gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature(adapt maat): TSG_PROFILE_TRAFFIC_MIRROR adapt uuid

Browse Source
This commit is contained in:
luwenpeng
2024-09-25 17:46:28 +08:00
parent 3617db7201
commit 0461a12216
5 changed files with 129 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugin/business/traffic-mirror/include/traffic_mirror.h
View File

@@ -49,8 +49,6 @@ struct traffic_mirror_instance
unsigned int default_vlan_id;
struct maat* maat_feather;
int policy_table_id;
int profile_table_id;
/* DEFAULT MAC ADDRESS, IN VLAN MODE */
char default_ether_addr_src;
@@ -62,14 +60,16 @@ struct traffic_mirror_instance
struct policy_table_ex_data
{
uuid_t rule_uuid;
uuid_t profile_uuid;
unsigned int atomic_refcnt;
unsigned int enable;
unsigned int is_profile_set;
unsigned int profile_id;
};
struct profile_table_ex_data
{
uuid_t profile_uuid;
unsigned int atomic_refcnt;
unsigned int nr_targets;

233
plugin/business/traffic-mirror/src/entry.cpp
View File

@@ -75,8 +75,7 @@ void policy_table_ex_data_free(struct policy_table_ex_data * object)
if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object);
}
void policy_table_ex_data_dup_cb(int table_id, void **to,
void **from, long argl, void * argp)
void policy_table_ex_data_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp)
{
struct policy_table_ex_data * ex_data = (struct policy_table_ex_data *)*from;
if(ex_data==NULL)
@@ -90,7 +89,7 @@ void policy_table_ex_data_dup_cb(int table_id, void **to,
}
}
void policy_table_ex_data_free_cb(int table_id, void **ad, long argl, void * argp)
void policy_table_ex_data_free_cb(const char *table_name, void **ad, long argl, void *argp)
{
struct policy_table_ex_data * ex_data = (struct policy_table_ex_data *)*ad;
if(ex_data)
@@ -99,103 +98,120 @@ void policy_table_ex_data_free_cb(int table_id, void **ad, long argl, void * arg
}
}
void policy_table_ex_data_new_cb(const char *table_name, int table_id, const char * key, const char * table_line,
void **ad, long argl, void * argp)
void policy_table_ex_data_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp;
struct traffic_mirror_instance *instance = (struct traffic_mirror_instance *)argp;
assert(instance != nullptr && instance->logger != nullptr);
char * str_json = NULL;
cJSON * json_root = NULL;
cJSON * json_subroot = NULL;
cJSON * json_item = NULL;
char *str_json = NULL;
cJSON *json = NULL;
cJSON *object = NULL;
cjson *subobj = NULL;
cJSON *item = NULL;
struct policy_table_ex_data *ex_data = NULL;
struct policy_table_ex_data * ex_data = NULL;
size_t user_region_offset;
size_t user_region_len;
int result = maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len);
if (unlikely(result < 0))
str_json = strdup(table_line);
if (unlikely(!str_json))
{
TFE_LOG_ERROR(instance->logger, "Failed at get policy table's user region.");
goto ignore;
TFE_LOG_ERROR(instance->logger, "failed at duplicating table line, %s", table_line);
goto error_out;
}
str_json = ALLOC(char, user_region_len + 1);
memcpy(str_json, table_line + user_region_offset, user_region_len);
json_root = cJSON_Parse(str_json);
if (unlikely(!json_root))
json = cJSON_Parse(str_json);
if (unlikely(!json))
{
TFE_LOG_ERROR(instance->logger, "failed at parsing user region as JSON format.");
goto ignore;
TFE_LOG_ERROR(instance->logger, "failed at parsing user region as JSON format, %s", table_line);
goto error_out;
}
json_subroot = cJSON_GetObjectItem(json_root, "traffic_mirror");
object = cJSON_GetObjectItem(json, "action_parameter");
if (unlikely(!object))
{
TFE_LOG_ERROR(instance->logger, "invalid format, action_parameter is not defined, %s", table_line);
goto error_out;
}
subobj = cJSON_GetObjectItem(object, "traffic_mirror");
if (unlikely(!json_subroot))
{
TFE_LOG_ERROR(instance->logger, "invalid format, traffic_mirror is not defined.");
goto ignore;
TFE_LOG_ERROR(instance->logger, "invalid format, traffic_mirror is not defined, %s", table_line);
goto error_out;
}
ex_data = ALLOC(struct policy_table_ex_data, 1);
ex_data->atomic_refcnt = 1;
ex_data->enable = 0;
ex_data->profile_id = 0;
ex_data->is_profile_set = 0;
uuid_parse(key, ex_data->rule_id);
json_item = cJSON_GetObjectItem(json_subroot, "enable");
if (unlikely(!json_item || !cJSON_IsNumber(json_item)))
item = cJSON_GetObjectItem(subobj, "enable");
if (unlikely(!item || !cJSON_IsNumber(item)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, traffic_mirror->enable not existed or invalid type.");
goto ignore;
goto error_out;
}
ex_data->enable = json_item->valueint;
ex_data->enable = item->valueint;
if (!ex_data->enable)
{
goto success;
}
json_item = cJSON_GetObjectItem(json_subroot, "mirror_profile");
if (unlikely(!json_item || !cJSON_IsNumber(json_item)))
item = cJSON_GetObjectItem(subobj, "mirror_profile");
if (unlikely(!item || !cJSON_IsString(item)))
{
TFE_LOG_DEBUG(instance->logger, "traffic_mirror->mirror_profile not existed, user default vlan id :%d.", instance->default_vlan_id);
ex_data->is_profile_set = 0;
ex_data->profile_id = 0;
uuid_clear(ex_data->profile_uuid);
}
else
{
ex_data->is_profile_set = 1;
ex_data->profile_id = json_item->valueint;
uuid_parse(item->valuestring, ex_data->profile_uuid);
}
success:
TFE_LOG_DEBUG(instance->logger, "traffic mirror policy, key %s: enable = %d, profile = %d",
key, ex_data->enable, ex_data->profile_id);
TFE_LOG_DEBUG(instance->logger, "traffic mirror policy, key %s: enable = %d, profile = %s",
key, ex_data->enable, item->valuestring);
success:
cJSON_Delete(json);
free(str_json);
*ad = ex_data;
ex_data = nullptr;
goto out;
return;
ignore:
TFE_LOG_ERROR(instance->logger, "table line in PXY_INTERCEPT_COMPILE ignored %s: %s", key, table_line);
goto out;
out:
if (ex_data) policy_table_ex_data_free(ex_data);
if (json_root) cJSON_Delete(json_root);
if (str_json) free(str_json);
error_out:
if (json)
{
cJSON_Delete(json);
}
if (str_json)
{
free(str_json);
}
if (ex_data)
{
free(ex_data);
}
}
void profile_table_ex_data_free(struct profile_table_ex_data * object)
void profile_table_ex_data_free(struct profile_table_ex_data *object)
{
if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object);
if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0))
{
if (object->vlans)
{
free(object->vlans);
}
if (object->ether_addrs)
{
free(object->ether_addrs);
}
free(object);
}
}
void profile_table_ex_data_dup_cb(int table_id, void **to,
void **from, long argl, void * argp)
void profile_table_ex_data_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp)
{
struct profile_table_ex_data * ex_data = (struct profile_table_ex_data *)*from;
if(ex_data)
@@ -209,7 +225,7 @@ void profile_table_ex_data_dup_cb(int table_id, void **to,
}
}
void profile_table_ex_data_free_cb(int table_id, void **ad, long argl, void * argp)
void profile_table_ex_data_free_cb(const char *table_name, void **ad, long argl, void *argp)
{
struct profile_table_ex_data * ex_data = (struct profile_table_ex_data *)*ad;
if(ex_data)
@@ -218,66 +234,62 @@ void profile_table_ex_data_free_cb(int table_id, void **ad, long argl, void * ar
}
}
void profile_table_ex_data_new_cb(const char *table_name, int table_id, const char * key, const char * table_line,
void **ad, long argl, void * argp)
void profile_table_ex_data_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp;
struct traffic_mirror_instance *instance = (struct traffic_mirror_instance *)argp;
assert(instance != nullptr && instance->logger != nullptr);
char * str_json = NULL;
cJSON * json_root = NULL;
cJSON * element = NULL;
char *str_json = NULL;
cJSON *json = NULL;
cJSON *array = NULL;
cJSON *element = NULL;
unsigned int iter = 0;
struct profile_table_ex_data *ex_data = NULL;
struct profile_table_ex_data * ex_data = NULL;
size_t addr_list_offset;
size_t addr_list_len;
int result = maat_helper_read_column(table_line, 3, &addr_list_offset, &addr_list_len);
if (unlikely(result < 0))
str_json = strdup(table_line);
if (unlikely(!str_json))
{
TFE_LOG_ERROR(instance->logger, "Failed at get profile table's addrlist.");
goto ignore;
TFE_LOG_ERROR(instance->logger, "failed at duplicating table line, %s", table_line);
goto error_out;
}
str_json = ALLOC(char, addr_list_len + 1);
memcpy(str_json, table_line + addr_list_offset, addr_list_len);
json_root = cJSON_Parse(str_json);
if (unlikely(!json_root))
json = cJSON_Parse(str_json);
if (unlikely(!json))
{
TFE_LOG_ERROR(instance->logger, "failed at parsing addrlist as JSON format.");
goto ignore;
TFE_LOG_ERROR(instance->logger, "failed at parsing addrlist as JSON format, %s", table_line);
goto error_out;
}
ex_data = ALLOC(struct profile_table_ex_data, 1);
ex_data->atomic_refcnt = 1;
ex_data->rewrite_mac = 0;
ex_data->rewrite_vlan = 0;
uuid_parse(key, ex_data->profile_uuid);
if (unlikely(!cJSON_IsArray(json_root)))
array = cJSON_GetObjectItem(json, "vlan_ids");
if (unlikely(!array || !cJSON_IsArray(array)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->vlan is not a array, %s.", str_json);
goto ignore;
TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->vlan_ids is not a array, %s", table_line);
goto error_out;
}
ex_data->nr_targets = cJSON_GetArraySize(json_root);
ex_data->nr_targets = cJSON_GetArraySize(array);
ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int));
ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr));
cJSON_ArrayForEach(element, json_root)
cJSON_ArrayForEach(element, array)
{
if (unlikely(!cJSON_IsNumber(element)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, elements in mirror_profile->vlan is not a number, %s.", str_json);
goto ignore;
goto error_out;
}
unsigned int vlan_in_number = element->valueint;
if (unlikely(vlan_in_number <= 0 || vlan_in_number > 4094))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, vlan id must between 1 and 4094.");
goto ignore;
goto error_out;
}
TFE_LOG_DEBUG(instance->logger, "traffic mirror profile %s: vlan id[%d] %d", key, iter, vlan_in_number);
@@ -292,14 +304,13 @@ void profile_table_ex_data_new_cb(const char *table_name, int table_id, const ch
*ad = (void *)ex_data;
ex_data = nullptr;
TFE_LOG_DEBUG(instance->logger, "traffic mirror profile %s: %s", key, str_json);
goto out;
TFE_LOG_DEBUG(instance->logger, "Add traffic mirror profile: %s", key);
ignore:
TFE_LOG_ERROR(instance->logger, "table line in TSG_PROFILE_TRAFFIC_MIRROR ignored %s: %s", key, table_line);
goto out;
cJSON_Delete(json_root);
free(str_json);
return;
out:
error_out:
if (ex_data)
{
profile_table_ex_data_free(ex_data);
@@ -502,29 +513,13 @@ int traffic_mirror_init(struct tfe_proxy * proxy)
goto errout;
}
/* REGISTER MAAT FEATHER */
instance->policy_table_id = maat_get_table_id(instance->maat_feather, "PXY_INTERCEPT_COMPILE");
if (instance->policy_table_id < 0)
{
TFE_LOG_ERROR(instance->logger, "failed at register table PXY_INTERCEPT_COMPILE, ret = %d",
instance->policy_table_id); goto errout;
}
instance->profile_table_id = maat_get_table_id(instance->maat_feather, "TSG_PROFILE_TRAFFIC_MIRROR");
if (instance->profile_table_id < 0)
{
TFE_LOG_ERROR(instance->logger, "failed at register table TSG_PROFILE_TRAFFIC_MIRROR, ret = %d",
instance->profile_table_id); goto errout;
}
result = maat_plugin_table_ex_schema_register(instance->maat_feather, "PXY_INTERCEPT_COMPILE",
policy_table_ex_data_new_cb, policy_table_ex_data_free_cb, policy_table_ex_data_dup_cb,
0, instance);
if(result < 0)
{
TFE_LOG_ERROR(instance->logger, "failed at maat_plugin_table_ex_schema_register(PXY_INTERCEPT_COMPILE), "
"table_id = %d, ret = %d", instance->policy_table_id, result);
TFE_LOG_ERROR(instance->logger, "failed at maat_plugin_table_ex_schema_register(PXY_INTERCEPT_COMPILE)");
goto errout;
}
@@ -534,8 +529,8 @@ int traffic_mirror_init(struct tfe_proxy * proxy)
if (unlikely(result < 0))
{
TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(TSG_PROFILE_TRAFFIC_MIRROR), "
"table_id = %d, ret = %d", instance->policy_table_id, result);
TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(TSG_PROFILE_TRAFFIC_MIRROR)");
goto errout;
}
if (traffic_mirror_ethdev_init(instance) < 0)
@@ -570,10 +565,10 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
assert(instance != NULL);
assert(cmsg != NULL);
char str_policy_id[TFE_SYMBOL_MAX] = {0};
char str_profile_id[TFE_SYMBOL_MAX] = {0};
char rule_uuid_str[UUID_STRING_SIZE] = {0};
char profile_uuid_str[TFE_SYMBOL_MAX] = {0};
uint64_t rule_id;
uuid_t rule_uuid;
uint16_t opt_out_size;
struct policy_table_ex_data * policy_ex_data = NULL;
@@ -582,15 +577,15 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
struct ether_addr c_ether_addr = {};
struct ether_addr s_ether_addr = {};
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &opt_out_size);
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_uuid, sizeof(rule_uuid), &opt_out_size);
if (ret < 0)
{
TFE_LOG_ERROR(instance->logger, "failed at getting policy id from cmsg, detach the stream.");
goto detach;
}
snprintf(str_policy_id, sizeof(str_policy_id), "%lu", rule_id);
policy_ex_data = (struct policy_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, instance->policy_table_id, str_policy_id, strlen(str_policy_id));
uuid_unparse(rule_uuid, rule_uuid_str);
policy_ex_data = (struct policy_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, PXY_INTERCEPT_COMPILE, rule_uuid, sizeof(uuid_t));
if (!policy_ex_data || !policy_ex_data->enable)
{
goto detach;
@@ -616,13 +611,13 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
if (policy_ex_data->is_profile_set)
{
snprintf(str_profile_id, sizeof(str_policy_id), "%u", policy_ex_data->profile_id);
profile_ex_data = (struct profile_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, instance->profile_table_id, str_profile_id, strlen(str_profile_id));
uuid_unparse(policy_ex_data->profile_uuid, profile_uuid_str);
profile_ex_data = (struct profile_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, TSG_PROFILE_TRAFFIC_MIRROR, policy_ex_data->profile_uuid, sizeof(uuid_t));
if (!profile_ex_data)
{
TFE_LOG_ERROR(instance->logger, "failed at getting policy %s's profile, profile id = %s, "
"detach the stream",
str_policy_id, str_profile_id);
rule_uuid_str, profile_uuid_str);
goto detach;
}
@@ -652,7 +647,9 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
rebuild_target = NULL;
traffic_mirror_rebuild_handshake(me->rebuild_ctx, thread_id);
return ACTION_FORWARD_DATA;
TFE_LOG_DEBUG(instance->logger, "hit traffic mirror policy %s, profile %s, vlan %d",
rule_uuid_str, profile_uuid_str, me->rebuild_ctx->target.vlan_tci);
return ACTION_FORWARD_DATA;
detach:
if (me)