Add aaa-12 添加分发引擎上送条件 && 修改代码bug

SOL 修改人：gechangwei 检视人：gechangwei Signed-off-by: gechangwei <gechangwei@cmhi.chinamobile.com>
2019-09-18 16:21:57 +08:00 · 2019-09-18 16:21:57 +08:00 · 2fc6a02858
parent 31a50ce4d9
commit 2fc6a02858
4 changed files with 135 additions and 4 deletions
--- a/Common/commuapinl.h
+++ b/Common/commuapinl.h
@ -51,6 +51,7 @@ enum pdelivmsgtype{
 	NLMSG_RECV_RAW_PKT = 0x12,/*上送DPI的报文消息*/
 	PDNLGRP_REQUEST,
 	NK_DEBUGFS_PRK_ONOFF = 0X16,/*DEBUGFS PRINTK ON 0R OFF: 1->ON; 0->OFF */
+	PKT_PDE_THR = 0X18, /* 分发引擎上送数据包阈值 */

 	/*for trace*/
 	TRACE_CFG_POLICY_REQ = 0x20,
@ -88,7 +89,8 @@ enum commcfgmsgtype{
 	AGINGTIME_CFG = 0x14, /*用户态发送给内核态的用户老化时间消息 */
 	COMMNMSG_POLICYCONF,

-	NK_DEBUGFS_PRK_ONOFF_CFG = 0X16,/*keep the same with DEBUGFS PRINTK ON OR OFF */
+	NK_DEBUGFS_PRK_ONOFF_CFG = 0x16,/*keep the same with DEBUGFS PRINTK ON OR OFF */
+	PKT_PDE_THR_CFG = 0x18, /* 分发引擎上送数据包阈值 */
 	
 	/*add your msg type here:*/
 	
@ -96,6 +98,16 @@ enum commcfgmsgtype{
 	COMMCFG_NLMSG_MAX_TYPE,
 };

+enum conntrack_action_type{
+	CONNTRACK_PDE_DPI = 0x03,
+};
+
+enum PDE_PKT_CONTROL{
+	PDE_TO_DPI,
+	PDE_TO_ACCEPT,
+	
+};
+

 struct netlink_debugfs {
 	unsigned int rev_total;
--- a/Platform/modules/netlink_api/libnetlink_k.c
+++ b/Platform/modules/netlink_api/libnetlink_k.c
@ -186,6 +186,53 @@ int debugfs_prk_onoff(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh,struct
 	return 0;
 }

+int set_pde_pkt_num(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh,struct netlink_ext_ack *extack)
+{
+	unsigned char * cookies = "set pkt_num succ";
+	//unsigned char * cookiess = "set pkt_num fail";
+	int err, len = 0;
+
+	char *pload;
+	struct nlattr *rta;
+	char *load;
+	unsigned long fk_type;
+	int ret = 0;
+
+	pload = nlmsg_data(nlh);
+	rta = (struct nlattr *)pload;
+	load = RTA_DATA(rta);
+	//ret = strict_strtoul(load, 10, &fk_type);
+	err=kstrtoul(load, 10, &fk_type);
+	if(err)
+		{
+		cookies = "set pkt_num fail";
+		NETLINK_DEBUG(g_nlcfg->debugfs_prk_enable,"*************************set_pde_pkt_num error******************\n");
+		}
+	
+	g_nlcfg->pde_pkt_num = fk_type;
+
+	NETLINK_DEBUG(g_nlcfg->pde_pkt_num, "***gift***%s", __func__);
+	
+	len = strlen(cookies);	
+	
+	if(len > sizeof(extack->cookie) )/*check len*/
+	{
+		NETLINK_DEBUG(g_nlcfg->debugfs_prk_enable, "set_pde_pkt_num:cookies oversize the netlinkt cookies.\r\n");
+		extack->cookie_len = sizeof(extack->cookie);		
+	}
+	else
+	{
+		extack->cookie_len = len;
+	}
+	
+	memcpy(extack->cookie, cookies, extack->cookie_len);/*becare:size must small than 20 u8!!!!!!!!!!*/
+	
+	NETLINK_DEBUG(g_nlcfg->debugfs_prk_enable, "set_pde_pkt_num ack type=%d,seq=%d,extack->cookie_len=%d.\n",
+		nlh->nlmsg_type,nlh->nlmsg_seq,extack->cookie_len);
+	
+	return 0;
+}
+

 int debugfs_pkt_num_stati(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh,struct netlink_ext_ack *extack)
 {
@ -323,6 +370,7 @@ EXPORT_SYMBOL_GPL(debugfs_pkt_num_stati);
 EXPORT_SYMBOL_GPL(debugfs_pkt_num_stati_witisend);
 EXPORT_SYMBOL_GPL(nf_nlmsg_multicast);
 EXPORT_SYMBOL_GPL(debugfs_prk_onoff);
+EXPORT_SYMBOL_GPL(set_pde_pkt_num);



--- a/Platform/modules/netlink_api/libnetlink_k.h
+++ b/Platform/modules/netlink_api/libnetlink_k.h
@ -27,6 +27,7 @@ struct netlinkk_cfg
 	struct commnl_msgtype_process* msg_processer;
 	int msg_processer_num;
 	unsigned long debugfs_prk_enable;
+	long pde_pkt_num;
 };

 typedef int (*commnl_doit_func)(struct sk_buff *, struct nlmsghdr *,struct netlink_ext_ack *);
@ -84,6 +85,7 @@ extern int debugfs_pkt_num_stati(struct netlinkk_cfg *g_nlcfg,
 extern int debugfs_pkt_num_stati_witisend(struct netlinkk_cfg *g_nlcfg, 
 	struct nlmsghdr *nlh,struct commnl_msgtype_process* msg_process);

+extern int set_pde_pkt_num(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh,struct netlink_ext_ack *extack);

 extern int nf_nlmsg_multicast(struct netlinkk_cfg *g_nlcfg, struct sk_buff *skb);

--- a/Platform/modules/pdelivery/pdeliverynl_kinit.c
+++ b/Platform/modules/pdelivery/pdeliverynl_kinit.c
@ -6,10 +6,13 @@
 #include <uapi/linux/ip.h>
 #include <net/netlink.h>
 #include <net/net_namespace.h>
+#include <net/netfilter/nf_conntrack_acct.h>
+#include <linux/inet.h>

 #include "../netlink_api/libnetlink_k.h"
 #include "../../../Common/commuapinl.h"
 //#include "pdeliverynl_kinit.h"
+#include "../conntrack_api/api/conntrack_api.h"

 //int nf_nlmsg_multicast(struct netlinkk_cfg *g_nlcfg, struct sk_buff *skb);
 unsigned int pdelivery_hook_func(void *priv,
@ -18,6 +21,7 @@ unsigned int pdelivery_hook_func(void *priv,
 //int debugfs_pkt_num_stati(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh);

 int pdeliv_unicast(struct sk_buff *skb, u32 portid);
+int pde_pkt_control(struct sk_buff *skb, struct netlinkk_cfg *g_nlcfg);


 struct netlinkk_cfg g_nlcfg = {0};
@ -57,6 +61,12 @@ int pdeliv_rcv_stat(struct sk_buff *skb, struct nlmsghdr *nlh,struct netlink_ext
 			return ret;
 				break;

+		case PKT_PDE_THR:
+			ret = set_pde_pkt_num(&g_nlcfg, nlh, ext_ack);
+			return ret;
+				break;
+
+
        	default:
 			NETLINK_DEBUG(g_nlcfg.debugfs_prk_enable, "libnetlink Unknow msgtype recieved!\n");
 			return 0;
@ -174,6 +184,7 @@ int __init pdelivery_init(void)
 	pdeliv_msgtype_register(PDNLGRP_REQUEST,pdeliv_rcv_stat,NULL,NULL);
 	pdeliv_msgtype_register(NLMSG_PDELIV_DEBUGFS,pdeliv_rcv_stat,NULL,NULL);
 	pdeliv_msgtype_register(NK_DEBUGFS_PRK_ONOFF,pdeliv_rcv_stat,NULL,NULL);
+	pdeliv_msgtype_register(PKT_PDE_THR,pdeliv_rcv_stat,NULL,NULL);
 	

 	return 0;
@ -220,7 +231,17 @@ unsigned int pdelivery_hook_func(void *priv,
 	printk_ipaddress(iph->daddr);
 #endif
 	
-	payload = skb_mac_header(skb);
+	ret = pde_pkt_control(skb, &g_nlcfg);
+	if(ret == PDE_TO_ACCEPT)
+		return NF_ACCEPT;
+
+    if(!netlink_has_listeners(g_nlcfg.sk, PDNLGRP_ALLRAW))
+    {
+        goto out;
+    }
+
+    //printk("***************************************in_pde_dpi****************************\n");
+    payload = skb_mac_header(skb);
    payload_len = skb->len + skb->mac_len;/**/

 	
@ -253,8 +274,9 @@ unsigned int pdelivery_hook_func(void *priv,

 	ret = nf_nlmsg_multicast(&g_nlcfg, out_skb);
 	if(ret < 0)
-	{		
-		goto failure;
+	{	
+		g_nlcfg.dfs.send_fail_reason = ret;	
+		goto out;
 	}
 	
 	//printk(KERN_INFO "pdelivery_hook_func() end.\n");
@ -268,6 +290,7 @@ failure:
 	{
 		kfree_skb(out_skb);
 	}
+out:

    //printk(KERN_INFO " failed in pdelivery_hook_func!\n");
 	g_nlcfg.dfs.send_fail ++;
@ -319,6 +342,52 @@ int pdeliv_unicast(struct sk_buff *skb, u32 portid)
 	return(ret);
 }

+int pde_pkt_control(struct sk_buff *skb, struct netlinkk_cfg *g_nlcfg)
+{
+	u_int32_t action;
+	int ret=0;
+	enum ip_conntrack_info ctinfo = {0};
+	struct nf_conn *ct = NULL;
+	struct nf_conn_acct *acct = NULL;
+	long long  pd_num_original;
+	long long  pd_num_reply;
+	long long  num_max;
+	long long  total_pkt;
+
+	ret = cmhi_get_conntrack_u32(skb, &action, ACTION);
+	if(ret)
+	{
+	    printk("***********cmhi_get_conntrack_u32-error***************\n");
+	}
+    
+	if(action != CONNTRACK_PDE_DPI)
+	{
+    		return PDE_TO_ACCEPT;
+	}
+
+	if(g_nlcfg->pde_pkt_num == 0)
+    		num_max = 50;
+	else
+		num_max = g_nlcfg->pde_pkt_num;
+
+	ct = nf_ct_get(skb, &ctinfo);
+	acct = nf_conn_acct_find(ct);
+	if(acct)
+	{
+		struct nf_conn_counter *counter = acct->counter;
+    		pd_num_original = atomic64_read(&counter[IP_CT_DIR_ORIGINAL].packets);
+		pd_num_reply = atomic64_read(&counter[IP_CT_DIR_REPLY].packets);
+		total_pkt = pd_num_original + pd_num_reply;	
+    	}
+
+	if((action == CONNTRACK_PDE_DPI) && (total_pkt > num_max))
+	{
+		return PDE_TO_ACCEPT;
+	}
+
+	return PDE_TO_DPI;		
+}
+

 EXPORT_SYMBOL_GPL(pdeliv_msgtype_register);
 EXPORT_SYMBOL_GPL(pdeliv_msgtype_unregister);