mirror of
https://github.com/tnodir/fort
synced 2024-11-15 07:25:18 +00:00
Driver: Refactor stat traf.
This commit is contained in:
Nodir Temirkhodjaev
parent
2549edac78
commit
ce020c3760
@ -6,8 +6,7 @@
|
||||
|
||||
#define FORT_LOG_FLAG_BLOCKED 0x01000000
|
||||
#define FORT_LOG_FLAG_PROC_NEW 0x02000000
|
||||
#define FORT_LOG_FLAG_PROC_DEL 0x04000000
|
||||
#define FORT_LOG_FLAG_STAT_TRAF 0x08000000
|
||||
#define FORT_LOG_FLAG_STAT_TRAF 0x04000000
|
||||
#define FORT_LOG_FLAG_TYPE_MASK 0xFF000000
|
||||
|
||||
#define FORT_LOG_BLOCKED_HEADER_SIZE (3 * sizeof(UINT32))
|
||||
@ -24,12 +23,18 @@
|
||||
((FORT_LOG_PROC_NEW_HEADER_SIZE + (path_len) \
|
||||
+ (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
|
||||
|
||||
#define FORT_LOG_PROC_DEL_SIZE (2 * sizeof(UINT32))
|
||||
#define FORT_LOG_STAT_HEADER_SIZE sizeof(UINT32)
|
||||
|
||||
#define FORT_LOG_STAT_TRAF_HEADER_SIZE (sizeof(UINT32))
|
||||
#define FORT_LOG_STAT_PROC_SIZE(proc_count) \
|
||||
(((proc_count - 1) / 8 + 1 + (FORT_LOG_ALIGN - 1)) \
|
||||
& ~(FORT_LOG_ALIGN - 1))
|
||||
|
||||
#define FORT_LOG_STAT_TRAF_SIZE(proc_count) \
|
||||
(FORT_LOG_STAT_TRAF_HEADER_SIZE + proc_count * 2 * sizeof(UINT32))
|
||||
(proc_count * 2 * sizeof(UINT32))
|
||||
|
||||
#define FORT_LOG_STAT_SIZE(proc_count) \
|
||||
(FORT_LOG_STAT_HEADER_SIZE + FORT_LOG_STAT_PROC_SIZE(proc_count) \
|
||||
+ FORT_LOG_STAT_TRAF_SIZE(proc_count))
|
||||
|
||||
#define FORT_LOG_SIZE_MAX FORT_LOG_BLOCKED_SIZE_MAX
|
||||
|
||||
@ -100,24 +105,6 @@ fort_log_proc_new_header_read (const char *p, UINT32 *pid,
|
||||
*pid = *up;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_proc_del_write (char *p, UINT32 pid)
|
||||
{
|
||||
UINT32 *up = (UINT32 *) p;
|
||||
|
||||
*up++ = FORT_LOG_FLAG_PROC_DEL;
|
||||
*up = pid;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_proc_del_read (const char *p, UINT32 *pid)
|
||||
{
|
||||
const UINT32 *up = (const UINT32 *) p;
|
||||
|
||||
up++;
|
||||
*pid = *up;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_stat_traf_header_write (char *p, UINT16 proc_count)
|
||||
{
|
||||
|
||||
@ -205,27 +205,6 @@ fort_buffer_proc_new_write (PFORT_BUFFER buf, UINT32 pid,
|
||||
return status;
|
||||
}
|
||||
|
||||
static NTSTATUS
|
||||
fort_buffer_proc_del_write (PFORT_BUFFER buf, UINT32 pid)
|
||||
{
|
||||
PCHAR out;
|
||||
const UINT32 len = FORT_LOG_PROC_DEL_SIZE;
|
||||
KLOCK_QUEUE_HANDLE lock_queue;
|
||||
NTSTATUS status;
|
||||
|
||||
KeAcquireInStackQueuedSpinLock(&buf->lock, &lock_queue);
|
||||
|
||||
status = fort_buffer_prepare(buf, len, &out, NULL, NULL);
|
||||
|
||||
if (NT_SUCCESS(status)) {
|
||||
fort_log_proc_del_write(out, pid);
|
||||
}
|
||||
|
||||
KeReleaseInStackQueuedSpinLock(&lock_queue);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
static NTSTATUS
|
||||
fort_buffer_xmove (PFORT_BUFFER buf, PIRP irp, PVOID out, ULONG out_len,
|
||||
ULONG_PTR *info)
|
||||
@ -242,7 +221,7 @@ fort_buffer_xmove (PFORT_BUFFER buf, PIRP irp, PVOID out, ULONG out_len,
|
||||
|
||||
if (!buf_top) {
|
||||
if (buf->out_len) {
|
||||
status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
status = STATUS_UNSUCCESSFUL;
|
||||
} else if (out_len < FORT_LOG_SIZE_MAX) {
|
||||
status = STATUS_BUFFER_TOO_SMALL;
|
||||
} else {
|
||||
|
||||
@ -225,7 +225,7 @@ fort_callout_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
if (NT_SUCCESS(status)) {
|
||||
fort_buffer_proc_new_write(&g_device->buffer,
|
||||
process_id, path_len, path, &irp, &info);
|
||||
} else if (status != STATUS_OBJECT_NAME_EXISTS) {
|
||||
} else {
|
||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||
"FORT: Classify v4: Flow assoc. error: %d\n", status);
|
||||
}
|
||||
@ -304,11 +304,7 @@ fort_callout_flow_delete_v4 (UINT16 layerId,
|
||||
UNUSED(layerId);
|
||||
UNUSED(calloutId);
|
||||
|
||||
if (NT_SUCCESS(fort_stat_flow_delete(&g_device->stat, flowContext))) {
|
||||
const UINT32 process_id = (UINT32) flowContext;
|
||||
|
||||
fort_buffer_proc_del_write(&g_device->buffer, process_id);
|
||||
}
|
||||
fort_stat_flow_delete(&g_device->stat, flowContext);
|
||||
}
|
||||
|
||||
static void
|
||||
@ -321,8 +317,8 @@ fort_callout_flow_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
{
|
||||
FWPS_STREAM_DATA0 *streamData = packet->streamData;
|
||||
|
||||
fort_stat_flow_classify(&g_device->stat, flowContext,
|
||||
(UINT32) streamData->dataLength,
|
||||
fort_stat_flow_classify(&g_device->stat, inMetaValues->flowHandle,
|
||||
g_device->flow4_id, flowContext, (UINT32) streamData->dataLength,
|
||||
(streamData->flags & FWPS_STREAM_FLAG_RECEIVE) != 0);
|
||||
|
||||
classifyOut->actionType = FWP_ACTION_CONTINUE;
|
||||
@ -424,6 +420,7 @@ fort_callout_force_reauth (PDEVICE_OBJECT device,
|
||||
|
||||
if (conf_flags.log_stat) {
|
||||
status = fort_prov_flow_register();
|
||||
|
||||
if (!NT_SUCCESS(status)) {
|
||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||
"FORT: Prov. Flow Register: Error: %d\n", status);
|
||||
@ -442,6 +439,7 @@ fort_callout_force_reauth (PDEVICE_OBJECT device,
|
||||
|
||||
end:
|
||||
fort_timer_update(&g_device->timer, conf_flags);
|
||||
fort_stat_update(&g_device->stat, conf_flags);
|
||||
|
||||
return status;
|
||||
}
|
||||
@ -451,6 +449,7 @@ fort_callout_timer (void)
|
||||
{
|
||||
PFORT_BUFFER buf = &g_device->buffer;
|
||||
PFORT_STAT stat = &g_device->stat;
|
||||
UINT16 proc_count;
|
||||
|
||||
KLOCK_QUEUE_HANDLE stat_lock_queue;
|
||||
KLOCK_QUEUE_HANDLE buf_lock_queue;
|
||||
@ -458,17 +457,17 @@ fort_callout_timer (void)
|
||||
PIRP irp = NULL;
|
||||
ULONG_PTR info;
|
||||
|
||||
/* Lock stat */
|
||||
fort_stat_dpc_begin(stat, &stat_lock_queue);
|
||||
|
||||
/* Lock buffer */
|
||||
fort_buffer_dpc_begin(buf, &buf_lock_queue);
|
||||
|
||||
/* Lock stat */
|
||||
fort_stat_dpc_begin(stat, &stat_lock_queue);
|
||||
|
||||
/* Flush traffic statistics */
|
||||
{
|
||||
proc_count = stat->proc_count;
|
||||
if (proc_count) {
|
||||
PCHAR out;
|
||||
const UINT16 proc_count = stat->proc_count;
|
||||
const UINT32 len = FORT_LOG_STAT_TRAF_SIZE(proc_count);
|
||||
const UINT32 len = FORT_LOG_STAT_SIZE(proc_count);
|
||||
|
||||
/* TODO: Write by chunks */
|
||||
if (len < FORT_BUFFER_SIZE
|
||||
@ -649,15 +648,15 @@ fort_driver_unload (PDRIVER_OBJECT driver)
|
||||
UNICODE_STRING device_link;
|
||||
|
||||
if (g_device != NULL) {
|
||||
fort_timer_close(&g_device->timer);
|
||||
fort_stat_close(&g_device->stat);
|
||||
fort_buffer_close(&g_device->buffer);
|
||||
|
||||
if (!g_device->prov_boot) {
|
||||
fort_prov_unregister();
|
||||
}
|
||||
|
||||
fort_callout_remove();
|
||||
|
||||
fort_timer_close(&g_device->timer);
|
||||
fort_stat_close(&g_device->stat);
|
||||
fort_buffer_close(&g_device->buffer);
|
||||
}
|
||||
|
||||
RtlInitUnicodeString(&device_link, DOS_DEVICE_NAME);
|
||||
|
||||
@ -2,28 +2,31 @@
|
||||
|
||||
#define FORT_STAT_POOL_TAG 'SwfF'
|
||||
|
||||
#define FORT_PROC_BAD_INDEX ((UINT16) -1)
|
||||
|
||||
typedef struct fort_stat_traf {
|
||||
UINT32 volatile in_bytes;
|
||||
UINT32 volatile out_bytes;
|
||||
} FORT_STAT_TRAF, *PFORT_STAT_TRAF;
|
||||
|
||||
typedef struct fort_stat_proc {
|
||||
UINT16 refcount;
|
||||
|
||||
UINT32 process_id;
|
||||
|
||||
union {
|
||||
LARGE_INTEGER volatile traf_all;
|
||||
FORT_STAT_TRAF traf;
|
||||
};
|
||||
|
||||
int refcount;
|
||||
} FORT_STAT_PROC, *PFORT_STAT_PROC;
|
||||
|
||||
typedef struct fort_stat {
|
||||
UINT16 id;
|
||||
|
||||
UINT16 proc_count;
|
||||
UINT16 proc_top;
|
||||
UINT16 proc_end;
|
||||
UINT16 proc_count;
|
||||
|
||||
int proc_free_index;
|
||||
UINT16 proc_free_index;
|
||||
|
||||
PFORT_STAT_PROC procs;
|
||||
|
||||
@ -31,37 +34,24 @@ typedef struct fort_stat {
|
||||
} FORT_STAT, *PFORT_STAT;
|
||||
|
||||
|
||||
static int
|
||||
static UINT16
|
||||
fort_stat_proc_index (PFORT_STAT stat, UINT32 process_id)
|
||||
{
|
||||
PFORT_STAT_PROC proc = stat->procs;
|
||||
const int n = stat->proc_top;
|
||||
int i;
|
||||
const UINT16 proc_top = stat->proc_top;
|
||||
UINT16 i;
|
||||
|
||||
for (i = 0; i < n; ++i, ++proc) {
|
||||
for (i = 0; i < proc_top; ++i, ++proc) {
|
||||
if (process_id == proc->process_id)
|
||||
return i;
|
||||
}
|
||||
|
||||
return -1;
|
||||
return FORT_PROC_BAD_INDEX;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_stat_proc_inc (PFORT_STAT stat, int proc_index)
|
||||
fort_stat_proc_free (PFORT_STAT stat, PFORT_STAT_PROC proc, UINT16 proc_index)
|
||||
{
|
||||
PFORT_STAT_PROC proc = &stat->procs[proc_index];
|
||||
|
||||
proc->refcount++;
|
||||
}
|
||||
|
||||
static NTSTATUS
|
||||
fort_stat_proc_dec (PFORT_STAT stat, int proc_index)
|
||||
{
|
||||
PFORT_STAT_PROC proc = &stat->procs[proc_index];
|
||||
|
||||
if (--proc->refcount > 0)
|
||||
return STATUS_OBJECT_NAME_EXISTS;
|
||||
|
||||
if (proc_index == stat->proc_top - 1) {
|
||||
/* Chop from buffer */
|
||||
stat->proc_top--;
|
||||
@ -71,11 +61,28 @@ fort_stat_proc_dec (PFORT_STAT stat, int proc_index)
|
||||
|
||||
proc->refcount = stat->proc_free_index;
|
||||
stat->proc_free_index = proc_index;
|
||||
|
||||
stat->proc_count--;
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
stat->proc_count--;
|
||||
|
||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||
"FORT: proc -: %d %d\n", proc->process_id, stat->proc_count);
|
||||
}
|
||||
|
||||
static void
|
||||
fort_stat_proc_inc (PFORT_STAT stat, UINT16 proc_index)
|
||||
{
|
||||
PFORT_STAT_PROC proc = &stat->procs[proc_index];
|
||||
|
||||
proc->refcount++;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_stat_proc_dec (PFORT_STAT stat, UINT16 proc_index)
|
||||
{
|
||||
PFORT_STAT_PROC proc = &stat->procs[proc_index];
|
||||
|
||||
proc->refcount--;
|
||||
}
|
||||
|
||||
static void
|
||||
@ -88,7 +95,7 @@ static BOOL
|
||||
fort_stat_proc_realloc (PFORT_STAT stat)
|
||||
{
|
||||
const UINT16 proc_end = stat->proc_end;
|
||||
const UINT16 new_end = (proc_end ? proc_end : 16) * 3 / 2;
|
||||
const UINT16 new_end = (proc_end ? proc_end : 8) * 3 / 2;
|
||||
PFORT_STAT_PROC new_procs = ExAllocatePoolWithTag(NonPagedPool,
|
||||
new_end * sizeof(FORT_STAT_PROC), FORT_STAT_POOL_TAG);
|
||||
|
||||
@ -108,39 +115,42 @@ fort_stat_proc_realloc (PFORT_STAT stat)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static int
|
||||
static UINT16
|
||||
fort_stat_proc_add (PFORT_STAT stat, UINT32 process_id)
|
||||
{
|
||||
PFORT_STAT_PROC proc;
|
||||
int proc_index = stat->proc_free_index;
|
||||
UINT16 proc_index = stat->proc_free_index;
|
||||
|
||||
if (proc_index != -1) {
|
||||
if (proc_index != FORT_PROC_BAD_INDEX) {
|
||||
proc = &stat->procs[proc_index];
|
||||
|
||||
stat->proc_free_index = proc->refcount;
|
||||
} else {
|
||||
if (stat->proc_top >= stat->proc_end
|
||||
&& !fort_stat_proc_realloc(stat)) {
|
||||
return -1;
|
||||
return FORT_PROC_BAD_INDEX;
|
||||
}
|
||||
|
||||
proc_index = stat->proc_top++;
|
||||
proc = &stat->procs[proc_index];
|
||||
}
|
||||
|
||||
proc->refcount = 0;
|
||||
proc->process_id = process_id;
|
||||
proc->traf_all.QuadPart = 0;
|
||||
proc->refcount = 1;
|
||||
|
||||
stat->proc_count++;
|
||||
|
||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||
"FORT: proc +: %d %d\n", proc->process_id, stat->proc_count);
|
||||
|
||||
return proc_index;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_stat_init (PFORT_STAT stat)
|
||||
{
|
||||
stat->proc_free_index = -1;
|
||||
stat->proc_free_index = FORT_PROC_BAD_INDEX;
|
||||
|
||||
KeInitializeSpinLock(&stat->lock);
|
||||
}
|
||||
@ -148,9 +158,23 @@ fort_stat_init (PFORT_STAT stat)
|
||||
static void
|
||||
fort_stat_close (PFORT_STAT stat)
|
||||
{
|
||||
KLOCK_QUEUE_HANDLE lock_queue;
|
||||
|
||||
KeAcquireInStackQueuedSpinLock(&stat->lock, &lock_queue);
|
||||
if (stat->procs != NULL) {
|
||||
fort_stat_proc_del(stat->procs);
|
||||
|
||||
stat->procs = NULL;
|
||||
|
||||
stat->proc_count = 0;
|
||||
stat->proc_top = 0;
|
||||
stat->proc_end = 0;
|
||||
|
||||
stat->proc_free_index = FORT_PROC_BAD_INDEX;
|
||||
|
||||
stat->id++;
|
||||
}
|
||||
KeReleaseInStackQueuedSpinLock(&lock_queue);
|
||||
}
|
||||
|
||||
static NTSTATUS
|
||||
@ -159,82 +183,100 @@ fort_stat_flow_associate (PFORT_STAT stat, UINT64 flow_id,
|
||||
{
|
||||
KLOCK_QUEUE_HANDLE lock_queue;
|
||||
UINT64 flow_context;
|
||||
int proc_index;
|
||||
UINT16 proc_index;
|
||||
BOOL is_new = FALSE;
|
||||
NTSTATUS status;
|
||||
|
||||
FwpsFlowRemoveContext0(flow_id, FWPS_LAYER_STREAM_V4, callout_id);
|
||||
|
||||
KeAcquireInStackQueuedSpinLock(&stat->lock, &lock_queue);
|
||||
|
||||
proc_index = fort_stat_proc_index(stat, process_id);
|
||||
if (proc_index == -1) {
|
||||
|
||||
if (proc_index == FORT_PROC_BAD_INDEX) {
|
||||
proc_index = fort_stat_proc_add(stat, process_id);
|
||||
if (proc_index == -1) {
|
||||
|
||||
if (proc_index == FORT_PROC_BAD_INDEX) {
|
||||
status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
goto end;
|
||||
}
|
||||
|
||||
is_new = TRUE;
|
||||
}
|
||||
|
||||
flow_context = (UINT64) process_id | ((UINT64) proc_index << 32);
|
||||
|
||||
fort_stat_proc_inc(stat, proc_index);
|
||||
flow_context = (UINT64) process_id
|
||||
| ((UINT64) proc_index << 32)
|
||||
| ((UINT64) stat->id << 48);
|
||||
|
||||
status = FwpsFlowAssociateContext0(flow_id,
|
||||
FWPS_LAYER_STREAM_V4, callout_id, flow_context);
|
||||
|
||||
if (!NT_SUCCESS(status)) {
|
||||
fort_stat_proc_dec(stat, proc_index);
|
||||
if (NT_SUCCESS(status)) {
|
||||
fort_stat_proc_inc(stat, proc_index);
|
||||
}
|
||||
else if (is_new) {
|
||||
PFORT_STAT_PROC proc = &stat->procs[proc_index];
|
||||
|
||||
fort_stat_proc_free(stat, proc, proc_index);
|
||||
}
|
||||
|
||||
end:
|
||||
KeReleaseInStackQueuedSpinLock(&lock_queue);
|
||||
|
||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||
"FORT: flow +: %d\n", process_id);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
static NTSTATUS
|
||||
fort_stat_flow_delete (PFORT_STAT stat, UINT64 flow_context)
|
||||
{
|
||||
KLOCK_QUEUE_HANDLE lock_queue;
|
||||
NTSTATUS status;
|
||||
const int proc_index = (int) (flow_context >> 32);
|
||||
|
||||
KeAcquireInStackQueuedSpinLock(&stat->lock, &lock_queue);
|
||||
|
||||
status = fort_stat_proc_dec(stat, proc_index);
|
||||
|
||||
KeReleaseInStackQueuedSpinLock(&lock_queue);
|
||||
|
||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||
"FORT: flow -: %d\n", (UINT32) flow_context);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_stat_flow_classify (PFORT_STAT stat, UINT64 flow_context,
|
||||
fort_stat_flow_delete (PFORT_STAT stat, UINT64 flow_context)
|
||||
{
|
||||
KLOCK_QUEUE_HANDLE lock_queue;
|
||||
const UINT16 proc_index = (UINT16) (flow_context >> 32);
|
||||
const UINT16 stat_id = (UINT16) (flow_context >> 48);
|
||||
|
||||
KeAcquireInStackQueuedSpinLock(&stat->lock, &lock_queue);
|
||||
if (stat_id == stat->id) {
|
||||
fort_stat_proc_dec(stat, proc_index);
|
||||
}
|
||||
KeReleaseInStackQueuedSpinLock(&lock_queue);
|
||||
}
|
||||
|
||||
static void
|
||||
fort_stat_flow_classify (PFORT_STAT stat, UINT64 flow_id,
|
||||
UINT32 callout_id, UINT64 flow_context,
|
||||
UINT32 data_len, BOOL inbound)
|
||||
{
|
||||
PFORT_STAT_PROC proc;
|
||||
KLOCK_QUEUE_HANDLE lock_queue;
|
||||
const UINT32 process_id = (UINT32) flow_context;
|
||||
const int proc_index = (int) (flow_context >> 32);
|
||||
const UINT16 proc_index = (UINT16) (flow_context >> 32);
|
||||
const UINT16 stat_id = (UINT16) (flow_context >> 48);
|
||||
BOOL is_old_flow = FALSE;
|
||||
|
||||
KeAcquireInStackQueuedSpinLock(&stat->lock, &lock_queue);
|
||||
if (stat_id == stat->id) {
|
||||
proc = &stat->procs[proc_index];
|
||||
|
||||
proc = &stat->procs[proc_index];
|
||||
|
||||
if (inbound) {
|
||||
proc->traf.in_bytes += data_len;
|
||||
if (inbound) {
|
||||
proc->traf.in_bytes += data_len;
|
||||
} else {
|
||||
proc->traf.out_bytes += data_len;
|
||||
}
|
||||
} else {
|
||||
proc->traf.out_bytes += data_len;
|
||||
is_old_flow = TRUE;
|
||||
}
|
||||
|
||||
KeReleaseInStackQueuedSpinLock(&lock_queue);
|
||||
|
||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||
"FORT: flow >: %d %d %d\n", (UINT32) flow_context, data_len, inbound);
|
||||
if (is_old_flow) {
|
||||
FwpsFlowRemoveContext0(flow_id, FWPS_LAYER_STREAM_V4, callout_id);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
fort_stat_update (PFORT_STAT stat, const FORT_CONF_FLAGS conf_flags)
|
||||
{
|
||||
if (!conf_flags.log_stat) {
|
||||
fort_stat_close(stat);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
@ -250,19 +292,32 @@ fort_stat_dpc_end (PKLOCK_QUEUE_HANDLE lock_queue)
|
||||
}
|
||||
|
||||
static void
|
||||
fort_stat_dpc_traf_flush (PFORT_STAT stat, UINT32 index, UINT32 count,
|
||||
fort_stat_dpc_traf_flush (PFORT_STAT stat, UINT16 proc_index, UINT16 count,
|
||||
PCHAR out)
|
||||
{
|
||||
PFORT_STAT_PROC proc = &stat->procs[index];
|
||||
PFORT_STAT_TRAF out_traf = (PFORT_STAT_TRAF) out;
|
||||
const UINT32 proc_bits_len = FORT_LOG_STAT_PROC_SIZE(count);
|
||||
PFORT_STAT_PROC proc = &stat->procs[proc_index];
|
||||
PFORT_STAT_TRAF out_traf = (PFORT_STAT_TRAF) (out + proc_bits_len);
|
||||
PUCHAR out_proc_bits = (PUCHAR) out;
|
||||
|
||||
for (; index < count; ++proc) {
|
||||
/* All processes are active */
|
||||
memset(out_proc_bits, 0xFF, proc_bits_len);
|
||||
|
||||
for (; count != 0; ++proc_index, ++proc) {
|
||||
if (!proc->process_id)
|
||||
continue;
|
||||
|
||||
*out_traf = proc->traf;
|
||||
proc->traf_all.QuadPart = 0;
|
||||
|
||||
++index;
|
||||
if (!proc->refcount) {
|
||||
/* The process is inactive */
|
||||
out_proc_bits[proc_index / 8] ^= (1 << (proc_index & 7));
|
||||
|
||||
fort_stat_proc_free(stat, proc, proc_index);
|
||||
} else {
|
||||
proc->traf_all.QuadPart = 0;
|
||||
}
|
||||
|
||||
--count;
|
||||
}
|
||||
}
|
||||
|
||||
@ -18,7 +18,6 @@ SOURCES += \
|
||||
log/logbuffer.cpp \
|
||||
log/logentry.cpp \
|
||||
log/logentryblocked.cpp \
|
||||
log/logentryprocdel.cpp \
|
||||
log/logentryprocnew.cpp \
|
||||
log/logentrystattraf.cpp \
|
||||
log/logmanager.cpp \
|
||||
@ -58,7 +57,6 @@ HEADERS += \
|
||||
log/logbuffer.h \
|
||||
log/logentry.h \
|
||||
log/logentryblocked.h \
|
||||
log/logentryprocdel.h \
|
||||
log/logentryprocnew.h \
|
||||
log/logentrystattraf.h \
|
||||
log/logmanager.h \
|
||||
|
||||
@ -63,14 +63,14 @@ quint32 FortCommon::logProcNewSize(quint32 pathLen)
|
||||
return FORT_LOG_PROC_NEW_SIZE(pathLen);
|
||||
}
|
||||
|
||||
quint32 FortCommon::logProcDelSize()
|
||||
quint32 FortCommon::logStatHeaderSize()
|
||||
{
|
||||
return FORT_LOG_PROC_DEL_SIZE;
|
||||
return FORT_LOG_STAT_HEADER_SIZE;
|
||||
}
|
||||
|
||||
quint32 FortCommon::logStatTrafHeaderSize()
|
||||
quint32 FortCommon::logStatProcSize(quint16 procCount)
|
||||
{
|
||||
return FORT_LOG_STAT_TRAF_HEADER_SIZE;
|
||||
return FORT_LOG_STAT_PROC_SIZE(procCount);
|
||||
}
|
||||
|
||||
quint32 FortCommon::logStatTrafSize(quint16 procCount)
|
||||
@ -78,6 +78,11 @@ quint32 FortCommon::logStatTrafSize(quint16 procCount)
|
||||
return FORT_LOG_STAT_TRAF_SIZE(procCount);
|
||||
}
|
||||
|
||||
quint32 FortCommon::logStatSize(quint16 procCount)
|
||||
{
|
||||
return FORT_LOG_STAT_SIZE(procCount);
|
||||
}
|
||||
|
||||
quint32 FortCommon::logType(const char *input)
|
||||
{
|
||||
return fort_log_type(input);
|
||||
@ -109,16 +114,6 @@ void FortCommon::logProcNewHeaderRead(const char *input,
|
||||
fort_log_proc_new_header_read(input, pid, pathLen);
|
||||
}
|
||||
|
||||
void FortCommon::logProcDelWrite(char *output, quint32 pid)
|
||||
{
|
||||
fort_log_proc_del_write(output, pid);
|
||||
}
|
||||
|
||||
void FortCommon::logProcDelRead(const char *input, quint32 *pid)
|
||||
{
|
||||
fort_log_proc_del_read(input, pid);
|
||||
}
|
||||
|
||||
void FortCommon::logStatTrafHeaderRead(const char *input,
|
||||
quint16 *procCount)
|
||||
{
|
||||
|
||||
@ -25,10 +25,10 @@ public:
|
||||
static quint32 logProcNewHeaderSize();
|
||||
static quint32 logProcNewSize(quint32 pathLen);
|
||||
|
||||
static quint32 logProcDelSize();
|
||||
|
||||
static quint32 logStatTrafHeaderSize();
|
||||
static quint32 logStatHeaderSize();
|
||||
static quint32 logStatProcSize(quint16 procCount);
|
||||
static quint32 logStatTrafSize(quint16 procCount);
|
||||
static quint32 logStatSize(quint16 procCount);
|
||||
|
||||
static quint32 logType(const char *input);
|
||||
|
||||
@ -44,9 +44,6 @@ public:
|
||||
static void logProcNewHeaderRead(const char *input,
|
||||
quint32 *pid, quint32 *pathLen);
|
||||
|
||||
static void logProcDelWrite(char *output, quint32 pid);
|
||||
static void logProcDelRead(const char *input, quint32 *pid);
|
||||
|
||||
static void logStatTrafHeaderRead(const char *input,
|
||||
quint16 *procCount);
|
||||
|
||||
|
||||
@ -2,7 +2,6 @@
|
||||
|
||||
#include "fortcommon.h"
|
||||
#include "logentryblocked.h"
|
||||
#include "logentryprocdel.h"
|
||||
#include "logentryprocnew.h"
|
||||
#include "logentrystattraf.h"
|
||||
|
||||
@ -134,33 +133,6 @@ void LogBuffer::readEntryProcNew(LogEntryProcNew *logEntry)
|
||||
m_offset += entrySize;
|
||||
}
|
||||
|
||||
void LogBuffer::writeEntryProcDel(const LogEntryProcDel *logEntry)
|
||||
{
|
||||
const int entrySize = FortCommon::logProcDelSize();
|
||||
prepareFor(entrySize);
|
||||
|
||||
char *output = this->output();
|
||||
|
||||
FortCommon::logProcDelWrite(output, logEntry->pid());
|
||||
|
||||
m_top += entrySize;
|
||||
}
|
||||
|
||||
void LogBuffer::readEntryProcDel(LogEntryProcDel *logEntry)
|
||||
{
|
||||
Q_ASSERT(m_offset < m_top);
|
||||
|
||||
const char *input = this->input();
|
||||
|
||||
quint32 pid;
|
||||
FortCommon::logProcDelRead(input, &pid);
|
||||
|
||||
logEntry->setPid(pid);
|
||||
|
||||
const int entrySize = FortCommon::logProcDelSize();
|
||||
m_offset += entrySize;
|
||||
}
|
||||
|
||||
void LogBuffer::readEntryStatTraf(LogEntryStatTraf *logEntry)
|
||||
{
|
||||
Q_ASSERT(m_offset < m_top);
|
||||
@ -173,8 +145,10 @@ void LogBuffer::readEntryStatTraf(LogEntryStatTraf *logEntry)
|
||||
logEntry->setProcCount(procCount);
|
||||
|
||||
if (procCount) {
|
||||
input += FortCommon::logStatTrafHeaderSize();
|
||||
input += FortCommon::logStatHeaderSize();
|
||||
logEntry->setProcBits((const quint8 *) input);
|
||||
|
||||
input += FortCommon::logStatProcSize(procCount);
|
||||
logEntry->setTrafBytes((const quint32 *) input);
|
||||
}
|
||||
|
||||
|
||||
@ -7,7 +7,6 @@
|
||||
#include "logentry.h"
|
||||
|
||||
class LogEntryBlocked;
|
||||
class LogEntryProcDel;
|
||||
class LogEntryProcNew;
|
||||
class LogEntryStatTraf;
|
||||
|
||||
@ -32,9 +31,6 @@ public:
|
||||
void writeEntryProcNew(const LogEntryProcNew *logEntry);
|
||||
void readEntryProcNew(LogEntryProcNew *logEntry);
|
||||
|
||||
void writeEntryProcDel(const LogEntryProcDel *logEntry);
|
||||
void readEntryProcDel(LogEntryProcDel *logEntry);
|
||||
|
||||
void readEntryStatTraf(LogEntryStatTraf *logEntry);
|
||||
|
||||
signals:
|
||||
|
||||
@ -11,8 +11,7 @@ public:
|
||||
// synchronize with FORT_LOG_FLAG_*
|
||||
AppBlocked = 0x01000000,
|
||||
ProcNew = 0x02000000,
|
||||
ProcDel = 0x04000000,
|
||||
StatTraf = 0x08000000
|
||||
StatTraf = 0x04000000
|
||||
};
|
||||
|
||||
explicit LogEntry();
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
#include "logentryprocdel.h"
|
||||
|
||||
LogEntryProcDel::LogEntryProcDel(quint32 pid) :
|
||||
LogEntry(),
|
||||
m_pid(pid)
|
||||
{
|
||||
}
|
||||
|
||||
void LogEntryProcDel::setPid(quint32 pid)
|
||||
{
|
||||
m_pid = pid;
|
||||
}
|
||||
@ -1,20 +0,0 @@
|
||||
#ifndef LOGENTRYPROCDEL_H
|
||||
#define LOGENTRYPROCDEL_H
|
||||
|
||||
#include "logentry.h"
|
||||
|
||||
class LogEntryProcDel : public LogEntry
|
||||
{
|
||||
public:
|
||||
explicit LogEntryProcDel(quint32 pid = 0);
|
||||
|
||||
virtual LogEntry::LogType type() const { return ProcDel; }
|
||||
|
||||
quint32 pid() const { return m_pid; }
|
||||
void setPid(quint32 pid);
|
||||
|
||||
private:
|
||||
quint32 m_pid;
|
||||
};
|
||||
|
||||
#endif // LOGENTRYPROCDEL_H
|
||||
@ -1,9 +1,11 @@
|
||||
#include "logentrystattraf.h"
|
||||
|
||||
LogEntryStatTraf::LogEntryStatTraf(quint16 procCount,
|
||||
const quint8 *procBits,
|
||||
const quint32 *trafBytes) :
|
||||
LogEntry(),
|
||||
m_procCount(procCount),
|
||||
m_procBits(procBits),
|
||||
m_trafBytes(trafBytes)
|
||||
{
|
||||
}
|
||||
@ -13,6 +15,11 @@ void LogEntryStatTraf::setProcCount(quint16 procCount)
|
||||
m_procCount = procCount;
|
||||
}
|
||||
|
||||
void LogEntryStatTraf::setProcBits(const quint8 *procBits)
|
||||
{
|
||||
m_procBits = procBits;
|
||||
}
|
||||
|
||||
void LogEntryStatTraf::setTrafBytes(const quint32 *trafBytes)
|
||||
{
|
||||
m_trafBytes = trafBytes;
|
||||
|
||||
@ -7,6 +7,7 @@ class LogEntryStatTraf : public LogEntry
|
||||
{
|
||||
public:
|
||||
explicit LogEntryStatTraf(quint16 procCount = 0,
|
||||
const quint8 *procBits = nullptr,
|
||||
const quint32 *trafBytes = nullptr);
|
||||
|
||||
virtual LogEntry::LogType type() const { return StatTraf; }
|
||||
@ -14,11 +15,15 @@ public:
|
||||
quint16 procCount() const { return m_procCount; }
|
||||
void setProcCount(quint16 procCount);
|
||||
|
||||
const quint8 *procBits() const { return m_procBits; }
|
||||
void setProcBits(const quint8 *procBits);
|
||||
|
||||
const quint32 *trafBytes() const { return m_trafBytes; }
|
||||
void setTrafBytes(const quint32 *trafBytes);
|
||||
|
||||
private:
|
||||
quint16 m_procCount;
|
||||
const quint8 *m_procBits;
|
||||
const quint32 *m_trafBytes;
|
||||
};
|
||||
|
||||
|
||||
@ -4,7 +4,6 @@
|
||||
#include "../fortcommon.h"
|
||||
#include "logbuffer.h"
|
||||
#include "logentryblocked.h"
|
||||
#include "logentryprocdel.h"
|
||||
#include "logentryprocnew.h"
|
||||
#include "logentrystattraf.h"
|
||||
#include "model/appblockedmodel.h"
|
||||
@ -93,7 +92,6 @@ void LogManager::readLogEntries(LogBuffer *logBuffer)
|
||||
{
|
||||
LogEntryBlocked entryBlocked;
|
||||
LogEntryProcNew entryProcNew;
|
||||
LogEntryProcDel entryProcDel;
|
||||
LogEntryStatTraf entryStatTraf;
|
||||
|
||||
forever {
|
||||
@ -108,13 +106,9 @@ void LogManager::readLogEntries(LogBuffer *logBuffer)
|
||||
qDebug() << "+>" << entryProcNew.pid() << entryProcNew.kernelPath();
|
||||
break;
|
||||
}
|
||||
case LogEntry::ProcDel: {
|
||||
logBuffer->readEntryProcDel(&entryProcDel);
|
||||
qDebug() << "->" << entryProcNew.pid();
|
||||
break;
|
||||
}
|
||||
case LogEntry::StatTraf: {
|
||||
logBuffer->readEntryStatTraf(&entryStatTraf);
|
||||
qDebug() << ">" << entryStatTraf.procCount();
|
||||
break;
|
||||
}
|
||||
default:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user