fix: reduce the frequency of log printing

Author: yuanchaoa

agent/benches/labeler.rs

@@ -70,7 +70,7 @@ fn bench_labeler(c: &mut Criterion) {
 
             cidr_list.push(Arc::new(cidr));
         }
-        labeler.update_cidr_table(&cidr_list);
+        labeler.update_cidr_table(&cidr_list, false, &mut false);
         labeler.update_interface_table(&iface_list);
 
         let key: LookupKey = LookupKey {
@@ -118,7 +118,7 @@ fn bench_labeler(c: &mut Criterion) {
 
             cidr_list.push(Arc::new(cidr));
         }
-        labeler.update_cidr_table(&cidr_list);
+        labeler.update_cidr_table(&cidr_list, false, &mut false);
         labeler.update_interface_table(&iface_list);
 
         let key: LookupKey = LookupKey {
@@ -163,7 +163,7 @@ fn bench_policy(c: &mut Criterion) {
             Arc::new(IpGroupData::new(10, 2, "192.168.2.1/32")),
             Arc::new(IpGroupData::new(20, 20, "192.168.2.5/31")),
         ]);
-        let _ = first.update_acl(&vec![Arc::new(acl)], true);
+        let _ = first.update_acl(&vec![Arc::new(acl)], true, false, &mut false);
 
         first
     }

agent/src/common/mod.rs

@@ -100,6 +100,8 @@ pub trait FlowAclListener: Send + Sync {
         peers: &Vec<Arc<PeerConnection>>,
         cidrs: &Vec<Arc<Cidr>>,
         acls: &Vec<Arc<Acl>>,
+        enabled_invalid_log: bool,
+        has_invalid_log: &mut bool,
     ) -> Result<(), String>;
     fn containers_change(&mut self, _: &Vec<Arc<Container>>) {}
     fn id(&self) -> usize;

agent/src/debug/rpc.rs

@@ -156,7 +156,7 @@ impl RpcDebugger {
         }
 
         let mut sg = self.status.write();
-        sg.get_platform_data(&resp);
+        sg.get_platform_data(&resp, false);
         let mut res = sg
             .cidrs
             .iter()
@@ -181,7 +181,7 @@ impl RpcDebugger {
         }
 
         let mut sg = self.status.write();
-        sg.get_platform_data(&resp);
+        sg.get_platform_data(&resp, false);
         let mut res = sg
             .interfaces
             .iter()
@@ -211,7 +211,7 @@ impl RpcDebugger {
         }
 
         let mut sg = self.status.write();
-        sg.get_ip_groups(&resp);
+        sg.get_ip_groups(&resp, false);
         let mut res = sg
             .ip_groups
             .iter()
@@ -236,7 +236,7 @@ impl RpcDebugger {
         }
 
         let mut sg = self.status.write();
-        sg.get_flow_acls(&resp);
+        sg.get_flow_acls(&resp, false);
         let mut res = sg
             .acls
             .iter()

agent/src/dispatcher/mod.rs

@@ -255,6 +255,8 @@ impl FlowAclListener for DispatcherListener {
         _: &Vec<Arc<crate::common::policy::PeerConnection>>,
         _: &Vec<Arc<crate::_Cidr>>,
         _: &Vec<Arc<crate::_Acl>>,
+        _: bool,
+        _: &mut bool,
     ) -> Result<(), String> {
         match self {
             DispatcherListener::Local(a) => a.flow_acl_change(),

agent/src/ebpf_dispatcher.rs

@@ -496,6 +496,8 @@ impl FlowAclListener for SyncEbpfDispatcher {
         _: &Vec<Arc<crate::common::policy::PeerConnection>>,
         _: &Vec<Arc<crate::_Cidr>>,
         _: &Vec<Arc<crate::_Acl>>,
+        _: bool,
+        _: &mut bool,
     ) -> Result<(), String> {
         self.pause.store(false, Ordering::Relaxed);
         Ok(())

agent/src/policy/first_path.rs

@@ -340,7 +340,6 @@ impl FirstPath {
         }
 
         if self.group_ip_map.is_none() {
-            warn!("IpGroup is nil, invalid acl: {}", acl);
             return false;
         }
 
@@ -352,7 +351,6 @@ impl FirstPath {
                 .get(&(*group as u16))
                 .is_none()
             {
-                warn!("Invalid acl by src group({}): {}", group, acl);
                 return true;
             }
         }
@@ -365,7 +363,6 @@ impl FirstPath {
                 .get(&(*group as u16))
                 .is_none()
             {
-                warn!("Invalid acl by dst group({}): {}", group, acl);
                 return true;
             }
         }
@@ -593,19 +590,36 @@ impl FirstPath {
         Ok(())
     }
 
-    pub fn update_acl(&mut self, acls: &Vec<Arc<Acl>>, check: bool) -> PResult<()> {
+    pub fn update_acl(
+        &mut self,
+        acls: &Vec<Arc<Acl>>,
+        check: bool,
+        enabled_invalid_log: bool,
+        has_invalid_log: &mut bool,
+    ) -> PResult<()> {
         if !NOT_SUPPORT {
             let mut valid_acls = Vec::new();
+            let mut invalid_acls = vec![];
 
             for acl in acls {
                 if self.is_invalid_acl(acl, check) {
+                    invalid_acls.push(acl.id);
                     continue;
                 }
                 let mut valid_acl = (**acl).clone();
 
                 valid_acl.reset();
                 valid_acls.push(valid_acl);
             }
+
+            if enabled_invalid_log && !invalid_acls.is_empty() {
+                warn!(
+                    "Invalid acls: {:?}, maybe the IP resource group doesn't have an IP address.",
+                    invalid_acls
+                );
+                *has_invalid_log = true;
+            }
+
             self.generate_first_table(&mut valid_acls)?;
         }
 

agent/src/policy/labeler.rs

@@ -259,10 +259,16 @@ impl Labeler {
         return (0, 0);
     }
 
-    pub fn update_cidr_table(&mut self, cidrs: &Vec<Arc<Cidr>>) {
+    pub fn update_cidr_table(
+        &mut self,
+        cidrs: &Vec<Arc<Cidr>>,
+        enabled_invalid_log: bool,
+        has_invalid_log: &mut bool,
+    ) {
         let mut masklen_table: AHashMap<i32, (u8, u8)> = AHashMap::new();
         let mut epc_table: AHashMap<EpcNetIpKey, Arc<Cidr>> = AHashMap::new();
         let mut tunnel_table: AHashMap<u32, Vec<Arc<Cidr>>> = AHashMap::new();
+        let mut invalid_cidr = Vec::new();
 
         for item in cidrs {
             let mut epc_id = item.epc_id;
@@ -275,10 +281,7 @@ impl Labeler {
                 if (item.cidr_type == CidrType::Wan && item.epc_id != old.epc_id)
                     || item.is_vip != old.is_vip
                 {
-                    warn!(
-                        "Found the same cidr, please check {:?} and {:?}.",
-                        item, old
-                    );
+                    invalid_cidr.push(item.ip)
                 }
             }
             masklen_table
@@ -301,6 +304,11 @@ impl Labeler {
             }
         }
 
+        if enabled_invalid_log && !invalid_cidr.is_empty() {
+            warn!("Invalid same cidr: {:?}", invalid_cidr);
+            *has_invalid_log = true;
+        }
+
         // 排序使用降序是为了CIDR的最长前缀匹配
         for (_k, v) in &mut tunnel_table.iter_mut() {
             v.sort_by(|a, b| {
@@ -1095,7 +1103,7 @@ mod tests {
         let cidrs = vec![Arc::new(cidr1), Arc::new(cidr2), Arc::new(cidr3)];
         let mut endpoint: EndpointInfo = Default::default();
 
-        labeler.update_cidr_table(&cidrs);
+        labeler.update_cidr_table(&cidrs, false, &mut false);
 
         labeler.set_epc_by_cidr("192.168.10.100".parse().unwrap(), 10, &mut endpoint);
         assert_eq!(endpoint.is_vip, true);
@@ -1117,7 +1125,7 @@ mod tests {
             ..Default::default()
         };
         let cidrs = vec![Arc::new(cidr1), Arc::new(cidr2)];
-        labeler.update_cidr_table(&cidrs);
+        labeler.update_cidr_table(&cidrs, false, &mut false);
 
         let mut endpoint: EndpointInfo = Default::default();
         labeler.set_epc_by_cidr("10.1.2.3".parse().unwrap(), 10, &mut endpoint);
@@ -1136,7 +1144,7 @@ mod tests {
 
         let mut endpoint: EndpointInfo = Default::default();
 
-        labeler.update_cidr_table(&vec![Arc::new(cidr1)]);
+        labeler.update_cidr_table(&vec![Arc::new(cidr1)], false, &mut false);
         labeler.set_epc_by_cidr("192.168.10.100".parse().unwrap(), 10, &mut endpoint);
         assert_eq!(endpoint.l3_epc_id, 0);
 
@@ -1160,7 +1168,7 @@ mod tests {
 
         let mut endpoint: EndpointInfo = Default::default();
 
-        labeler.update_cidr_table(&vec![Arc::new(cidr1)]);
+        labeler.update_cidr_table(&vec![Arc::new(cidr1)], false, &mut false);
 
         labeler.set_epc_vip_by_tunnel("192.168.10.100".parse().unwrap(), 10, &mut endpoint);
         assert_eq!(endpoint.l3_epc_id, 10);
@@ -1178,7 +1186,7 @@ mod tests {
 
         let mut endpoint: EndpointInfo = Default::default();
 
-        labeler.update_cidr_table(&vec![Arc::new(cidr1)]);
+        labeler.update_cidr_table(&vec![Arc::new(cidr1)], false, &mut false);
 
         labeler.set_vip_by_cidr("192.168.10.100".parse().unwrap(), 10, &mut endpoint);
         assert_eq!(endpoint.is_vip, true);
@@ -1220,7 +1228,7 @@ mod tests {
 
         labeler.update_mac_table(&list);
         labeler.update_epc_ip_table(&list);
-        labeler.update_cidr_table(&vec![Arc::new(cidr1)]);
+        labeler.update_cidr_table(&vec![Arc::new(cidr1)], false, &mut false);
 
         let key: LookupKey = LookupKey {
             src_mac: MacAddr::from_str("11:22:33:44:55:66").unwrap(),
@@ -1260,7 +1268,7 @@ mod tests {
             ..Default::default()
         };
         labeler.update_mac_table(&vec![Arc::new(interface)]);
-        labeler.update_cidr_table(&vec![Arc::new(cidr)]);
+        labeler.update_cidr_table(&vec![Arc::new(cidr)], false, &mut false);
         let mut endpoints: EndpointData = Default::default();
         endpoints.src_info.l3_epc_id = 1;
 
@@ -1315,7 +1323,7 @@ mod tests {
             is_vip: true,
             ..Default::default()
         };
-        labeler.update_cidr_table(&vec![Arc::new(cidr)]);
+        labeler.update_cidr_table(&vec![Arc::new(cidr)], false, &mut false);
 
         let mut endpoints: EndpointData = Default::default();
         endpoints.dst_info.l3_epc_id = 1;

agent/src/policy/policy.rs

@@ -21,7 +21,7 @@ use std::sync::{
 };
 
 use ahash::AHashMap;
-use log::{debug, info, warn};
+use log::{debug, info};
 use pnet::datalink;
 use public::enums::IpProtocol;
 
@@ -476,17 +476,30 @@ impl Policy {
         self.labeler.update_peer_table(peers);
     }
 
-    pub fn update_cidr(&mut self, cidrs: &Vec<Arc<Cidr>>) {
+    pub fn update_cidr(
+        &mut self,
+        cidrs: &Vec<Arc<Cidr>>,
+        enabled_invalid_log: bool,
+        has_invalid_log: &mut bool,
+    ) {
         self.table.update_cidr(cidrs);
-        self.labeler.update_cidr_table(cidrs);
+        self.labeler
+            .update_cidr_table(cidrs, enabled_invalid_log, has_invalid_log);
     }
 
     pub fn update_container(&mut self, cidrs: &Vec<Arc<Container>>) {
         self.labeler.update_container(cidrs);
     }
 
-    pub fn update_acl(&mut self, acls: &Vec<Arc<Acl>>, check: bool) -> PResult<()> {
-        self.table.update_acl(acls, check)?;
+    pub fn update_acl(
+        &mut self,
+        acls: &Vec<Arc<Acl>>,
+        check: bool,
+        enabled_invalid_log: bool,
+        has_invalid_log: &mut bool,
+    ) -> PResult<()> {
+        self.table
+            .update_acl(acls, check, enabled_invalid_log, has_invalid_log)?;
 
         self.acls = acls.clone();
 
@@ -553,7 +566,7 @@ impl Policy {
         for gpid_entry in gpid_entries.iter() {
             let protocol = u8::from(gpid_entry.protocol) as usize;
             if protocol >= table.len() {
-                warn!("Invalid protocol {:?} in {:?}", protocol, &gpid_entry);
+                debug!("Invalid protocol {:?} in {:?}", protocol, &gpid_entry);
                 continue;
             }
 
@@ -678,6 +691,8 @@ impl FlowAclListener for PolicySetter {
         peers: &Vec<Arc<PeerConnection>>,
         cidrs: &Vec<Arc<Cidr>>,
         acls: &Vec<Arc<Acl>>,
+        enabled_invalid_log: bool,
+        has_invalid_log: &mut bool,
     ) -> Result<(), String> {
         self.update_local_epc(
             local_epc,
@@ -686,8 +701,8 @@ impl FlowAclListener for PolicySetter {
         self.update_interfaces(agent_type, platform_data);
         self.update_ip_group(ip_groups);
         self.update_peer_connections(peers);
-        self.update_cidr(cidrs);
-        if let Err(e) = self.update_acl(acls, true) {
+        self.update_cidr(cidrs, enabled_invalid_log, has_invalid_log);
+        if let Err(e) = self.update_acl(acls, true, enabled_invalid_log, has_invalid_log) {
             return Err(format!("{}", e));
         }
 
@@ -727,16 +742,29 @@ impl PolicySetter {
         self.policy().update_peer_connections(peers);
     }
 
-    pub fn update_cidr(&mut self, cidrs: &Vec<Arc<Cidr>>) {
-        self.policy().update_cidr(cidrs);
+    pub fn update_cidr(
+        &mut self,
+        cidrs: &Vec<Arc<Cidr>>,
+        enabled_invalid_log: bool,
+        has_invalid_log: &mut bool,
+    ) {
+        self.policy()
+            .update_cidr(cidrs, enabled_invalid_log, has_invalid_log);
     }
 
     pub fn update_container(&mut self, containers: &Vec<Arc<Container>>) {
         self.policy().update_container(containers);
     }
 
-    pub fn update_acl(&mut self, acls: &Vec<Arc<Acl>>, check: bool) -> PResult<()> {
-        self.policy().update_acl(acls, check)?;
+    pub fn update_acl(
+        &mut self,
+        acls: &Vec<Arc<Acl>>,
+        check: bool,
+        enabled_invalid_log: bool,
+        has_invalid_log: &mut bool,
+    ) -> PResult<()> {
+        self.policy()
+            .update_acl(acls, check, enabled_invalid_log, has_invalid_log)?;
 
         Ok(())
     }
@@ -805,7 +833,7 @@ mod test {
             ..Default::default()
         };
         setter.update_interfaces(AgentType::TtHostPod, &vec![Arc::new(interface)]);
-        setter.update_cidr(&vec![Arc::new(cidr)]);
+        setter.update_cidr(&vec![Arc::new(cidr)], false, &mut false);
         setter.flush();
 
         let mut key = LookupKey {