From 0461a1221623aedc1e9e7d21fcb5ea58a1c19f55 Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Wed, 25 Sep 2024 17:46:28 +0800 Subject: [PATCH] feature(adapt maat): TSG_PROFILE_TRAFFIC_MIRROR adapt uuid --- .../traffic-mirror/include/traffic_mirror.h | 6 +- plugin/business/traffic-mirror/src/entry.cpp | 233 +++++++++--------- resource/pangu/pangu_http.json | 6 +- resource/pangu/table_info.conf | 10 +- resource/pangu/table_info_traffic_mirror.conf | 10 +- 5 files changed, 129 insertions(+), 136 deletions(-) diff --git a/plugin/business/traffic-mirror/include/traffic_mirror.h b/plugin/business/traffic-mirror/include/traffic_mirror.h index 5423ca2..4313c04 100644 --- a/plugin/business/traffic-mirror/include/traffic_mirror.h +++ b/plugin/business/traffic-mirror/include/traffic_mirror.h @@ -49,8 +49,6 @@ struct traffic_mirror_instance unsigned int default_vlan_id; struct maat* maat_feather; - int policy_table_id; - int profile_table_id; /* DEFAULT MAC ADDRESS, IN VLAN MODE */ char default_ether_addr_src; @@ -62,14 +60,16 @@ struct traffic_mirror_instance struct policy_table_ex_data { + uuid_t rule_uuid; + uuid_t profile_uuid; unsigned int atomic_refcnt; unsigned int enable; unsigned int is_profile_set; - unsigned int profile_id; }; struct profile_table_ex_data { + uuid_t profile_uuid; unsigned int atomic_refcnt; unsigned int nr_targets; diff --git a/plugin/business/traffic-mirror/src/entry.cpp b/plugin/business/traffic-mirror/src/entry.cpp index 90f72c3..929e50a 100644 --- a/plugin/business/traffic-mirror/src/entry.cpp +++ b/plugin/business/traffic-mirror/src/entry.cpp @@ -75,8 +75,7 @@ void policy_table_ex_data_free(struct policy_table_ex_data * object) if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object); } -void policy_table_ex_data_dup_cb(int table_id, void **to, - void **from, long argl, void * argp) +void policy_table_ex_data_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp) { struct policy_table_ex_data * ex_data = (struct policy_table_ex_data *)*from; if(ex_data==NULL) @@ -90,7 +89,7 @@ void policy_table_ex_data_dup_cb(int table_id, void **to, } } -void policy_table_ex_data_free_cb(int table_id, void **ad, long argl, void * argp) + void policy_table_ex_data_free_cb(const char *table_name, void **ad, long argl, void *argp) { struct policy_table_ex_data * ex_data = (struct policy_table_ex_data *)*ad; if(ex_data) @@ -99,103 +98,120 @@ void policy_table_ex_data_free_cb(int table_id, void **ad, long argl, void * arg } } -void policy_table_ex_data_new_cb(const char *table_name, int table_id, const char * key, const char * table_line, - void **ad, long argl, void * argp) +void policy_table_ex_data_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp) { - struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp; + struct traffic_mirror_instance *instance = (struct traffic_mirror_instance *)argp; assert(instance != nullptr && instance->logger != nullptr); - char * str_json = NULL; - cJSON * json_root = NULL; - cJSON * json_subroot = NULL; - cJSON * json_item = NULL; + char *str_json = NULL; + cJSON *json = NULL; + cJSON *object = NULL; + cjson *subobj = NULL; + cJSON *item = NULL; + struct policy_table_ex_data *ex_data = NULL; - struct policy_table_ex_data * ex_data = NULL; - - size_t user_region_offset; - size_t user_region_len; - - int result = maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len); - if (unlikely(result < 0)) + str_json = strdup(table_line); + if (unlikely(!str_json)) { - TFE_LOG_ERROR(instance->logger, "Failed at get policy table's user region."); - goto ignore; + TFE_LOG_ERROR(instance->logger, "failed at duplicating table line, %s", table_line); + goto error_out; } - str_json = ALLOC(char, user_region_len + 1); - memcpy(str_json, table_line + user_region_offset, user_region_len); - - json_root = cJSON_Parse(str_json); - if (unlikely(!json_root)) + json = cJSON_Parse(str_json); + if (unlikely(!json)) { - TFE_LOG_ERROR(instance->logger, "failed at parsing user region as JSON format."); - goto ignore; + TFE_LOG_ERROR(instance->logger, "failed at parsing user region as JSON format, %s", table_line); + goto error_out; } - json_subroot = cJSON_GetObjectItem(json_root, "traffic_mirror"); + object = cJSON_GetObjectItem(json, "action_parameter"); + if (unlikely(!object)) + { + TFE_LOG_ERROR(instance->logger, "invalid format, action_parameter is not defined, %s", table_line); + goto error_out; + } + + subobj = cJSON_GetObjectItem(object, "traffic_mirror"); if (unlikely(!json_subroot)) { - TFE_LOG_ERROR(instance->logger, "invalid format, traffic_mirror is not defined."); - goto ignore; + TFE_LOG_ERROR(instance->logger, "invalid format, traffic_mirror is not defined, %s", table_line); + goto error_out; } ex_data = ALLOC(struct policy_table_ex_data, 1); ex_data->atomic_refcnt = 1; ex_data->enable = 0; - ex_data->profile_id = 0; ex_data->is_profile_set = 0; + uuid_parse(key, ex_data->rule_id); - json_item = cJSON_GetObjectItem(json_subroot, "enable"); - if (unlikely(!json_item || !cJSON_IsNumber(json_item))) + item = cJSON_GetObjectItem(subobj, "enable"); + if (unlikely(!item || !cJSON_IsNumber(item))) { TFE_LOG_ERROR(instance->logger, "invalid JSON, traffic_mirror->enable not existed or invalid type."); - goto ignore; + goto error_out; } - ex_data->enable = json_item->valueint; + ex_data->enable = item->valueint; if (!ex_data->enable) { goto success; } - json_item = cJSON_GetObjectItem(json_subroot, "mirror_profile"); - if (unlikely(!json_item || !cJSON_IsNumber(json_item))) + item = cJSON_GetObjectItem(subobj, "mirror_profile"); + if (unlikely(!item || !cJSON_IsString(item))) { TFE_LOG_DEBUG(instance->logger, "traffic_mirror->mirror_profile not existed, user default vlan id :%d.", instance->default_vlan_id); ex_data->is_profile_set = 0; - ex_data->profile_id = 0; + uuid_clear(ex_data->profile_uuid); } else { ex_data->is_profile_set = 1; - ex_data->profile_id = json_item->valueint; + uuid_parse(item->valuestring, ex_data->profile_uuid); } -success: - TFE_LOG_DEBUG(instance->logger, "traffic mirror policy, key %s: enable = %d, profile = %d", - key, ex_data->enable, ex_data->profile_id); + TFE_LOG_DEBUG(instance->logger, "traffic mirror policy, key %s: enable = %d, profile = %s", + key, ex_data->enable, item->valuestring); +success: + cJSON_Delete(json); + free(str_json); *ad = ex_data; ex_data = nullptr; - goto out; + return; -ignore: - TFE_LOG_ERROR(instance->logger, "table line in PXY_INTERCEPT_COMPILE ignored %s: %s", key, table_line); - goto out; - -out: - if (ex_data) policy_table_ex_data_free(ex_data); - if (json_root) cJSON_Delete(json_root); - if (str_json) free(str_json); +error_out: + if (json) + { + cJSON_Delete(json); + } + if (str_json) + { + free(str_json); + } + if (ex_data) + { + free(ex_data); + } } -void profile_table_ex_data_free(struct profile_table_ex_data * object) +void profile_table_ex_data_free(struct profile_table_ex_data *object) { - if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object); + if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) + { + if (object->vlans) + { + free(object->vlans); + } + if (object->ether_addrs) + { + free(object->ether_addrs); + } + free(object); + } } -void profile_table_ex_data_dup_cb(int table_id, void **to, - void **from, long argl, void * argp) +void profile_table_ex_data_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp) { struct profile_table_ex_data * ex_data = (struct profile_table_ex_data *)*from; if(ex_data) @@ -209,7 +225,7 @@ void profile_table_ex_data_dup_cb(int table_id, void **to, } } -void profile_table_ex_data_free_cb(int table_id, void **ad, long argl, void * argp) +void profile_table_ex_data_free_cb(const char *table_name, void **ad, long argl, void *argp) { struct profile_table_ex_data * ex_data = (struct profile_table_ex_data *)*ad; if(ex_data) @@ -218,66 +234,62 @@ void profile_table_ex_data_free_cb(int table_id, void **ad, long argl, void * ar } } -void profile_table_ex_data_new_cb(const char *table_name, int table_id, const char * key, const char * table_line, - void **ad, long argl, void * argp) +void profile_table_ex_data_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp) { - struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp; + struct traffic_mirror_instance *instance = (struct traffic_mirror_instance *)argp; assert(instance != nullptr && instance->logger != nullptr); - char * str_json = NULL; - cJSON * json_root = NULL; - cJSON * element = NULL; + char *str_json = NULL; + cJSON *json = NULL; + cJSON *array = NULL; + cJSON *element = NULL; unsigned int iter = 0; + struct profile_table_ex_data *ex_data = NULL; - struct profile_table_ex_data * ex_data = NULL; - size_t addr_list_offset; - size_t addr_list_len; - - int result = maat_helper_read_column(table_line, 3, &addr_list_offset, &addr_list_len); - if (unlikely(result < 0)) + str_json = strdup(table_line); + if (unlikely(!str_json)) { - TFE_LOG_ERROR(instance->logger, "Failed at get profile table's addrlist."); - goto ignore; + TFE_LOG_ERROR(instance->logger, "failed at duplicating table line, %s", table_line); + goto error_out; } - str_json = ALLOC(char, addr_list_len + 1); - memcpy(str_json, table_line + addr_list_offset, addr_list_len); - - json_root = cJSON_Parse(str_json); - if (unlikely(!json_root)) + json = cJSON_Parse(str_json); + if (unlikely(!json)) { - TFE_LOG_ERROR(instance->logger, "failed at parsing addrlist as JSON format."); - goto ignore; + TFE_LOG_ERROR(instance->logger, "failed at parsing addrlist as JSON format, %s", table_line); + goto error_out; } ex_data = ALLOC(struct profile_table_ex_data, 1); ex_data->atomic_refcnt = 1; ex_data->rewrite_mac = 0; ex_data->rewrite_vlan = 0; + uuid_parse(key, ex_data->profile_uuid); - if (unlikely(!cJSON_IsArray(json_root))) + array = cJSON_GetObjectItem(json, "vlan_ids"); + if (unlikely(!array || !cJSON_IsArray(array))) { - TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->vlan is not a array, %s.", str_json); - goto ignore; + TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->vlan_ids is not a array, %s", table_line); + goto error_out; } - ex_data->nr_targets = cJSON_GetArraySize(json_root); + ex_data->nr_targets = cJSON_GetArraySize(array); ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int)); ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr)); - cJSON_ArrayForEach(element, json_root) + cJSON_ArrayForEach(element, array) { if (unlikely(!cJSON_IsNumber(element))) { TFE_LOG_ERROR(instance->logger, "invalid JSON, elements in mirror_profile->vlan is not a number, %s.", str_json); - goto ignore; + goto error_out; } unsigned int vlan_in_number = element->valueint; if (unlikely(vlan_in_number <= 0 || vlan_in_number > 4094)) { TFE_LOG_ERROR(instance->logger, "invalid JSON, vlan id must between 1 and 4094."); - goto ignore; + goto error_out; } TFE_LOG_DEBUG(instance->logger, "traffic mirror profile %s: vlan id[%d] %d", key, iter, vlan_in_number); @@ -292,14 +304,13 @@ void profile_table_ex_data_new_cb(const char *table_name, int table_id, const ch *ad = (void *)ex_data; ex_data = nullptr; - TFE_LOG_DEBUG(instance->logger, "traffic mirror profile %s: %s", key, str_json); - goto out; + TFE_LOG_DEBUG(instance->logger, "Add traffic mirror profile: %s", key); -ignore: - TFE_LOG_ERROR(instance->logger, "table line in TSG_PROFILE_TRAFFIC_MIRROR ignored %s: %s", key, table_line); - goto out; + cJSON_Delete(json_root); + free(str_json); + return; -out: +error_out: if (ex_data) { profile_table_ex_data_free(ex_data); @@ -502,29 +513,13 @@ int traffic_mirror_init(struct tfe_proxy * proxy) goto errout; } - /* REGISTER MAAT FEATHER */ - instance->policy_table_id = maat_get_table_id(instance->maat_feather, "PXY_INTERCEPT_COMPILE"); - if (instance->policy_table_id < 0) - { - TFE_LOG_ERROR(instance->logger, "failed at register table PXY_INTERCEPT_COMPILE, ret = %d", - instance->policy_table_id); goto errout; - } - - instance->profile_table_id = maat_get_table_id(instance->maat_feather, "TSG_PROFILE_TRAFFIC_MIRROR"); - if (instance->profile_table_id < 0) - { - TFE_LOG_ERROR(instance->logger, "failed at register table TSG_PROFILE_TRAFFIC_MIRROR, ret = %d", - instance->profile_table_id); goto errout; - } - result = maat_plugin_table_ex_schema_register(instance->maat_feather, "PXY_INTERCEPT_COMPILE", policy_table_ex_data_new_cb, policy_table_ex_data_free_cb, policy_table_ex_data_dup_cb, 0, instance); if(result < 0) { - TFE_LOG_ERROR(instance->logger, "failed at maat_plugin_table_ex_schema_register(PXY_INTERCEPT_COMPILE), " - "table_id = %d, ret = %d", instance->policy_table_id, result); + TFE_LOG_ERROR(instance->logger, "failed at maat_plugin_table_ex_schema_register(PXY_INTERCEPT_COMPILE)"); goto errout; } @@ -534,8 +529,8 @@ int traffic_mirror_init(struct tfe_proxy * proxy) if (unlikely(result < 0)) { - TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(TSG_PROFILE_TRAFFIC_MIRROR), " - "table_id = %d, ret = %d", instance->policy_table_id, result); + TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(TSG_PROFILE_TRAFFIC_MIRROR)"); + goto errout; } if (traffic_mirror_ethdev_init(instance) < 0) @@ -570,10 +565,10 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr assert(instance != NULL); assert(cmsg != NULL); - char str_policy_id[TFE_SYMBOL_MAX] = {0}; - char str_profile_id[TFE_SYMBOL_MAX] = {0}; + char rule_uuid_str[UUID_STRING_SIZE] = {0}; + char profile_uuid_str[TFE_SYMBOL_MAX] = {0}; - uint64_t rule_id; + uuid_t rule_uuid; uint16_t opt_out_size; struct policy_table_ex_data * policy_ex_data = NULL; @@ -582,15 +577,15 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr struct ether_addr c_ether_addr = {}; struct ether_addr s_ether_addr = {}; - int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &opt_out_size); + int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_uuid, sizeof(rule_uuid), &opt_out_size); if (ret < 0) { TFE_LOG_ERROR(instance->logger, "failed at getting policy id from cmsg, detach the stream."); goto detach; } - snprintf(str_policy_id, sizeof(str_policy_id), "%lu", rule_id); - policy_ex_data = (struct policy_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, instance->policy_table_id, str_policy_id, strlen(str_policy_id)); + uuid_unparse(rule_uuid, rule_uuid_str); + policy_ex_data = (struct policy_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, PXY_INTERCEPT_COMPILE, rule_uuid, sizeof(uuid_t)); if (!policy_ex_data || !policy_ex_data->enable) { goto detach; @@ -616,13 +611,13 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr if (policy_ex_data->is_profile_set) { - snprintf(str_profile_id, sizeof(str_policy_id), "%u", policy_ex_data->profile_id); - profile_ex_data = (struct profile_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, instance->profile_table_id, str_profile_id, strlen(str_profile_id)); + uuid_unparse(policy_ex_data->profile_uuid, profile_uuid_str); + profile_ex_data = (struct profile_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, TSG_PROFILE_TRAFFIC_MIRROR, policy_ex_data->profile_uuid, sizeof(uuid_t)); if (!profile_ex_data) { TFE_LOG_ERROR(instance->logger, "failed at getting policy %s's profile, profile id = %s, " "detach the stream", - str_policy_id, str_profile_id); + rule_uuid_str, profile_uuid_str); goto detach; } @@ -652,7 +647,9 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr rebuild_target = NULL; traffic_mirror_rebuild_handshake(me->rebuild_ctx, thread_id); - return ACTION_FORWARD_DATA; + TFE_LOG_DEBUG(instance->logger, "hit traffic mirror policy %s, profile %s, vlan %d", + rule_uuid_str, profile_uuid_str, me->rebuild_ctx->target.vlan_tci); + return ACTION_FORWARD_DATA; detach: if (me) diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index 88ac766..997eee3 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -223,7 +223,7 @@ { "table_name": "TSG_PROFILE_TRAFFIC_MIRROR", "table_content": [ - "1234\ttest-traffic-mirror\t[1,2,3,4,5,6,7,8,9]\t1" + "{\"uuid\":\"TRAFFIC0-MIRR-0000-0000-000000000001\",\"vlan_ids\":[1,2,3,4,5,6,7,8,9],\"is_valid\":1}" ] }, { @@ -255,8 +255,8 @@ { "table_name": "PXY_INTERCEPT_COMPILE", "table_content": [ - "0\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"protocol\":\"SSL\",\"keyring_for_trusted\":765,\"keyring_for_untrusted\":10,\"decryption_profile\":0,\"tcp_option_profile\":1,\"traffic_mirror\":{\"enable\":0}}\t1\t1\t2", - "255119\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"protocol\":\"SSL\",\"keyring_for_trusted\":1,\"keyring_for_untrusted\":10,\"decryption_profile\":0,\"tcp_option_profile\":1,\"traffic_mirror\":{\"enable\":1,\"mirror_profile\":1234}}\t1\t1\t2" + "{\"uuid\":\"INTERCEP-0000-0000-0000-000000000001\",\"action_parameter\":{\"vsys_id\":1,\"keyring_for_trusted\":\"KERING00-TRUS-0000-0000-000000000001\",\"keyring_for_untrusted\":\"KERING00-UNTR-0000-0000-000000000001\",\"decryption_profile\":\"DECRYPT0-0000-0000-0000-000000000001\",\"tcp_option_profile\":\"TCPOPT00-0000-0000-0000-000000000001\",\"traffic_mirror\":{\"enable\":0}},\"is_valid\":1}", + "{\"uuid\":\"INTERCEP-0000-0000-0000-000000000002\",\"action_parameter\":{\"vsys_id\":1,\"keyring_for_trusted\":\"KERING00-TRUS-0000-0000-000000000001\",\"keyring_for_untrusted\":\"KERING00-UNTR-0000-0000-000000000001\",\"decryption_profile\":\"DECRYPT0-0000-0000-0000-000000000001\",\"tcp_option_profile\":\"TCPOPT00-0000-0000-0000-000000000001\",\"traffic_mirror\":{\"enable\":1,\"mirror_profile\":\"TRAFFIC0-MIRR-0000-0000-000000000001\"}},\"is_valid\":1}" ] }, { diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index d0511cb..0bc19f5 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -336,20 +336,18 @@ "table_id":30, "table_name":"PXY_INTERCEPT_COMPILE", "table_type":"plugin", - "valid_column":9, "custom": { - "key":1, - "key_type":"pointer" + "key_type":"pointer", + "key_name":"uuid" } }, { "table_id":31, "table_name":"TSG_PROFILE_TRAFFIC_MIRROR", "table_type":"plugin", - "valid_column":4, "custom": { - "key":1, - "key_type":"pointer" + "key_type":"pointer", + "key_name":"uuid" } }, { diff --git a/resource/pangu/table_info_traffic_mirror.conf b/resource/pangu/table_info_traffic_mirror.conf index 373f510..a7269cc 100644 --- a/resource/pangu/table_info_traffic_mirror.conf +++ b/resource/pangu/table_info_traffic_mirror.conf @@ -3,20 +3,18 @@ "table_id":0, "table_name":"PXY_INTERCEPT_COMPILE", "table_type":"plugin", - "valid_column":9, "custom": { - "key":1, - "key_type":"pointer" + "key_type":"pointer", + "key_name":"uuid" } }, { "table_id":1, "table_name":"TSG_PROFILE_TRAFFIC_MIRROR", "table_type":"plugin", - "valid_column":4, "custom": { - "key":1, - "key_type":"pointer" + "key_type":"pointer", + "key_name":"uuid" } } ]