From 7d76a613baeb572455e60b69ca568e4fabe275d5 Mon Sep 17 00:00:00 2001 From: derry Date: Thu, 26 Dec 2019 03:03:18 -0800 Subject: [PATCH] add oaf log info --- oaf/src/Makefile | 2 +- oaf/src/af_log.c | 69 ++++++++++++++++++++++++++ oaf/src/af_log.h | 32 ++++++++++++ oaf/src/app_filter.c | 97 ++++++------------------------------- oaf/src/app_filter.h | 51 +++++++++++++++++-- oaf/src/app_filter_config.c | 1 + 6 files changed, 167 insertions(+), 85 deletions(-) create mode 100755 oaf/src/af_log.c create mode 100755 oaf/src/af_log.h diff --git a/oaf/src/Makefile b/oaf/src/Makefile index 1ab57a0..7b5aad0 100755 --- a/oaf/src/Makefile +++ b/oaf/src/Makefile @@ -1,2 +1,2 @@ -oaf-objs := app_filter.o af_utils.o regexp.o cJSON.o app_filter_config.o +oaf-objs := app_filter.o af_utils.o regexp.o cJSON.o app_filter_config.o af_log.o obj-m += oaf.o diff --git a/oaf/src/af_log.c b/oaf/src/af_log.c new file mode 100755 index 0000000..c175372 --- /dev/null +++ b/oaf/src/af_log.c @@ -0,0 +1,69 @@ +#include +#include +#include +#include +#include +#include + +#include "af_log.h" +int af_log_lvl = 2; +int af_test_mode = 0; +/* + cat /proc/sys/oaf/debug +*/ +static struct ctl_table oaf_table[] = { + { + .procname = "debug", + .data = &af_log_lvl, + .maxlen = sizeof(int), + .mode = 0666, + .proc_handler = proc_dointvec, + }, + { + .procname = "test_mode", + .data = &af_test_mode, + .maxlen = sizeof(int), + .mode = 0666, + .proc_handler = proc_dointvec, + }, + { + } +}; + +static struct ctl_table oaf_root_table[] = { + { + .procname = "oaf", + .mode = 0555, + .child = oaf_table, + }, + {} +}; +static struct ctl_table_header *oaf_table_header; + + +static int af_init_log_sysctl(void) +{ + struct ctl_table_header *hdr; + oaf_table_header = register_sysctl_table(oaf_root_table); + if (oaf_table_header == NULL){ + printk("init log sysctl...failed\n"); + return -ENOMEM; + } + printk("init oaf sysctl...ok\n"); + return 0; +} + +static int af_fini_log_sysctl(void) +{ + if (oaf_table_header) + unregister_sysctl_table(oaf_table_header); + return 0; +} + +int af_log_init(void){ + af_init_log_sysctl(); +} + +int af_log_exit(void){ + af_fini_log_sysctl(); +} diff --git a/oaf/src/af_log.h b/oaf/src/af_log.h new file mode 100755 index 0000000..009be65 --- /dev/null +++ b/oaf/src/af_log.h @@ -0,0 +1,32 @@ +#ifndef __AF_DEBUG_H__ +#define __AF_DEBUG_H__ +extern int af_log_lvl; +extern int af_test_mode; +#define LOG(level, fmt, ...) do { \ + if ((level) <= af_log_lvl) { \ + printk(fmt, ##__VA_ARGS__); \ + } \ +} while (0) + +#define LLOG(level, fmt, ...) do { \ + if ((level) <= af_log_lvl) { \ + pr_info_ratelimited(fmt, ##__VA_ARGS__); \ + } \ +} while (0) + + +#define AF_ERROR(...) LOG(0, ##__VA_ARGS__) +#define AF_WARN(...) LOG(1, ##__VA_ARGS__) +#define AF_INFO(...) LOG(2, ##__VA_ARGS__) +#define AF_DEBUG(...) LOG(3, ##__VA_ARGS__) + +#define AF_LMT_ERROR(...) LLOG(0, ##__VA_ARGS__) +#define AF_LMT_WARN(...) LLOG(1, ##__VA_ARGS__) +#define AF_LMT_INFO(...) LLOG(2, ##__VA_ARGS__) +#define AF_LMT_DEBUG(...) LLOG(3, ##__VA_ARGS__) + + +#define TEST_MODE() (af_test_mode) +int af_log_init(void); +int af_log_exit(void); +#endif diff --git a/oaf/src/app_filter.c b/oaf/src/app_filter.c index 868a361..3ad15a2 100755 --- a/oaf/src/app_filter.c +++ b/oaf/src/app_filter.c @@ -22,14 +22,12 @@ #include "app_filter.h" #include "af_utils.h" - +#include "af_log.h" MODULE_LICENSE("GPL"); MODULE_AUTHOR("destan19@126.com"); MODULE_DESCRIPTION("app filter module"); MODULE_VERSION("1.0.1"); struct list_head af_feature_head = LIST_HEAD_INIT(af_feature_head); -#define AF_FEATURE_CONFIG_FILE "/etc/appfilter/feature.cfg" -//#define AF_DEV_NAME "appfilter" DEFINE_RWLOCK(af_feature_lock); @@ -37,38 +35,7 @@ DEFINE_RWLOCK(af_feature_lock); #define feature_list_read_unlock() read_unlock_bh(&af_feature_lock); #define feature_list_write_lock() write_lock_bh(&af_feature_lock); #define feature_list_write_unlock() write_unlock_bh(&af_feature_lock); -// 注意有重传报文 -#define MAX_PARSE_PKT_NUM 16 -#define MIN_HTTP_DATA_LEN 16 -#define MAX_APP_NAME_LEN 64 -#define MAX_FEATURE_NUM_PER_APP 16 -#define MAX_FEATURE_STR_LEN 128 -#define MAX_HOST_URL_LEN 128 -#define MAX_REQUEST_URL_LEN 128 -#define MAX_FEATURE_BITS 16 -#define MAX_POS_INFO_PER_FEATURE 16 -#define MAX_FEATURE_LINE_LEN 256 -#define MIN_FEATURE_LINE_LEN 16 -#define MAX_URL_MATCH_LEN 64 -typedef struct af_pos_info{ - int pos; - unsigned char value; -}af_pos_info_t; - -typedef struct af_feature_node{ - struct list_head head; - int app_id; - char app_name[MAX_APP_NAME_LEN]; - char feature_str[MAX_FEATURE_NUM_PER_APP][MAX_FEATURE_STR_LEN]; - int proto; - int sport; - int dport; - char host_url[MAX_HOST_URL_LEN]; - char request_url[MAX_REQUEST_URL_LEN]; - int pos_num; - af_pos_info_t pos_info[MAX_POS_INFO_PER_FEATURE]; -}af_feature_node_t; #if 0 static void show_feature_list(void) { @@ -112,14 +79,7 @@ static af_feature_node_t* af_find_feature(char *app_id) } #endif -enum AF_FEATURE_PARAM_INDEX{ - AF_PROTO_PARAM_INDEX, - AF_SRC_PORT_PARAM_INDEX, - AF_DST_PORT_PARAM_INDEX, - AF_HOST_URL_PARAM_INDEX, - AF_REQUEST_URL_PARAM_INDEX, - AF_DICT_PARAM_INDEX, -}; + int __add_app_feature(int appid, char *name, @@ -228,10 +188,7 @@ int add_app_feature(int appid, char *name, char *feature) return -1; } strncpy(dict, begin, p - begin); - - //sscanf(feature, "%[^;];%d;%[^;];%[^;];%s", proto, &dst_port, host, url, dict); - //printk("proto = %s, port = %s, host = %s, url = %s, dict = %s\n", - // proto_str, port_str, host_url, request_url, dict); + if (0 == strcmp(proto_str, "tcp")) proto = IPPROTO_TCP; else if (0 == strcmp(proto_str, "udp")) @@ -267,10 +224,8 @@ void af_init_feature(char *feature_str) char feature_buf[MAX_FEATURE_LINE_LEN] = {0}; if (strstr(feature_str,"#")) return; - //printk("feature_str=%s\n",feature_str); k_sscanf(feature_str, "%d%[^:]", &app_id, app_name); - //printk("id = %d, name = %s\n",app_id, app_name); char *p = feature_str; char *pos = NULL; @@ -360,7 +315,6 @@ void load_feature_config(void) return; } -// printk("feature_buf = %s\n", feature_buf); char *p; char *begin; p = begin = feature_buf; @@ -553,7 +507,6 @@ void parse_http_proto(flow_info_t *flow) } } } -#if 0 static void dump_http_flow_info(http_proto_t *http) { if (!http) { @@ -589,7 +542,6 @@ static void dump_https_flow_info(https_proto_t *https) { if (https->url_len > 0 && https->url_pos){ - printk("url len = %d\n",https->url_len); dump_str("https server name", https->url_pos, https->url_len); } @@ -601,14 +553,11 @@ static void dump_flow_info(flow_info_t *flow) AF_ERROR("flow is null\n"); return; } - #if 0 - if (check_local_network_ip(ntohl(flow->src))) { - printk("src ip(inner net):"NIPQUAD_FMT", dst ip = "NIPQUAD_FMT"\n", NIPQUAD(flow->src), NIPQUAD(flow->dst)); + if (flow->l4_len > 0){ + AF_LMT_INFO("src="NIPQUAD_FMT",dst="NIPQUAD_FMT",sport: %d, dport: %d, data_len: %d\n", + NIPQUAD(flow->src), NIPQUAD(flow->dst), flow->sport, flow->dport, flow->l4_len); } - else { - printk("src ip(outer net):"NIPQUAD_FMT", dst ip = "NIPQUAD_FMT"\n", NIPQUAD(flow->src), NIPQUAD(flow->dst)); - } - #endif + if (flow->l4_protocol == IPPROTO_TCP) { if (AF_TRUE == flow->http.match) { printk("-------------------http protocol-------------------------\n"); @@ -617,27 +566,18 @@ static void dump_flow_info(flow_info_t *flow) dump_http_flow_info(&flow->http); } if (AF_TRUE == flow->https.match) { + printk("-------------------https protocol-------------------------\n"); dump_https_flow_info(&flow->https); } } - else if (flow->l4_protocol == IPPROTO_UDP) { - // printk("protocol:UDP ,sport: %-8d, dport: %-8d, data_len: %-8d\n", - // flow->sport, flow->dport, flow->l4_len); - } - else { - return; - } } -#endif int af_match_by_pos(flow_info_t *flow, af_feature_node_t *node) { - // match pos int i; unsigned int pos = 0; if (!flow || !node) return AF_FALSE; - //printk("pos_num = %d\n", node->pos_num); if (node->pos_num > 0) { for (i = 0;i < node->pos_num; i++){ // -1 @@ -648,18 +588,11 @@ int af_match_by_pos(flow_info_t *flow, af_feature_node_t *node) pos = node->pos_info[i].pos; } if (pos >= flow->l4_len){ - // AF_ERROR("pos is invalid, pos = %d, l4_len = %d\n", pos, flow->l4_len); return AF_FALSE; - } - //printk("pos = %d, i = %d, l4_len = %d\n", pos, i, flow->l4_len); - + } if (flow->l4_data[pos] != node->pos_info[i].value){ - // if (i > 0) - // printk("\n"); return AF_FALSE; } - //if (i > 1) - //printk("match (%d:%02x) -->", node->pos_info[i].pos, node->pos_info[i].value); } AF_DEBUG("match by pos, appid=%d\n", node->app_id); return AF_TRUE; @@ -742,8 +675,6 @@ int af_match_one(flow_info_t *flow, af_feature_node_t *node) node->sport, node->dport, node->app_id); return AF_TRUE; } - //printk("sport = %d, dport = %d, node->sport:%d, node->dport:%d,ret = %d\n", - // flow->sport, flow->dport, node->sport, node->dport, ret); return ret; } @@ -755,8 +686,8 @@ int app_filter_match(flow_info_t *flow) list_for_each_entry_safe(node, n, &af_feature_head, head) { if(af_match_one(flow, node)) { + flow->app_id = node->app_id; if (af_get_app_status(node->app_id)){ - AF_DEBUG("drop appid = %d\n", node->app_id); feature_list_read_unlock(); return AF_TRUE; } @@ -841,12 +772,14 @@ static u_int32_t app_filter_hook(unsigned int hook, parse_flow_base(skb, &flow); parse_http_proto(&flow); parse_https_proto(&flow); - //dump_flow_info(&flow); + if (TEST_MODE()) + dump_flow_info(&flow); + if (app_filter_match(&flow)){ - #if defined(CONFIG_NF_CONNTRACK_MARK) ct->mark |= APP_FILTER_DROP_BITS; #endif + AF_INFO("##########drop appid = %d#############\n\n\n", flow.app_id); return NF_DROP; } return NF_ACCEPT; @@ -900,6 +833,7 @@ static int __init app_filter_init(void) { AF_INFO("appfilter version:"AF_VERSION"\n"); AF_DEBUG("app filter module init\n"); + af_log_init(); //TEST_regexp(); af_register_dev(); af_init_app_status(); @@ -929,6 +863,7 @@ static void app_filter_fini(void) af_clean_feature_list(); af_unregister_dev(); + af_log_exit(); return ; } diff --git a/oaf/src/app_filter.h b/oaf/src/app_filter.h index f9be684..b1e51db 100755 --- a/oaf/src/app_filter.h +++ b/oaf/src/app_filter.h @@ -1,9 +1,22 @@ #ifndef APP_FILTER_H #define APP_FILTER_H -#define AF_DEBUG if(0) printk -#define AF_ERROR printk -#define AF_INFO printk + #define AF_VERSION "1.0.1" +#define AF_FEATURE_CONFIG_FILE "/etc/appfilter/feature.cfg" + +#define MAX_PARSE_PKT_NUM 16 +#define MIN_HTTP_DATA_LEN 16 +#define MAX_APP_NAME_LEN 64 +#define MAX_FEATURE_NUM_PER_APP 16 +#define MAX_FEATURE_STR_LEN 128 +#define MAX_HOST_URL_LEN 128 +#define MAX_REQUEST_URL_LEN 128 +#define MAX_FEATURE_BITS 16 +#define MAX_POS_INFO_PER_FEATURE 16 +#define MAX_FEATURE_LINE_LEN 256 +#define MIN_FEATURE_LINE_LEN 16 +#define MAX_URL_MATCH_LEN 64 + //#define CONFIG_KERNEL_FUNC_TEST 1 #define HTTP_GET_METHOD_STR "GET" @@ -25,6 +38,15 @@ #define HTTPS_URL_OFFSET 9 #define HTTPS_LEN_OFFSET 7 +enum AF_FEATURE_PARAM_INDEX{ + AF_PROTO_PARAM_INDEX, + AF_SRC_PORT_PARAM_INDEX, + AF_DST_PORT_PARAM_INDEX, + AF_HOST_URL_PARAM_INDEX, + AF_REQUEST_URL_PARAM_INDEX, + AF_DICT_PARAM_INDEX, +}; + enum e_http_method{ HTTP_METHOD_GET = 1, HTTP_METHOD_POST, @@ -57,8 +79,31 @@ typedef struct flow_info{ int l4_len; http_proto_t http; https_proto_t https; + u_int32_t app_id; }flow_info_t; + + +typedef struct af_pos_info{ + int pos; + unsigned char value; +}af_pos_info_t; + +typedef struct af_feature_node{ + struct list_head head; + u_int32_t app_id; + char app_name[MAX_APP_NAME_LEN]; + char feature_str[MAX_FEATURE_NUM_PER_APP][MAX_FEATURE_STR_LEN]; + u_int32_t proto; + u_int32_t sport; + u_int32_t dport; + char host_url[MAX_HOST_URL_LEN]; + char request_url[MAX_REQUEST_URL_LEN]; + int pos_num; + af_pos_info_t pos_info[MAX_POS_INFO_PER_FEATURE]; +}af_feature_node_t; + + int af_register_dev(void); void af_unregister_dev(void); void af_init_app_status(void); diff --git a/oaf/src/app_filter_config.c b/oaf/src/app_filter_config.c index 1bd6f7d..2ac6194 100755 --- a/oaf/src/app_filter_config.c +++ b/oaf/src/app_filter_config.c @@ -20,6 +20,7 @@ #include "cJSON.h" #include "app_filter.h" #include "af_utils.h" +#include "af_log.h" #define AF_MAX_APP_TYPE_NUM 16 #define AF_MAX_APP_NUM 256 #define AF_DEV_NAME "appfilter"