252 lines
8.5 KiB
C++
252 lines
8.5 KiB
C++
|
|
||
|
|
#include <tfe_proxy.h>
|
||
|
|
#include <tfe_utils.h>
|
||
|
|
#include <tfe_types.h>
|
||
|
|
#include <traffic_mirror.h>
|
||
|
|
|
||
|
|
struct traffic_mirror_rebuild
|
||
|
|
{
|
||
|
|
struct tfe_stream_addr * addr;
|
||
|
|
struct profile_table_ex_data * target;
|
||
|
|
struct traffic_mirror_ethdev * ethdev;
|
||
|
|
|
||
|
|
uint32_t c_seq;
|
||
|
|
uint32_t s_seq;
|
||
|
|
uint32_t c_ipid;
|
||
|
|
uint32_t s_ipid;
|
||
|
|
uint8_t c_ttl;
|
||
|
|
uint8_t s_ttl;
|
||
|
|
};
|
||
|
|
|
||
|
|
static int tcp_header_construct(unsigned char *buf, unsigned short sp,
|
||
|
|
unsigned short dp, unsigned int seq, unsigned int ack,
|
||
|
|
unsigned char flags, unsigned short win, unsigned short urg)
|
||
|
|
{
|
||
|
|
struct tcphdr * tcp_hdr = (struct tcphdr *) buf;
|
||
|
|
assert(tcp_hdr != NULL);
|
||
|
|
|
||
|
|
tcp_hdr->th_sport = sp;
|
||
|
|
tcp_hdr->th_dport = dp;
|
||
|
|
tcp_hdr->th_seq = htonl(seq);
|
||
|
|
tcp_hdr->th_ack = htonl(ack);
|
||
|
|
tcp_hdr->th_flags = flags;
|
||
|
|
tcp_hdr->th_x2 = 0;
|
||
|
|
tcp_hdr->th_off = 5; /* 20 byte header */
|
||
|
|
tcp_hdr->th_win = htons(win); /* window size */
|
||
|
|
tcp_hdr->th_sum = 0; /* checksum done in userland */
|
||
|
|
tcp_hdr->th_urp = 0; /* urgent pointer */
|
||
|
|
|
||
|
|
return sizeof(struct tcphdr);
|
||
|
|
}
|
||
|
|
|
||
|
|
static int tcp_header_construct_by_stream_addr(struct tfe_stream_addr * addr, unsigned char *buf,
|
||
|
|
unsigned int seq, unsigned int ack, unsigned char flags, unsigned short win, unsigned short urg)
|
||
|
|
{
|
||
|
|
unsigned short sport;
|
||
|
|
unsigned short dport;
|
||
|
|
|
||
|
|
if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V4)
|
||
|
|
{
|
||
|
|
sport = addr->tuple4_v4->source;
|
||
|
|
dport = addr->tuple4_v4->dest;
|
||
|
|
}
|
||
|
|
else if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V6)
|
||
|
|
{
|
||
|
|
sport = addr->tuple4_v6->source;
|
||
|
|
dport = addr->tuple4_v6->dest;
|
||
|
|
}
|
||
|
|
else
|
||
|
|
{
|
||
|
|
assert(0);
|
||
|
|
}
|
||
|
|
|
||
|
|
return tcp_header_construct(buf, sport, dport, seq, ack, flags, win, urg);
|
||
|
|
}
|
||
|
|
|
||
|
|
static int ipv4_header_construct(unsigned char *buf, unsigned short carry_layer_len,
|
||
|
|
unsigned char tos, unsigned short id, unsigned short frag, unsigned char ttl,
|
||
|
|
unsigned char protocol, unsigned int src, unsigned int dst)
|
||
|
|
{
|
||
|
|
struct iphdr * ip_hdr = (struct iphdr *) buf;
|
||
|
|
ip_hdr->version = 4;
|
||
|
|
ip_hdr->ihl = 5;
|
||
|
|
ip_hdr->tos = tos;
|
||
|
|
ip_hdr->tot_len = htons(sizeof(struct iphdr) + carry_layer_len);
|
||
|
|
ip_hdr->id = htons(id);
|
||
|
|
ip_hdr->frag_off = 0;
|
||
|
|
ip_hdr->ttl = ttl;
|
||
|
|
ip_hdr->protocol = protocol;
|
||
|
|
ip_hdr->check = 0;
|
||
|
|
ip_hdr->saddr = src;
|
||
|
|
ip_hdr->daddr = dst;
|
||
|
|
|
||
|
|
return sizeof(struct iphdr);
|
||
|
|
}
|
||
|
|
|
||
|
|
static int ip_header_construct_by_stream_addr(struct tfe_stream_addr * addr,
|
||
|
|
unsigned char *buf, unsigned short carry_layer_len, unsigned char tos,
|
||
|
|
unsigned short id, unsigned short frag, unsigned char ttl, unsigned char protocol)
|
||
|
|
{
|
||
|
|
if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V4)
|
||
|
|
{
|
||
|
|
return ipv4_header_construct(buf, carry_layer_len, tos, id,
|
||
|
|
frag, ttl, protocol, addr->tuple4_v4->saddr.s_addr, addr->tuple4_v4->daddr.s_addr);
|
||
|
|
}
|
||
|
|
|
||
|
|
assert(0);
|
||
|
|
return -1;
|
||
|
|
}
|
||
|
|
|
||
|
|
static void ether_header_construct(unsigned char *buf, unsigned char *dst,
|
||
|
|
unsigned char *src, unsigned short type)
|
||
|
|
{
|
||
|
|
struct ethhdr * eth_hdr = (struct ethhdr *) buf;
|
||
|
|
memcpy(eth_hdr->h_dest, dst, ETHER_ADDR_LEN);
|
||
|
|
memcpy(eth_hdr->h_source, src, ETHER_ADDR_LEN);
|
||
|
|
eth_hdr->h_proto = htons(type);
|
||
|
|
}
|
||
|
|
|
||
|
|
struct vlan_hdr
|
||
|
|
{
|
||
|
|
uint16_t vlan_tci; /**< Priority (3) + CFI (1) + Identifier Code (12) */
|
||
|
|
uint16_t eth_proto;/**< Ethernet type of encapsulated frame. */
|
||
|
|
} __attribute__((__packed__));
|
||
|
|
|
||
|
|
static void vlan_tag_construct(unsigned char *buf, unsigned short tci, unsigned short type)
|
||
|
|
{
|
||
|
|
struct vlan_hdr * vlan_hdr = (struct vlan_hdr *)buf;
|
||
|
|
vlan_hdr->vlan_tci = htons(tci);
|
||
|
|
vlan_hdr->eth_proto = htons(type);
|
||
|
|
}
|
||
|
|
|
||
|
|
static void l2_send_to_target(struct traffic_mirror_ethdev * ethdev,
|
||
|
|
unsigned char * snd_buffer, unsigned int l3_data_offset, unsigned int l3_data_len,
|
||
|
|
struct ether_addr * target_addr, unsigned int vlan_tci, unsigned l3_protocol)
|
||
|
|
{
|
||
|
|
assert(l3_data_offset >= (sizeof(struct ethhdr) + sizeof(struct vlan_hdr)));
|
||
|
|
unsigned int header_offset = l3_data_offset;
|
||
|
|
|
||
|
|
/* need to construct vlan header */
|
||
|
|
if (vlan_tci > 0)
|
||
|
|
{
|
||
|
|
header_offset -= sizeof(struct vlan_hdr);
|
||
|
|
vlan_tag_construct(snd_buffer + header_offset, vlan_tci, l3_protocol);
|
||
|
|
}
|
||
|
|
|
||
|
|
unsigned int eth_protocol = vlan_tci > 0 ? ETH_P_8021Q : l3_protocol;
|
||
|
|
header_offset -= sizeof(struct ethhdr);
|
||
|
|
|
||
|
|
ether_header_construct(snd_buffer + header_offset, (unsigned char *)target_addr->ether_addr_octet,
|
||
|
|
(unsigned char *)ethdev->local_ether_addr, eth_protocol);
|
||
|
|
}
|
||
|
|
|
||
|
|
static void l2_send_to_target_group(struct traffic_mirror_ethdev * ethdev, struct profile_table_ex_data * t_group,
|
||
|
|
unsigned char * snd_buffer, unsigned int l3_data_offset, unsigned int l3_data_len, unsigned l3_protocol)
|
||
|
|
{
|
||
|
|
for(unsigned int i = 0; i < t_group->nr_targets; i++)
|
||
|
|
{
|
||
|
|
l2_send_to_target(ethdev, snd_buffer, l3_data_offset, l3_data_len,
|
||
|
|
&t_group->ether_addrs[i], t_group->vlans[i], l3_protocol);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
static void tcp_segment_send_to_target_group(struct tfe_stream_addr * addr, struct traffic_mirror_ethdev * ethdev,
|
||
|
|
struct profile_table_ex_data * t_group, const char * payload, unsigned int payload_len,
|
||
|
|
unsigned int seq, unsigned int ack, char flags)
|
||
|
|
{
|
||
|
|
char pkt[ETHER_MAX_LEN];
|
||
|
|
unsigned sz_pkt_prepend = sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr);
|
||
|
|
unsigned l3_l4_header_len = 0;
|
||
|
|
|
||
|
|
l3_l4_header_len += tcp_header_construct_by_stream_addr(addr,
|
||
|
|
(unsigned char *)pkt + sz_pkt_prepend, seq, ack, flags, 0xffff, 0);
|
||
|
|
|
||
|
|
l3_l4_header_len += ip_header_construct_by_stream_addr(addr, (unsigned char *)pkt + sz_pkt_prepend,
|
||
|
|
sizeof(struct tcphdr) + payload_len, 0, 0x1000, 0, 128, IPPROTO_TCP);
|
||
|
|
|
||
|
|
sz_pkt_prepend -= l3_l4_header_len;
|
||
|
|
|
||
|
|
l2_send_to_target_group(ethdev, t_group, (unsigned char *)pkt,
|
||
|
|
sz_pkt_prepend, l3_l4_header_len + payload_len, ETHERTYPE_IP);
|
||
|
|
}
|
||
|
|
|
||
|
|
static void tcp_send_to_target_group(struct tfe_stream_addr * addr, struct traffic_mirror_ethdev * ethdev,
|
||
|
|
struct profile_table_ex_data * t_group, const char * payload,
|
||
|
|
unsigned int payload_len, unsigned int seq, unsigned int ack, char flags)
|
||
|
|
{
|
||
|
|
unsigned int payload_offset = 0;
|
||
|
|
unsigned mss = ethdev->mtu - (sizeof(struct iphdr) + sizeof(struct tcphdr));
|
||
|
|
|
||
|
|
while(payload_offset < payload_len)
|
||
|
|
{
|
||
|
|
unsigned int payload_sz_seg = MIN(payload_offset, mss);
|
||
|
|
const char * payload_ptr_seg = payload + payload_offset;
|
||
|
|
|
||
|
|
tcp_segment_send_to_target_group(addr, ethdev, t_group, payload_ptr_seg, payload_sz_seg, seq, ack, flags);
|
||
|
|
seq += payload_sz_seg;
|
||
|
|
payload_offset += payload_sz_seg;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
struct traffic_mirror_rebuild * traffic_mirror_rebuild_create(struct tfe_stream_addr * addr,
|
||
|
|
struct profile_table_ex_data * target, struct traffic_mirror_ethdev * ethdev)
|
||
|
|
{
|
||
|
|
struct traffic_mirror_rebuild * instance = ALLOC(struct traffic_mirror_rebuild, 1);
|
||
|
|
instance->target = target;
|
||
|
|
instance->ethdev = ethdev;
|
||
|
|
|
||
|
|
/* the c_seq, s_seq, c_ipid, s_ipid is random
|
||
|
|
* TODO: use the fast random algorithm like Linux TCP/IP stack */
|
||
|
|
instance->c_seq = random();
|
||
|
|
instance->s_seq = random();
|
||
|
|
instance->c_ipid = random();
|
||
|
|
instance->s_ipid = random();
|
||
|
|
instance->s_ttl = 128;
|
||
|
|
instance->c_ttl = 64;
|
||
|
|
return instance;
|
||
|
|
}
|
||
|
|
|
||
|
|
void traffic_mirror_rebuild_destroy(struct traffic_mirror_rebuild * instance)
|
||
|
|
{
|
||
|
|
free(instance);
|
||
|
|
}
|
||
|
|
|
||
|
|
void traffic_mirror_rebuild_handshake(struct traffic_mirror_rebuild * instance)
|
||
|
|
{
|
||
|
|
tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
|
||
|
|
NULL, 0, instance->c_seq, 0, TH_SYN);
|
||
|
|
|
||
|
|
tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
|
||
|
|
NULL, 0, instance->s_seq, instance->c_seq + 1, TH_SYN | TH_ACK);
|
||
|
|
|
||
|
|
tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
|
||
|
|
NULL, 0, instance->c_seq + 1, instance->s_seq + 1, TH_ACK);
|
||
|
|
|
||
|
|
instance->s_seq++;
|
||
|
|
instance->c_seq++;
|
||
|
|
}
|
||
|
|
|
||
|
|
void traffic_mirror_rebuild_data(struct traffic_mirror_rebuild * instance,
|
||
|
|
const char * data, unsigned int datalen, enum tfe_conn_dir dir)
|
||
|
|
{
|
||
|
|
if (dir == CONN_DIR_DOWNSTREAM)
|
||
|
|
{
|
||
|
|
tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
|
||
|
|
NULL, 0, instance->c_seq, instance->s_seq + 1, TH_ACK);
|
||
|
|
|
||
|
|
instance->c_seq += datalen;
|
||
|
|
}
|
||
|
|
else
|
||
|
|
{
|
||
|
|
tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
|
||
|
|
NULL, 0, instance->s_seq, instance->c_seq + 1, TH_ACK);
|
||
|
|
|
||
|
|
instance->s_seq += datalen;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
void traffic_mirror_rebuild_farewell(struct traffic_mirror_rebuild * instance)
|
||
|
|
{
|
||
|
|
return;
|
||
|
|
}
|