From 2fc6a02858517cae745b3b78ac1100f562383500 Mon Sep 17 00:00:00 2001
From: gechangwei <gechangwei@cmhi.chinamobile.com>
Date: Wed, 18 Sep 2019 16:21:57 +0800
Subject: [PATCH] =?UTF-8?q?Add=20aaa-12=20=E6=B7=BB=E5=8A=A0=E5=88=86?=
 =?UTF-8?q?=E5=8F=91=E5=BC=95=E6=93=8E=E4=B8=8A=E9=80=81=E6=9D=A1=E4=BB=B6?=
 =?UTF-8?q?=20&&=20=E4=BF=AE=E6=94=B9=E4=BB=A3=E7=A0=81bug=20SOL=20?=
 =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=BA=BA=EF=BC=9Agechangwei=20=E6=A3=80?=
 =?UTF-8?q?=E8=A7=86=E4=BA=BA=EF=BC=9Agechangwei?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: gechangwei <gechangwei@cmhi.chinamobile.com>
---
 Common/commuapinl.h                           | 14 +++-
 Platform/modules/netlink_api/libnetlink_k.c   | 48 ++++++++++++
 Platform/modules/netlink_api/libnetlink_k.h   |  2 +
 .../modules/pdelivery/pdeliverynl_kinit.c     | 75 ++++++++++++++++++-
 4 files changed, 135 insertions(+), 4 deletions(-)

diff --git a/Common/commuapinl.h b/Common/commuapinl.h
index fa98a2fd9..ef7f510b5 100755
--- a/Common/commuapinl.h
+++ b/Common/commuapinl.h
@@ -51,6 +51,7 @@ enum pdelivmsgtype{
 	NLMSG_RECV_RAW_PKT = 0x12,/*上送DPI的报文消息*/
 	PDNLGRP_REQUEST,
 	NK_DEBUGFS_PRK_ONOFF = 0X16,/*DEBUGFS PRINTK ON 0R OFF: 1->ON; 0->OFF */
+	PKT_PDE_THR = 0X18, /* 分发引擎上送数据包阈值 */
 
 	/*for trace*/
 	TRACE_CFG_POLICY_REQ = 0x20,
@@ -88,7 +89,8 @@ enum commcfgmsgtype{
 	AGINGTIME_CFG = 0x14, /*用户态发送给内核态的用户老化时间消息 */
 	COMMNMSG_POLICYCONF,
 
-	NK_DEBUGFS_PRK_ONOFF_CFG = 0X16,/*keep the same with DEBUGFS PRINTK ON OR OFF */
+	NK_DEBUGFS_PRK_ONOFF_CFG = 0x16,/*keep the same with DEBUGFS PRINTK ON OR OFF */
+	PKT_PDE_THR_CFG = 0x18, /* 分发引擎上送数据包阈值 */
 	
 	/*add your msg type here:*/
 	
@@ -96,6 +98,16 @@ enum commcfgmsgtype{
 	COMMCFG_NLMSG_MAX_TYPE,
 };
 
+enum conntrack_action_type{
+	CONNTRACK_PDE_DPI = 0x03,
+};
+
+enum PDE_PKT_CONTROL{
+	PDE_TO_DPI,
+	PDE_TO_ACCEPT,
+	
+};
+
 
 struct netlink_debugfs {
 	unsigned int rev_total;
diff --git a/Platform/modules/netlink_api/libnetlink_k.c b/Platform/modules/netlink_api/libnetlink_k.c
index 051f35e50..8081f57e9 100755
--- a/Platform/modules/netlink_api/libnetlink_k.c
+++ b/Platform/modules/netlink_api/libnetlink_k.c
@@ -186,6 +186,53 @@ int debugfs_prk_onoff(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh,struct
 	return 0;
 }
 
+int set_pde_pkt_num(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh,struct netlink_ext_ack *extack)
+{
+	unsigned char * cookies = "set pkt_num succ";
+	//unsigned char * cookiess = "set pkt_num fail";
+	int err, len = 0;
+
+	char *pload;
+	struct nlattr *rta;
+	char *load;
+	unsigned long fk_type;
+	int ret = 0;
+
+	pload = nlmsg_data(nlh);
+	rta = (struct nlattr *)pload;
+	load = RTA_DATA(rta);
+	//ret = strict_strtoul(load, 10, &fk_type);
+	err=kstrtoul(load, 10, &fk_type);
+	if(err)
+		{
+		cookies = "set pkt_num fail";
+		NETLINK_DEBUG(g_nlcfg->debugfs_prk_enable,"*************************set_pde_pkt_num error******************\n");
+		}
+	
+	g_nlcfg->pde_pkt_num = fk_type;
+
+	NETLINK_DEBUG(g_nlcfg->pde_pkt_num, "***gift***%s", __func__);
+	
+	len = strlen(cookies);	
+	
+	if(len > sizeof(extack->cookie) )/*check len*/
+	{
+		NETLINK_DEBUG(g_nlcfg->debugfs_prk_enable, "set_pde_pkt_num:cookies oversize the netlinkt cookies.\r\n");
+		extack->cookie_len = sizeof(extack->cookie);		
+	}
+	else
+	{
+		extack->cookie_len = len;
+	}
+	
+	memcpy(extack->cookie, cookies, extack->cookie_len);/*becare:size must small than 20 u8!!!!!!!!!!*/
+	
+	NETLINK_DEBUG(g_nlcfg->debugfs_prk_enable, "set_pde_pkt_num ack type=%d,seq=%d,extack->cookie_len=%d.\n",
+		nlh->nlmsg_type,nlh->nlmsg_seq,extack->cookie_len);
+	
+	return 0;
+}
+
 
 int debugfs_pkt_num_stati(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh,struct netlink_ext_ack *extack)
 {
@@ -323,6 +370,7 @@ EXPORT_SYMBOL_GPL(debugfs_pkt_num_stati);
 EXPORT_SYMBOL_GPL(debugfs_pkt_num_stati_witisend);
 EXPORT_SYMBOL_GPL(nf_nlmsg_multicast);
 EXPORT_SYMBOL_GPL(debugfs_prk_onoff);
+EXPORT_SYMBOL_GPL(set_pde_pkt_num);
 
 
 
diff --git a/Platform/modules/netlink_api/libnetlink_k.h b/Platform/modules/netlink_api/libnetlink_k.h
index 239054e17..c5a7f9480 100755
--- a/Platform/modules/netlink_api/libnetlink_k.h
+++ b/Platform/modules/netlink_api/libnetlink_k.h
@@ -27,6 +27,7 @@ struct netlinkk_cfg
 	struct commnl_msgtype_process* msg_processer;
 	int msg_processer_num;
 	unsigned long debugfs_prk_enable;
+	long pde_pkt_num;
 };
 
 typedef int (*commnl_doit_func)(struct sk_buff *, struct nlmsghdr *,struct netlink_ext_ack *);
@@ -84,6 +85,7 @@ extern int debugfs_pkt_num_stati(struct netlinkk_cfg *g_nlcfg,
 extern int debugfs_pkt_num_stati_witisend(struct netlinkk_cfg *g_nlcfg, 
 	struct nlmsghdr *nlh,struct commnl_msgtype_process* msg_process);
 
+extern int set_pde_pkt_num(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh,struct netlink_ext_ack *extack);
 
 extern int nf_nlmsg_multicast(struct netlinkk_cfg *g_nlcfg, struct sk_buff *skb);
 
diff --git a/Platform/modules/pdelivery/pdeliverynl_kinit.c b/Platform/modules/pdelivery/pdeliverynl_kinit.c
index 65a244474..88fa86f61 100644
--- a/Platform/modules/pdelivery/pdeliverynl_kinit.c
+++ b/Platform/modules/pdelivery/pdeliverynl_kinit.c
@@ -6,10 +6,13 @@
 #include <uapi/linux/ip.h>
 #include <net/netlink.h>
 #include <net/net_namespace.h>
+#include <net/netfilter/nf_conntrack_acct.h>
+#include <linux/inet.h>
 
 #include "../netlink_api/libnetlink_k.h"
 #include "../../../Common/commuapinl.h"
 //#include "pdeliverynl_kinit.h"
+#include "../conntrack_api/api/conntrack_api.h"
 
 //int nf_nlmsg_multicast(struct netlinkk_cfg *g_nlcfg, struct sk_buff *skb);
 unsigned int pdelivery_hook_func(void *priv,
@@ -18,6 +21,7 @@ unsigned int pdelivery_hook_func(void *priv,
 //int debugfs_pkt_num_stati(struct netlinkk_cfg *g_nlcfg, struct nlmsghdr *nlh);
 
 int pdeliv_unicast(struct sk_buff *skb, u32 portid);
+int pde_pkt_control(struct sk_buff *skb, struct netlinkk_cfg *g_nlcfg);
 
 
 struct netlinkk_cfg g_nlcfg = {0};
@@ -57,6 +61,12 @@ int pdeliv_rcv_stat(struct sk_buff *skb, struct nlmsghdr *nlh,struct netlink_ext
 			return ret;
 				break;
 
+		case PKT_PDE_THR:
+			ret = set_pde_pkt_num(&g_nlcfg, nlh, ext_ack);
+			return ret;
+				break;
+
+
         	default:
 			NETLINK_DEBUG(g_nlcfg.debugfs_prk_enable, "libnetlink Unknow msgtype recieved!\n");
 			return 0;
@@ -174,6 +184,7 @@ int __init pdelivery_init(void)
 	pdeliv_msgtype_register(PDNLGRP_REQUEST,pdeliv_rcv_stat,NULL,NULL);
 	pdeliv_msgtype_register(NLMSG_PDELIV_DEBUGFS,pdeliv_rcv_stat,NULL,NULL);
 	pdeliv_msgtype_register(NK_DEBUGFS_PRK_ONOFF,pdeliv_rcv_stat,NULL,NULL);
+	pdeliv_msgtype_register(PKT_PDE_THR,pdeliv_rcv_stat,NULL,NULL);
 	
 
 	return 0;
@@ -220,7 +231,17 @@ unsigned int pdelivery_hook_func(void *priv,
 	printk_ipaddress(iph->daddr);
 #endif
 	
-	payload = skb_mac_header(skb);
+	ret = pde_pkt_control(skb, &g_nlcfg);
+	if(ret == PDE_TO_ACCEPT)
+		return NF_ACCEPT;
+
+    if(!netlink_has_listeners(g_nlcfg.sk, PDNLGRP_ALLRAW))
+    {
+        goto out;
+    }
+
+    //printk("***************************************in_pde_dpi****************************\n");
+    payload = skb_mac_header(skb);
     payload_len = skb->len + skb->mac_len;/**/
 
 	
@@ -253,8 +274,9 @@ unsigned int pdelivery_hook_func(void *priv,
 
 	ret = nf_nlmsg_multicast(&g_nlcfg, out_skb);
 	if(ret < 0)
-	{		
-		goto failure;
+	{	
+		g_nlcfg.dfs.send_fail_reason = ret;	
+		goto out;
 	}
 	
 	//printk(KERN_INFO "pdelivery_hook_func() end.\n");
@@ -268,6 +290,7 @@ failure:
 	{
 		kfree_skb(out_skb);
 	}
+out:
 
     //printk(KERN_INFO " failed in pdelivery_hook_func!\n");
 	g_nlcfg.dfs.send_fail ++;
@@ -319,6 +342,52 @@ int pdeliv_unicast(struct sk_buff *skb, u32 portid)
 	return(ret);
 }
 
+int pde_pkt_control(struct sk_buff *skb, struct netlinkk_cfg *g_nlcfg)
+{
+	u_int32_t action;
+	int ret=0;
+	enum ip_conntrack_info ctinfo = {0};
+	struct nf_conn *ct = NULL;
+	struct nf_conn_acct *acct = NULL;
+	long long  pd_num_original;
+	long long  pd_num_reply;
+	long long  num_max;
+	long long  total_pkt;
+
+	ret = cmhi_get_conntrack_u32(skb, &action, ACTION);
+	if(ret)
+	{
+	    printk("***********cmhi_get_conntrack_u32-error***************\n");
+	}
+    
+	if(action != CONNTRACK_PDE_DPI)
+	{
+    		return PDE_TO_ACCEPT;
+	}
+
+	if(g_nlcfg->pde_pkt_num == 0)
+    		num_max = 50;
+	else
+		num_max = g_nlcfg->pde_pkt_num;
+
+	ct = nf_ct_get(skb, &ctinfo);
+	acct = nf_conn_acct_find(ct);
+	if(acct)
+	{
+		struct nf_conn_counter *counter = acct->counter;
+    		pd_num_original = atomic64_read(&counter[IP_CT_DIR_ORIGINAL].packets);
+		pd_num_reply = atomic64_read(&counter[IP_CT_DIR_REPLY].packets);
+		total_pkt = pd_num_original + pd_num_reply;	
+    	}
+
+	if((action == CONNTRACK_PDE_DPI) && (total_pkt > num_max))
+	{
+		return PDE_TO_ACCEPT;
+	}
+
+	return PDE_TO_DPI;		
+}
+
 
 EXPORT_SYMBOL_GPL(pdeliv_msgtype_register);
 EXPORT_SYMBOL_GPL(pdeliv_msgtype_unregister);