gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-9433 当Mirror Decrypted Traffic开启,且Add VLAN ID关闭时使用默认的VLAN ID

Browse Source
This commit is contained in:
luwenpeng
2022-01-18 14:15:32 +08:00
parent aae738391e
commit 94938311d7
3 changed files with 54 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
conf/tfe/tfe.conf
View File

@@ -161,6 +161,7 @@ enable=1
device=eth4 device=eth4
# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO # 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO
type=1 type=1
default_vlan_id=2
table_info=resource/pangu/table_info_traffic_mirror.conf table_info=resource/pangu/table_info_traffic_mirror.conf
stat_file=log/traffic_mirror.status stat_file=log/traffic_mirror.status

2
plugin/business/traffic-mirror/include/traffic_mirror.h
View File

@@ -23,6 +23,7 @@ struct traffic_mirror_instance
void * logger; void * logger;
unsigned int enable; unsigned int enable;
unsigned int nr_threads; unsigned int nr_threads;
unsigned int default_vlan_id;
Maat_feather_t maat_feather; Maat_feather_t maat_feather;
int policy_table_id; int policy_table_id;
@@ -39,6 +40,7 @@ struct policy_table_ex_data
{ {
unsigned int atomic_refcnt; unsigned int atomic_refcnt;
unsigned int enable; unsigned int enable;
unsigned int is_profile_set;
unsigned int profile_id; unsigned int profile_id;
}; };

74
plugin/business/traffic-mirror/src/entry.cpp
View File

@@ -7,6 +7,8 @@
#include <traffic_mirror.h> #include <traffic_mirror.h>
#include <MESA/MESA_prof_load.h> #include <MESA/MESA_prof_load.h>
const static struct ether_addr ether_addr_broadcast{0xff,0xff,0xff,0xff, 0xff, 0xff};
struct traffic_mirror_me struct traffic_mirror_me
{ {
struct profile_table_ex_data * profile_ex_data; struct profile_table_ex_data * profile_ex_data;
@@ -105,6 +107,7 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta
ex_data->atomic_refcnt = 1; ex_data->atomic_refcnt = 1;
ex_data->enable = 0; ex_data->enable = 0;
ex_data->profile_id = 0; ex_data->profile_id = 0;
ex_data->is_profile_set = 0;
json_item = cJSON_GetObjectItem(json_subroot, "enable"); json_item = cJSON_GetObjectItem(json_subroot, "enable");
if (unlikely(!json_item || !cJSON_IsNumber(json_item))) if (unlikely(!json_item || !cJSON_IsNumber(json_item)))
@@ -122,11 +125,15 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta
json_item = cJSON_GetObjectItem(json_subroot, "mirror_profile"); json_item = cJSON_GetObjectItem(json_subroot, "mirror_profile");
if (unlikely(!json_item || !cJSON_IsNumber(json_item))) if (unlikely(!json_item || !cJSON_IsNumber(json_item)))
{ {
TFE_LOG_ERROR(instance->logger, "invalid JSON, traffic_mirror->mirror_profile not existed or invalid type."); TFE_LOG_DEBUG(instance->logger, "traffic_mirror->mirror_profile not existed, user default vlan id :%d.", instance->default_vlan_id);
goto ignore; ex_data->is_profile_set = 0;
ex_data->profile_id = 0;
}
else
{
ex_data->is_profile_set = 1;
ex_data->profile_id = json_item->valueint;
} }
ex_data->profile_id = json_item->valueint;
success: success:
TFE_LOG_DEBUG(instance->logger, "traffic mirror policy, key %s: enable = %d, profile = %d", TFE_LOG_DEBUG(instance->logger, "traffic mirror policy, key %s: enable = %d, profile = %d",
@@ -181,7 +188,6 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp; struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp;
assert(instance != nullptr && instance->logger != nullptr); assert(instance != nullptr && instance->logger != nullptr);
const static struct ether_addr ether_addr_broadcast{0xff,0xff,0xff,0xff, 0xff, 0xff};
char * str_json = NULL; char * str_json = NULL;
cJSON * json_root = NULL; cJSON * json_root = NULL;
cJSON * element = NULL; cJSON * element = NULL;
@@ -403,6 +409,8 @@ static int traffic_mirror_ethdev_init(struct traffic_mirror_instance * instance)
return -1; return -1;
} }
MESA_load_profile_uint_def(profile, "traffic_mirror", "default_vlan_id", &(instance->default_vlan_id), 0);
unsigned int device_type; unsigned int device_type;
MESA_load_profile_uint_def(profile, "traffic_mirror", "type", &device_type, TRAFFIC_MIRROR_ETHDEV_AF_PACKET); MESA_load_profile_uint_def(profile, "traffic_mirror", "type", &device_type, TRAFFIC_MIRROR_ETHDEV_AF_PACKET);
@@ -553,17 +561,7 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
goto detach; goto detach;
} }
snprintf(str_profile_id, sizeof(str_policy_id), "%u", policy_ex_data->profile_id); ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_MAC, (unsigned char *) &c_ether_addr,
profile_ex_data = (struct profile_table_ex_data *) Maat_plugin_get_EX_data(instance->maat_feather,
instance->profile_table_id, str_profile_id);
if (!profile_ex_data)
{
TFE_LOG_ERROR(instance->logger, "failed at getting policy %s's profile, profile id = %s, "
"detach the stream", str_policy_id, str_profile_id);
goto detach;
}
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_MAC, (unsigned char *) &c_ether_addr,
sizeof(c_ether_addr), &opt_out_size); sizeof(c_ether_addr), &opt_out_size);
if (ret < 0 || memcmp(&c_ether_addr, &zero_mac, sizeof(c_ether_addr)) == 0) if (ret < 0 || memcmp(&c_ether_addr, &zero_mac, sizeof(c_ether_addr)) == 0)
{ {
@@ -579,14 +577,41 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
memcpy(&s_ether_addr, &default_dst_mac, sizeof(s_ether_addr)); memcpy(&s_ether_addr, &default_dst_mac, sizeof(s_ether_addr));
} }
target_id = random() % profile_ex_data->nr_targets;
rebuild_target = ALLOC(struct traffic_mirror_rebuild_target, 1); rebuild_target = ALLOC(struct traffic_mirror_rebuild_target, 1);
rebuild_target->vlan_tci = profile_ex_data->vlans[target_id];
rebuild_target->ether_addr = profile_ex_data->ether_addrs[target_id];
rebuild_target->rewrite_as_target_mac = profile_ex_data->rewrite_mac;
rebuild_target->rewrite_as_target_vlan = profile_ex_data->rewrite_vlan;
me = ALLOC(struct traffic_mirror_me, 1); if (policy_ex_data->is_profile_set)
{
snprintf(str_profile_id, sizeof(str_policy_id), "%u", policy_ex_data->profile_id);
profile_ex_data = (struct profile_table_ex_data *)Maat_plugin_get_EX_data(instance->maat_feather,
instance->profile_table_id, str_profile_id);
if (!profile_ex_data)
{
TFE_LOG_ERROR(instance->logger, "failed at getting policy %s's profile, profile id = %s, "
"detach the stream",
str_policy_id, str_profile_id);
goto detach;
}
target_id = random() % profile_ex_data->nr_targets;
rebuild_target->vlan_tci = profile_ex_data->vlans[target_id];
rebuild_target->ether_addr = profile_ex_data->ether_addrs[target_id];
rebuild_target->rewrite_as_target_mac = profile_ex_data->rewrite_mac;
rebuild_target->rewrite_as_target_vlan = profile_ex_data->rewrite_vlan;
}
else
{
rebuild_target->vlan_tci = instance->default_vlan_id;
rebuild_target->ether_addr = ether_addr_broadcast;
rebuild_target->rewrite_as_target_mac = 0;
rebuild_target->rewrite_as_target_vlan = 1;
}
if (rebuild_target->vlan_tci <= 0)
{
goto detach;
}
me = ALLOC(struct traffic_mirror_me, 1);
me->rebuild_ctx = traffic_mirror_rebuild_create(stream->addr, &c_ether_addr, &s_ether_addr, me->rebuild_ctx = traffic_mirror_rebuild_create(stream->addr, &c_ether_addr, &s_ether_addr,
rebuild_target, instance->ethdev); rebuild_target, instance->ethdev);
@@ -702,7 +727,10 @@ void traffic_mirror_on_close_cb(const struct tfe_stream * stream, unsigned int t
struct traffic_mirror_me * me = (struct traffic_mirror_me *)(*pme); struct traffic_mirror_me * me = (struct traffic_mirror_me *)(*pme);
traffic_mirror_rebuild_farewell(me->rebuild_ctx, thread_id); traffic_mirror_rebuild_farewell(me->rebuild_ctx, thread_id);
traffic_mirror_rebuild_destroy(me->rebuild_ctx); traffic_mirror_rebuild_destroy(me->rebuild_ctx);
profile_table_ex_data_free(me->profile_ex_data); if (me->profile_ex_data)
{
profile_table_ex_data_free(me->profile_ex_data);
}
free(me); free(me);
*pme = NULL; *pme = NULL;