将kni合并到tfe中

2023-04-18 16:03:57 +08:00
parent 48c303e856
commit 11a46269f1
34 changed files with 6301 additions and 26 deletions
--- a/common/include/tfe_acceptor_kni.h
+++ b/common/include/tfe_acceptor_kni.h
@@ -0,0 +1,152 @@
+#ifndef _TFE_ACCEPTOR_KNI_H
+#define _TFE_ACCEPTOR_KNI_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include <sched.h>
+
+// #include "proxy.h"
+#include "tfe_utils.h"
+#include "tfe_timestamp.h"
+#include "tfe_packet_io.h"
+#include "tfe_session_table.h"
+
+    /******************************************************************************
+     * Struct For tap
+     ******************************************************************************/
+
+    struct tap_config
+    {
+        int enable_iouring;
+        int enable_debuglog;
+
+        int ring_size;
+        int buff_size;
+
+        int flags;
+        int sq_thread_idle;
+
+        char src_mac[6];
+        char tap_mac[6];
+        char tap_c_mac[6];
+        char tap_s_mac[6];
+        char tap_device[16];
+        char tap_c_device[16];
+        char tap_s_device[16];
+        int tap_rps_enable;
+        char tap_rps_mask[TFE_SYMBOL_MAX];
+
+        struct bpf_ctx *tap_bpf_ctx;
+    };
+
+    struct tap_ctx
+    {
+        int tap_s;
+        int tap_c;
+        int tap_fd;
+
+        struct io_uring_instance *io_uring_fd;
+        struct io_uring_instance *io_uring_c;
+        struct io_uring_instance *io_uring_s;
+
+        int buff_size;
+        char *buff;
+    };
+
+    /******************************************************************************
+     * Struct For Thread
+     ******************************************************************************/
+    struct acceptor_thread_ctx
+    {
+        pthread_t tid;
+        int thread_index;
+        
+        struct tap_ctx *tap_ctx;
+        struct session_table *session_table;
+        struct sf_metrics *sf_metrics;
+
+        struct tap_config *ref_tap_config;
+        struct packet_io *ref_io;
+        struct global_metrics *ref_metrics;
+        struct policy_enforcer *ref_enforcer;
+        struct acceptor_ctx *ref_acceptor_ctx;
+        struct tfe_proxy *ref_proxy;
+
+        int session_table_need_reset;
+    };
+
+    /******************************************************************************
+     * Struct For Session
+     ******************************************************************************/
+
+    struct packet_info
+    {
+        int dir_is_e2i;
+        struct addr_tuple4 tuple4;
+        char *addr_string;
+
+        char *header_data;
+        int header_len;
+
+        struct sids sids;
+        struct route_ctx route_ctx;
+    };
+
+    struct session_ctx
+    {
+        int policy_ids;
+        uint64_t session_id;
+
+        uint16_t user_field;
+
+        struct route_ctx raw_pkt_i2e_route_ctx;
+        struct route_ctx raw_pkt_e2i_route_ctx;
+
+        struct sids raw_pkt_i2e_sids;
+        struct sids raw_pkt_e2i_sids;
+
+        // depending on first control packet
+        struct packet_info first_ctrl_pkt;
+
+        // 加锁
+        struct tfe_cmsg *cmsg;
+        struct acceptor_thread_ctx *ref_thread_ctx;
+    };
+
+    struct session_ctx *session_ctx_new();
+    void session_ctx_free(struct session_ctx *ctx);
+
+    /******************************************************************************
+     * Struct For KNI
+     ******************************************************************************/
+
+    struct acceptor_ctx
+    {
+        int firewall_sids;
+        int sce_sids;
+        int nr_worker_threads;
+        
+        int cpu_affinity_mask[TFE_THREAD_MAX];
+
+        cpu_set_t coremask;
+        struct tap_config *config;
+        struct timestamp *ts;
+        struct packet_io *io;
+        struct global_metrics *metrics;
+        struct policy_enforcer *enforcer;
+        struct acceptor_thread_ctx work_threads[TFE_THREAD_MAX];
+
+        struct tfe_proxy *ref_proxy;
+    };
+
+    struct acceptor_ctx *acceptor_ctx_create(const char *profile);
+    void acceptor_ctx_destory(struct acceptor_ctx *ctx);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_addr_tuple4.h
+++ b/common/include/tfe_addr_tuple4.h
@@ -0,0 +1,66 @@
+#ifndef _TFE_ADDR_TUPLE4_H
+#define _TFE_ADDR_TUPLE4_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include <netinet/in.h>
+
+    enum addr_tuple4_type
+    {
+        ADDR_TUPLE4_TYPE_V4,
+        ADDR_TUPLE4_TYPE_V6,
+    };
+
+    struct addr_v4
+    {
+        struct in_addr src_addr; /* network order */
+        struct in_addr dst_addr; /* network order */
+    };
+
+    struct addr_v6
+    {
+        struct in6_addr src_addr; /* network order */
+        struct in6_addr dst_addr; /* network order */
+    };
+
+    struct addr_tuple4
+    {
+        enum addr_tuple4_type addr_type;
+        in_port_t src_port; /* network order */
+        in_port_t dst_port; /* network order */
+        union
+        {
+            struct addr_v4 addr_v4;
+            struct addr_v6 addr_v6;
+        };
+    };
+
+#define INIT_ADDR_V4(name, src_addr_str, src_port_num, dst_addr_str, dst_port_num) \
+    struct addr_tuple4 name;                                                       \
+    memset(&name, 0, sizeof(name));                                                \
+    (name).addr_type = ADDR_TUPLE4_TYPE_V4;                                        \
+    (name).src_port = htons((src_port_num));                                       \
+    (name).dst_port = htons((dst_port_num));                                       \
+    inet_pton(AF_INET, (src_addr_str), &(name).addr_v4.src_addr);                  \
+    inet_pton(AF_INET, (dst_addr_str), &(name).addr_v4.dst_addr);
+
+#define INIT_ADDR_V6(name, src_addr_str, src_port_num, dst_addr_str, dst_port_num) \
+    struct addr_tuple4 name;                                                       \
+    memset(&name, 0, sizeof(name));                                                \
+    (name).addr_type = ADDR_TUPLE4_TYPE_V6;                                        \
+    (name).src_port = htons((src_port_num));                                       \
+    (name).dst_port = htons((dst_port_num));                                       \
+    inet_pton(AF_INET6, (src_addr_str), &(name).addr_v6.src_addr);                 \
+    inet_pton(AF_INET6, (dst_addr_str), &(name).addr_v6.dst_addr);
+
+    char *addr_tuple4_to_str(const struct addr_tuple4 *addr);
+    void addr_tuple4_reverse(const struct addr_tuple4 *orin, struct addr_tuple4 *out);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_ctrl_packet.h
+++ b/common/include/tfe_ctrl_packet.h
@@ -0,0 +1,44 @@
+#ifndef _TFE_CTRL_PACKET_H
+#define _TFE_CTRL_PACKET_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include <stdint.h>
+
+enum session_state
+{
+    SESSION_STATE_OPENING = 1,
+    SESSION_STATE_CLOSING = 2,
+    SESSION_STATE_ACTIVE = 3,
+    SESSION_STATE_RESETALL = 4,
+};
+
+struct ctrl_pkt_parser
+{
+    char tsync[4];
+    uint64_t session_id;
+    enum session_state state;
+    char method[32];
+    uint64_t tfe_policy_ids[32];
+    int tfe_policy_id_num;
+    uint64_t sce_policy_ids[32];
+    int sce_policy_id_num;
+    struct tfe_cmsg *cmsg;
+};
+
+const char *session_state_to_string(enum session_state state);
+void ctrl_packet_parser_init(struct ctrl_pkt_parser *handler);
+
+// return  0 : success
+// return -1 : error
+int ctrl_packet_parser_parse(struct ctrl_pkt_parser *handler, const char *data, size_t length);
+void ctrl_packet_parser_dump(struct ctrl_pkt_parser *handler);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_metrics.h
+++ b/common/include/tfe_metrics.h
@@ -0,0 +1,61 @@
+#ifndef _GLOBAL_METRICS_H
+#define _GLOBAL_METRICS_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include "tfe_utils.h"
+#include <MESA/field_stat2.h>
+
+struct global_metrics_config
+{
+    char output_file[256];
+    char statsd_server[32];
+    int statsd_port;
+    int statsd_format;
+    int statsd_cycle;
+
+    int prometheus_listen_port;
+    char prometheus_listen_url[256];
+};
+
+struct global_metrics
+{
+    struct throughput_metrics raw_pkt_rx;       // 累计值
+    struct throughput_metrics raw_pkt_tx;       // 累计值
+
+    struct throughput_metrics hit_policy;       // 累计值
+
+    struct throughput_metrics decrypt_tx;       // 累计值
+    struct throughput_metrics decrypt_rx;       // 累计值
+
+    struct throughput_metrics ctrl_pkt_rx;      // 累计值
+
+    uint64_t ctrl_pkt_opening_num;  // 累计值
+    uint64_t ctrl_pkt_active_num;   // 累计值
+    uint64_t ctrl_pkt_closing_num;  // 累计值
+    uint64_t ctrl_pkt_resetall_num; // 累计值
+    uint64_t ctrl_pkt_error_num;    // 累计值
+
+    uint64_t sf_active_times;      // 累计值
+    uint64_t sf_inactive_times;    // 累计值
+
+    uint64_t session_nums; // 瞬时值
+    uint64_t send_log;     // 瞬时值
+
+    struct global_metrics_config config;
+    screen_stat_handle_t fs_handle;
+    int fs_id[128];
+};
+
+struct global_metrics *global_metrics_create();
+void global_metrics_destory(struct global_metrics *metrics);
+void global_metrics_dump(struct global_metrics *metrics);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_mpack.h
+++ b/common/include/tfe_mpack.h
@@ -0,0 +1,17 @@
+#ifndef _TFE_MPACK_H
+#define _TFE_MPACK_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include "tfe_cmsg.h"
+
+int parse_messagepack(const char* data, size_t length, void *ctx);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_packet_io.h
+++ b/common/include/tfe_packet_io.h
@@ -0,0 +1,23 @@
+#ifndef _TFE_PACKET_IO_H
+#define _TFE_PACKET_IO_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+struct packet_io *packet_io_create(const char *profile, int thread_num, cpu_set_t *coremask);
+void packet_io_destory(struct packet_io *handle);
+
+int packet_io_thread_init(struct packet_io *handle, struct acceptor_thread_ctx *thread_ctx);
+void packet_io_thread_wait(struct packet_io *handle, struct acceptor_thread_ctx *thread_ctx, int timeout_ms);
+
+int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, void *ctx);
+void handle_raw_packet_from_tap(const char *data, int len, void *args);
+void handle_decryption_packet_from_tap(const char *data, int len, void *args);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_raw_packet.h
+++ b/common/include/tfe_raw_packet.h
@@ -0,0 +1,99 @@
+#ifndef _TFE_RAW_PACKET_H
+#define _TFE_RAW_PACKET_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include <stdint.h>
+
+enum layer_type
+{
+    // 数据链路层
+    LAYER_TYPE_ETHER = 1 << 0,
+    LAYER_TYPE_PPP = 1 << 1,
+    LAYER_TYPE_HDLC = 1 << 2,
+    LAYER_TYPE_L2 = (LAYER_TYPE_ETHER | LAYER_TYPE_PPP | LAYER_TYPE_HDLC),
+
+    // 数据链路层 -- 隧道
+    LAYER_TYPE_VLAN = 1 << 3,
+    LAYER_TYPE_PPPOE = 1 << 4,
+    LAYER_TYPE_MPLS = 1 << 5,
+    LAYER_TYPE_L2_TUN = (LAYER_TYPE_VLAN | LAYER_TYPE_PPPOE | LAYER_TYPE_MPLS),
+
+    // 网络层
+    LAYER_TYPE_IPV4 = 1 << 6,
+    LAYER_TYPE_IPV6 = 1 << 7,
+    LAYER_TYPE_L3 = (LAYER_TYPE_IPV4 | LAYER_TYPE_IPV6),
+
+    // 网络层 -- 隧道
+
+    // 传输层
+    LAYER_TYPE_UDP = 1 << 8,
+    LAYER_TYPE_TCP = 1 << 9,
+    LAYER_TYPE_L4 = (LAYER_TYPE_UDP | LAYER_TYPE_TCP),
+
+    // 传输层 -- 隧道
+    LAYER_TYPE_G_VXLAN = 1 << 10,
+    LAYER_TYPE_GTPV1_U = 1 << 11,
+
+    // ALL
+    LAYER_TYPE_ALL = (LAYER_TYPE_L2 | LAYER_TYPE_L2_TUN | LAYER_TYPE_L3 | LAYER_TYPE_L4 | LAYER_TYPE_G_VXLAN | LAYER_TYPE_GTPV1_U),
+
+    // UNKNOWN
+    LAYER_TYPE_UNKNOWN,
+};
+
+enum ldbc_method
+{
+    LDBC_METHOD_HASH_INT_IP = 1,
+    LDBC_METHOD_HASH_EXT_IP = 2,
+    LDBC_METHOD_HASH_INT_IP_AND_EXT_IP = 3,
+    LDBC_METHOD_HASH_INNERMOST_INT_IP = 4,
+    LDBC_METHOD_HASH_INNERMOST_EXT_IP = 5,
+};
+
+struct layer_result
+{
+    uint16_t offset;
+    enum layer_type type;
+};
+
+struct layer_results
+{
+    struct layer_result layers[16];
+    uint16_t layers_used;
+    uint16_t layers_size;
+};
+
+struct raw_pkt_parser
+{
+    enum layer_type expect_type;
+    struct layer_results results;
+
+    const void *ptr_pkt_start;
+    uint64_t pkt_trace_id;
+};
+
+void raw_packet_parser_init(struct raw_pkt_parser *handler, uint64_t pkt_trace_id, enum layer_type expect_type, uint16_t expect_results_num);
+// return most inner payload
+const void *raw_packet_parser_parse(struct raw_pkt_parser *handler, const void *data, size_t length);
+
+// return  0 : success
+// return -1 : error
+int raw_packet_parser_get_most_inner_tuple4(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
+int raw_packet_parser_get_most_outer_tuple4(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
+
+// return  0 : success
+// return -1 : error
+int raw_packet_parser_get_most_inner_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
+int raw_packet_parser_get_most_outer_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
+
+uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_internal);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_session_table.h
+++ b/common/include/tfe_session_table.h
@@ -0,0 +1,58 @@
+#ifndef _SESSION_TABLE_H
+#define _SESSION_TABLE_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include <stdint.h>
+#include <sys/types.h>
+
+#include "uthash.h"
+#include "tfe_addr_tuple4.h"
+
+// Note: session_addr must be initialized by memset(0) before use !!!
+
+typedef void fn_free_cb(void *args);
+
+struct session_node
+{
+    uint64_t session_id;             /* first key */
+    struct addr_tuple4 session_addr; /* second key */
+
+    void *val_data;
+    fn_free_cb *val_freecb;
+
+    UT_hash_handle hh1; /* handle for first hash table */
+    UT_hash_handle hh2; /* handle for second hash table */
+};
+
+struct session_table;
+
+struct session_table *session_table_create();
+void session_table_destory(struct session_table *table);
+void session_table_reset(struct session_table *table);
+uint64_t session_table_count(struct session_table *table);
+
+// session_addr : deep copy
+// val_data     : shallow copy (malloc by user, free by val_freecb)
+// return  0 : suceess
+// return -1 : key exists
+int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *val_data, const fn_free_cb *val_freecb);
+
+// return  0 : success
+// return -1 : key not exists
+int session_table_delete_by_id(struct session_table *table, uint64_t session_id);
+int session_table_delete_by_addr(struct session_table *table, const struct addr_tuple4 *session_addr);
+
+// return   NULL : key not exists
+// return UnNULL : success
+struct session_node *session_table_search_by_id(struct session_table *table, uint64_t session_id);
+struct session_node *session_table_search_by_addr(struct session_table *table, const struct addr_tuple4 *session_addr);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_tap_rss.h
+++ b/common/include/tfe_tap_rss.h
@@ -0,0 +1,35 @@
+#ifndef _TFE_TAP_RSS_H_
+#define _TFE_TAP_RSS_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#define TAP_RSS_LOG_TAG "TAP_RSS: "
+
+struct bpf_ctx;
+
+int tfe_tap_get_bpf_prog_fd(struct bpf_ctx *ctx);
+
+struct bpf_ctx *tfe_tap_global_load_rss_bpf(const char *bpf_obj_file, uint32_t bpf_queue_num, uint32_t bpf_hash_mode, uint32_t bpf_debug_log, void *logger);
+void tfe_tap_global_unload_rss_bpf(struct bpf_ctx *ctx);
+
+struct tap_ctx *tfe_tap_ctx_create(void *ctx);
+
+struct tap_config *tfe_tap_config_create(const char *profile, int thread_num);
+void tfe_tap_destory(struct tap_config *tap);
+
+int tfe_tap_set_rps(void *local_logger, const char *tap_name, int thread_num, const char *rps_mask);
+
+int tfe_tap_open_per_thread(const char *tap_dev, int tap_flags, int bpf_prog_fd, void *logger);
+void tfe_tap_close_per_thread(int tap_fd);
+
+int tfe_tap_read_per_thread(int tap_fd, char *buff, int buff_size, void *logger);
+int tfe_tap_write_per_thread(int tap_fd, const char *data, int data_len, void *logger);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_timestamp.h
+++ b/common/include/tfe_timestamp.h
@@ -0,0 +1,24 @@
+#ifndef _TFE_TIMESTAMP_H
+#define _TFE_TIMESTAMP_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include <stdint.h>
+
+struct timestamp *timestamp_new(uint64_t update_interval_ms);
+void timestamp_free(struct timestamp *ts);
+
+void timestamp_update(struct timestamp *ts);
+uint64_t timestamp_update_interval_ms(struct timestamp *ts);
+
+uint64_t timestamp_get_sec(struct timestamp *ts);
+uint64_t timestamp_get_msec(struct timestamp *ts);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/common/include/tfe_utils.h
+++ b/common/include/tfe_utils.h
@@ -10,6 +10,18 @@
 #include <dirent.h> //scan_dir
 #include <stdbool.h>

+#define LOG_TAG_POLICY "POLICY"
+#define LOG_TAG_UTILS "UTILS"
+#define LOG_TAG_RAWPKT "RAW_PACKET"
+#define LOG_TAG_CTRLPKT "CTRL_PACKET"
+#define LOG_TAG_STABLE "SESSION_TABLE"
+#define LOG_TAG_PKTIO "PACKET_IO"
+#define LOG_TAG_METRICS "G_METRICS"
+#define LOG_TAG_SF_METRICS "SF_METRICS"
+#define LOG_TAG_SF_STATUS "SF_STATUS"
+#define LOG_TAG_SCE "SCE"
+#define LOG_TAG_TIMESTAMP "TIMESTAMP"
+
 #define TFE_STRING_MAX			2048
 #define	TFE_PATH_MAX			256
 #define TFE_SYMBOL_MAX			64
@@ -170,4 +182,59 @@ int tfe_scandir(const char *dir, struct dirent ***namelist,
 char *tfe_read_file(const char *filename, size_t *filelen);

 const char * tfe_version();
-int tfe_decode_base64url(u_char *dst, u_char *src);
+int tfe_decode_base64url(u_char *dst, u_char *src);
+
+/******************************************************************************
+ * sids
+ ******************************************************************************/
+
+#include <marsio.h>
+
+struct sids
+{
+    int num;
+    sid_t elems[MR_SID_LIST_MAXLEN];
+};
+
+void sids_write_once(struct sids *dst, struct sids *src);
+void sids_copy(struct sids *dst, struct sids *src);
+
+/******************************************************************************
+ * route_ctx
+ ******************************************************************************/
+
+struct route_ctx
+{
+    char data[64];
+    int len;
+};
+
+int route_ctx_is_empty(struct route_ctx *ctx);
+void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src);
+
+/******************************************************************************
+ * protocol
+ ******************************************************************************/
+
+struct udp_hdr
+{
+    u_int16_t uh_sport; /* source port */
+    u_int16_t uh_dport; /* destination port */
+    u_int16_t uh_ulen;  /* udp length */
+    u_int16_t uh_sum;   /* udp checksum */
+} __attribute__((__packed__));
+
+void build_udp_header(const char *l3_hdr, int l3_hdr_len, struct udp_hdr *udp_hdr, u_int16_t udp_sport, u_int16_t udp_dport, int payload_len);
+void build_ip_header(struct ip *ip_hdr, u_int8_t next_protocol, const char *src_addr, const char *dst_addr, uint16_t payload_len);
+void build_ether_header(struct ethhdr *eth_hdr, uint16_t next_protocol, const char *src_mac, const char *dst_mac);
+
+int str_to_mac(const char *str, char *mac_buff);
+int get_mac_by_device_name(const char *dev_name, char *mac_buff);
+
+struct throughput_metrics
+{
+    uint64_t n_pkts;
+    uint64_t n_bytes;
+};
+
+void throughput_metrics_inc(struct throughput_metrics *iterm, uint64_t n_pkts, uint64_t n_bytes);
--- a/common/include/uthash.h
+++ b/common/include/uthash.h