gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OMPUB-1508 For tunnel traffic, asymmetric traffic, and traffic matching the "no intercept" policy, only a session ID index flow table is created

Browse Source
This commit is contained in:
wangmenglan
2024-11-05 10:21:03 +08:00
parent d2b7d30e96
commit 02fae975ed
6 changed files with 175 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
common/src/tfe_packet_io.cpp
View File

@@ -1095,6 +1095,7 @@ static int handle_session_opening(struct metadata *meta, struct ctrl_pkt_parser
uint16_t size = 0;
uint8_t is_passthrough = 0;
uint8_t hit_no_intercept = 0;
uint8_t is_session_id_only_key = 0;
uint16_t out_size = 0;
char stream_traceid[24] = {0};
char reason_no_intercept_param[] = "Hit No Intercept Policy";
@@ -1284,6 +1285,10 @@ passthrough:
tuple4_reverse(&inner_tuple4, &s_ctx->c2s_info.tuple4);
}
// is_passthrough为1时只通过session id创建流表避免四元组相同的情况下uthash频繁扩展导致崩溃
if (is_passthrough)
is_session_id_only_key = 1;
// c2s
sids_copy(&s_ctx->c2s_info.sids, &parser->seq_sids);
route_ctx_copy(&s_ctx->c2s_info.route_ctx, &parser->seq_route_ctx);
@@ -1293,7 +1298,7 @@ passthrough:
route_ctx_copy(&s_ctx->s2c_info.route_ctx, &parser->ack_route_ctx);
TFE_LOG_INFO(logger, "%s: session %lu %s active first, hit rule %lu", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr, rule_id);
session_table_insert(thread->session_table, s_ctx->session_id, &(s_ctx->c2s_info.tuple4), s_ctx, session_value_free_cb);
session_table_insert(thread->session_table, is_session_id_only_key, s_ctx->session_id, &(s_ctx->c2s_info.tuple4), s_ctx, session_value_free_cb);
ATOMIC_INC(&(packet_io_fs->session_num));
if (parser->seq_header)
FREE(&parser->seq_header);
@@ -1490,9 +1495,11 @@ static int handle_raw_packet_from_nf(struct packet_io *handle, marsio_buff_t *rx
throughput_metrics_inc(&packet_io_fs->raw_bypass, 1, raw_len);
if (memcmp(&inner_addr, &s_ctx->c2s_info.tuple4, sizeof(struct tuple4)) == 0) {
s_ctx->c2s_info.is_e2i_dir = meta.is_e2i_dir;
throughput_metrics_inc(&s_ctx->c2s_info.rx, 1, raw_len);
}
else {
s_ctx->s2c_info.is_e2i_dir = meta.is_e2i_dir;
throughput_metrics_inc(&s_ctx->s2c_info.rx, 1, raw_len);
}