATA_LEN 16
-#define MAX_APP_NAME_LEN 64
-#define MAX_FEATURE_NUM_PER_APP 16 
-#define MAX_FEATURE_STR_LEN 128
-#define MAX_HOST_URL_LEN 128
-#define MAX_REQUEST_URL_LEN 128
-#define MAX_FEATURE_BITS 16
-#define MAX_POS_INFO_PER_FEATURE 16
-#define MAX_FEATURE_LINE_LEN 256
-#define MIN_FEATURE_LINE_LEN 16
 
-#define MAX_URL_MATCH_LEN 64
-typedef struct af_pos_info{
-	int pos;
-	unsigned char value;
-}af_pos_info_t;
-
-typedef struct af_feature_node{
-	struct list_head  		head;
-	int app_id;
-	char app_name[MAX_APP_NAME_LEN];
-	char feature_str[MAX_FEATURE_NUM_PER_APP][MAX_FEATURE_STR_LEN];
-	int proto;
-	int sport;
-	int dport;
-	char host_url[MAX_HOST_URL_LEN];
-	char request_url[MAX_REQUEST_URL_LEN];
-	int pos_num;
-	af_pos_info_t pos_info[MAX_POS_INFO_PER_FEATURE];
-}af_feature_node_t;
 #if 0
 static void show_feature_list(void)
 {
@@ -112,14 +79,7 @@ static af_feature_node_t* af_find_feature(char *app_id)
 }
 #endif
 
-enum AF_FEATURE_PARAM_INDEX{
-	AF_PROTO_PARAM_INDEX,
-	AF_SRC_PORT_PARAM_INDEX,
-	AF_DST_PORT_PARAM_INDEX,
-	AF_HOST_URL_PARAM_INDEX,
-	AF_REQUEST_URL_PARAM_INDEX,
-	AF_DICT_PARAM_INDEX,
-};
+
 
 int __add_app_feature(int appid,
 					char *name,
@@ -228,10 +188,7 @@ int add_app_feature(int appid, char *name, char *feature)
 		return -1;
 	}
 	strncpy(dict, begin, p - begin);
-	
-	//sscanf(feature, "%[^;];%d;%[^;];%[^;];%s", proto, &dst_port, host, url, dict);
-	//printk("proto = %s, port = %s, host = %s, url = %s, dict = %s\n",
-	//				proto_str, port_str, host_url, request_url, dict);
+
 	if (0 == strcmp(proto_str, "tcp"))
 		proto = IPPROTO_TCP;
 	else if (0 == strcmp(proto_str, "udp"))
@@ -267,10 +224,8 @@ void af_init_feature(char *feature_str)
 	char feature_buf[MAX_FEATURE_LINE_LEN] = {0};
 	if (strstr(feature_str,"#"))
 		return;
-	//printk("feature_str=%s\n",feature_str);
 	
 	k_sscanf(feature_str, "%d%[^:]", &app_id, app_name);
-	//printk("id = %d, name = %s\n",app_id, app_name);
 
 	char *p = feature_str;
 	char *pos = NULL;	
@@ -360,7 +315,6 @@ void load_feature_config(void)
 		return;
 	}
 	
-//	printk("feature_buf = %s\n", feature_buf);
 	char *p;
 	char *begin;
 	p = begin = feature_buf;
@@ -553,7 +507,6 @@ void parse_http_proto(flow_info_t *flow)
 		}
 	}
 }
-#if 0
 
 static void dump_http_flow_info(http_proto_t *http) {
 	if (!http) {
@@ -589,7 +542,6 @@ static void dump_https_flow_info(https_proto_t *https) {
 	
 
 	if (https->url_len > 0 && https->url_pos){
-		printk("url len = %d\n",https->url_len);
 		dump_str("https server name", https->url_pos, https->url_len);
 	}
 
@@ -601,14 +553,11 @@ static void dump_flow_info(flow_info_t *flow)
 		AF_ERROR("flow is null\n");
 		return;
 	}
-	#if 0
-	if (check_local_network_ip(ntohl(flow->src))) {
-		printk("src ip(inner net):"NIPQUAD_FMT", dst ip = "NIPQUAD_FMT"\n", NIPQUAD(flow->src), NIPQUAD(flow->dst));
+	if (flow->l4_len > 0){
+		AF_LMT_INFO("src="NIPQUAD_FMT",dst="NIPQUAD_FMT",sport: %d, dport: %d, data_len: %d\n", 
+			NIPQUAD(flow->src), NIPQUAD(flow->dst),	flow->sport, flow->dport, flow->l4_len);
 	}
-	else {
-		printk("src ip(outer net):"NIPQUAD_FMT", dst ip = "NIPQUAD_FMT"\n", NIPQUAD(flow->src), NIPQUAD(flow->dst));
-	}
-	#endif
+
 	if (flow->l4_protocol == IPPROTO_TCP) {
 		if (AF_TRUE == flow->http.match) {
 			printk("-------------------http protocol-------------------------\n");
@@ -617,27 +566,18 @@ static void dump_flow_info(flow_info_t *flow)
 			dump_http_flow_info(&flow->http);
 		}
 		if (AF_TRUE == flow->https.match) {
+			printk("-------------------https protocol-------------------------\n");
 			dump_https_flow_info(&flow->https);
 		}
 	}
-	else if (flow->l4_protocol == IPPROTO_UDP) {
-		//	printk("protocol:UDP ,sport: %-8d, dport: %-8d, data_len: %-8d\n",
-		//					flow->sport, flow->dport, flow->l4_len);
-	}
-	else {
-		return;
-	}
 }
-#endif
 int af_match_by_pos(flow_info_t *flow, af_feature_node_t *node)
 {
-	// match pos
 	int i;
 	unsigned int pos = 0;
 	
 	if (!flow || !node)
 		return AF_FALSE;
-	//printk("pos_num = %d\n", node->pos_num);
 	if (node->pos_num > 0) {
 		for (i = 0;i < node->pos_num; i++){
 			// -1
@@ -648,18 +588,11 @@ int af_match_by_pos(flow_info_t *flow, af_feature_node_t *node)
 				pos = node->pos_info[i].pos;
 			}
 			if (pos >= flow->l4_len){
-			//	AF_ERROR("pos is invalid, pos = %d, l4_len = %d\n", pos, flow->l4_len);
 				return AF_FALSE;
-			}
-			//printk("pos = %d, i = %d, l4_len = %d\n", pos, i, flow->l4_len);
-			
+			}			
 			if (flow->l4_data[pos] != node->pos_info[i].value){
-			//	if (i > 0)
-				//	printk("\n");
 				return AF_FALSE;
 			}
-			//if (i > 1)
-			//printk("match (%d:%02x) -->", node->pos_info[i].pos, node->pos_info[i].value);
 		}
 		AF_DEBUG("match by pos, appid=%d\n", node->app_id);
 		return AF_TRUE;
@@ -742,8 +675,6 @@ int af_match_one(flow_info_t *flow, af_feature_node_t *node)
 			node->sport, node->dport, node->app_id);
 		return AF_TRUE;
 	}
-	//printk("sport = %d, dport = %d, node->sport:%d, node->dport:%d,ret = %d\n",
-	//	flow->sport, flow->dport, node->sport, node->dport, ret);
 	return ret;
 }
 
@@ -755,8 +686,8 @@ int app_filter_match(flow_info_t *flow)
 		list_for_each_entry_safe(node, n, &af_feature_head, head) {
 			if(af_match_one(flow, node)) 
 			{
+				flow->app_id = node->app_id;
 				if (af_get_app_status(node->app_id)){
-					AF_DEBUG("drop appid = %d\n", node->app_id);
 					feature_list_read_unlock();
 					return AF_TRUE;
 				}
@@ -841,12 +772,14 @@ static u_int32_t app_filter_hook(unsigned int hook,
 	parse_flow_base(skb, &flow);
 	parse_http_proto(&flow);
 	parse_https_proto(&flow);
-	//dump_flow_info(&flow);
+	if (TEST_MODE())
+		dump_flow_info(&flow);
+	
 	if (app_filter_match(&flow)){
-
 #if defined(CONFIG_NF_CONNTRACK_MARK)
 		ct->mark |= APP_FILTER_DROP_BITS;
 #endif
+		AF_INFO("##########drop appid = %d#############\n\n\n", flow.app_id);
 		return NF_DROP;
 	}
 	return NF_ACCEPT;
@@ -900,6 +833,7 @@ static int __init app_filter_init(void)
 {
 	AF_INFO("appfilter version:"AF_VERSION"\n");
 	AF_DEBUG("app filter module init\n");
+	af_log_init();
 	//TEST_regexp();
 	af_register_dev();
 	af_init_app_status();
@@ -929,6 +863,7 @@ static void app_filter_fini(void)
 
 	af_clean_feature_list();
 	af_unregister_dev();
+	af_log_exit();
 	return ;
 }
 

oaf/src/app_filter.h

@@ -1,9 +1,22 @@
 #ifndef APP_FILTER_H
 #define APP_FILTER_H
-#define AF_DEBUG  if(0) printk
-#define AF_ERROR printk
-#define AF_INFO printk
+
 #define AF_VERSION "1.0.1"
+#define AF_FEATURE_CONFIG_FILE "/etc/appfilter/feature.cfg"
+
+#define MAX_PARSE_PKT_NUM 16
+#define MIN_HTTP_DATA_LEN 16
+#define MAX_APP_NAME_LEN 64
+#define MAX_FEATURE_NUM_PER_APP 16 
+#define MAX_FEATURE_STR_LEN 128
+#define MAX_HOST_URL_LEN 128
+#define MAX_REQUEST_URL_LEN 128
+#define MAX_FEATURE_BITS 16
+#define MAX_POS_INFO_PER_FEATURE 16
+#define MAX_FEATURE_LINE_LEN 256
+#define MIN_FEATURE_LINE_LEN 16
+#define MAX_URL_MATCH_LEN 64
+
 //#define CONFIG_KERNEL_FUNC_TEST 1
 
 #define HTTP_GET_METHOD_STR "GET"
@@ -25,6 +38,15 @@
 #define HTTPS_URL_OFFSET		9
 #define HTTPS_LEN_OFFSET		7
 
+enum AF_FEATURE_PARAM_INDEX{
+	AF_PROTO_PARAM_INDEX,
+	AF_SRC_PORT_PARAM_INDEX,
+	AF_DST_PORT_PARAM_INDEX,
+	AF_HOST_URL_PARAM_INDEX,
+	AF_REQUEST_URL_PARAM_INDEX,
+	AF_DICT_PARAM_INDEX,
+};
+
 enum e_http_method{
 	HTTP_METHOD_GET = 1,
 	HTTP_METHOD_POST,
@@ -57,8 +79,31 @@ typedef struct flow_info{
 	int l4_len;
 	http_proto_t http;
 	https_proto_t https;
+	u_int32_t app_id;
 }flow_info_t;
 
+
+
+typedef struct af_pos_info{
+	int pos;
+	unsigned char value;
+}af_pos_info_t;
+
+typedef struct af_feature_node{
+	struct list_head  		head;
+	u_int32_t app_id;
+	char app_name[MAX_APP_NAME_LEN];
+	char feature_str[MAX_FEATURE_NUM_PER_APP][MAX_FEATURE_STR_LEN];
+	u_int32_t proto;
+	u_int32_t sport;
+	u_int32_t dport;
+	char host_url[MAX_HOST_URL_LEN];
+	char request_url[MAX_REQUEST_URL_LEN];
+	int pos_num;
+	af_pos_info_t pos_info[MAX_POS_INFO_PER_FEATURE];
+}af_feature_node_t;
+
+
 int af_register_dev(void);
 void af_unregister_dev(void);
 void af_init_app_status(void);

oaf/src/app_filter_config.c

@@ -20,6 +20,7 @@
 #include "cJSON.h"
 #include "app_filter.h"
 #include "af_utils.h"
+#include "af_log.h"
 #define AF_MAX_APP_TYPE_NUM 16
 #define AF_MAX_APP_NUM 256
 #define AF_DEV_NAME "appfilter"