From 98fa47ffd7cdbbc420d585fa07b1715e3f416cdd Mon Sep 17 00:00:00 2001 From: luqiuwen Date: Sat, 8 Jun 2019 15:54:35 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E9=83=A8=E5=88=86=E7=BC=96?= =?UTF-8?q?=E8=AF=91=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CMakeLists.txt | 2 +- platform/CMakeLists.txt | 4 +- plugin/business/CMakeLists.txt | 4 +- .../CMakeLists.txt | 2 +- .../include/traffic_mirror.h | 7 +- .../src/entry.cpp | 51 +++++++------ .../src/ethdev.cpp | 1 + .../src/rebuild.cpp | 76 +++++++++++++------ .../test/test_deliver.c | 0 .../test/test_deliver.h | 0 10 files changed, 90 insertions(+), 57 deletions(-) rename plugin/business/{decrypt-mirroring => traffic-mirror}/CMakeLists.txt (70%) rename plugin/business/{decrypt-mirroring => traffic-mirror}/include/traffic_mirror.h (94%) rename plugin/business/{decrypt-mirroring => traffic-mirror}/src/entry.cpp (92%) rename plugin/business/{decrypt-mirroring => traffic-mirror}/src/ethdev.cpp (99%) rename plugin/business/{decrypt-mirroring => traffic-mirror}/src/rebuild.cpp (82%) rename plugin/business/{decrypt-mirroring => traffic-mirror}/test/test_deliver.c (100%) rename plugin/business/{decrypt-mirroring => traffic-mirror}/test/test_deliver.h (100%) diff --git a/CMakeLists.txt b/CMakeLists.txt index ecdf867..5250989 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -25,7 +25,7 @@ option(ENABLE_SANITIZE_THREAD "Enable ThreadSanitizer" FALSE) # Plugins option(ENABLE_PLUGIN_HTTP "Enable HTTP support" TRUE) -option(ENABLE_PLUGIN_DECRYPT_MIRRORING "Enable decrypt mirroring" TRUE) +option(ENABLE_PLUGIN_TRAFFIC_MIRROR "Enable traffic mirror" TRUE) option(ENABLE_PLUGIN_PANGU_HTTP "Enable Pangu-HTTP business" TRUE) option(ENABLE_PLUGIN_HTTP2 "Enable HTTP2 business" TRUE) option(ENABLE_PLUGIN_SSL_POLICY "Enable SSL policy support" TRUE) diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt index 61c8818..5f0648f 100644 --- a/platform/CMakeLists.txt +++ b/platform/CMakeLists.txt @@ -30,8 +30,8 @@ if(ENABLE_PLUGIN_HTTP2) target_link_libraries(tfe -Wl,--whole-archive http2 -Wl,--no-whole-archive) endif() -if(ENABLE_PLUGIN_DECRYPT_MIRRORING) - target_link_libraries(tfe -Wl,--whole-archive decrypt-mirroring -Wl,--no-whole-archive) +if(ENABLE_PLUGIN_TRAFFIC_MIRROR) + target_link_libraries(tfe -Wl,--whole-archive traffic-mirror -Wl,--no-whole-archive) endif() if(ENABLE_PLUGIN_PANGU_HTTP) diff --git a/plugin/business/CMakeLists.txt b/plugin/business/CMakeLists.txt index f5684ac..ded492a 100644 --- a/plugin/business/CMakeLists.txt +++ b/plugin/business/CMakeLists.txt @@ -1,3 +1,3 @@ -add_subdirectory(decrypt-mirroring) +add_subdirectory(traffic-mirror) add_subdirectory(pangu-http) -add_subdirectory(ssl-policy) \ No newline at end of file +add_subdirectory(ssl-policy) diff --git a/plugin/business/decrypt-mirroring/CMakeLists.txt b/plugin/business/traffic-mirror/CMakeLists.txt similarity index 70% rename from plugin/business/decrypt-mirroring/CMakeLists.txt rename to plugin/business/traffic-mirror/CMakeLists.txt index c954362..07848f5 100644 --- a/plugin/business/decrypt-mirroring/CMakeLists.txt +++ b/plugin/business/traffic-mirror/CMakeLists.txt @@ -1,4 +1,4 @@ add_library(traffic-mirror src/entry.cpp src/ethdev.cpp src/rebuild.cpp) target_include_directories(traffic-mirror PRIVATE include) -target_link_libraries(traffic-mirror common cjson) +target_link_libraries(traffic-mirror common cjson pcap) diff --git a/plugin/business/decrypt-mirroring/include/traffic_mirror.h b/plugin/business/traffic-mirror/include/traffic_mirror.h similarity index 94% rename from plugin/business/decrypt-mirroring/include/traffic_mirror.h rename to plugin/business/traffic-mirror/include/traffic_mirror.h index 2925c09..2cb68e4 100644 --- a/plugin/business/decrypt-mirroring/include/traffic_mirror.h +++ b/plugin/business/traffic-mirror/include/traffic_mirror.h @@ -1,5 +1,6 @@ #pragma once +#include #include #include #include @@ -40,8 +41,6 @@ struct policy_table_ex_data struct profile_table_ex_data { unsigned int atomic_refcnt; - - enum traffic_mirror_target_addr_type target_addr_type; unsigned int nr_targets; /* Target VLANS */ @@ -78,7 +77,7 @@ struct traffic_mirror_rebuild * traffic_mirror_rebuild_create(struct tfe_stream_ struct profile_table_ex_data * target, struct traffic_mirror_ethdev * ethdev); void traffic_mirror_rebuild_destroy(struct traffic_mirror_rebuild * instance); void traffic_mirror_rebuild_handshake(struct traffic_mirror_rebuild * instance); -void traffic_mirror_rebuild_data(struct traffic_mirror_rebuild * instance, - const char * data, unsigned int datalen, enum tfe_conn_dir dir); +void traffic_mirror_rebuild_data(struct traffic_mirror_rebuild * instance, const char * data, + unsigned int datalen, enum tfe_conn_dir dir); void traffic_mirror_rebuild_farewell(struct traffic_mirror_rebuild * instance); diff --git a/plugin/business/decrypt-mirroring/src/entry.cpp b/plugin/business/traffic-mirror/src/entry.cpp similarity index 92% rename from plugin/business/decrypt-mirroring/src/entry.cpp rename to plugin/business/traffic-mirror/src/entry.cpp index 4d351e5..dd29638 100644 --- a/plugin/business/decrypt-mirroring/src/entry.cpp +++ b/plugin/business/traffic-mirror/src/entry.cpp @@ -48,10 +48,8 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta struct policy_table_ex_data * ex_data = NULL; - unsigned int user_region_offset; - unsigned int user_region_len; - unsigned int policy_enable; - unsigned int policy_profile_id; + size_t user_region_offset; + size_t user_region_len; int result = Maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len); if (unlikely(result < 0)) @@ -118,6 +116,11 @@ out: if (str_json) free(str_json); } +void profile_table_ex_data_free(struct profile_table_ex_data * object) +{ + if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object); +} + void profile_table_ex_data_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA * to, MAAT_PLUGIN_EX_DATA * from, long argl, void * argp) { @@ -126,11 +129,6 @@ void profile_table_ex_data_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA * to, *to = (void *)ex_data; } -void profile_table_ex_data_free(struct profile_table_ex_data * object) -{ - if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object); -} - void profile_table_ex_data_free_cb(int table_id, MAAT_PLUGIN_EX_DATA * ad, long argl, void * argp) { struct profile_table_ex_data * ex_data = (struct profile_table_ex_data *)ad; @@ -143,14 +141,14 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp; assert(instance != nullptr && instance->logger != nullptr); + const static struct ether_addr ether_addr_broadcast{0xff,0xff,0xff,0xff, 0xff, 0xff}; char * str_json = NULL; cJSON * json_root = NULL; cJSON * json_item = NULL; struct profile_table_ex_data * ex_data = NULL; - - unsigned int addr_list_offset; - unsigned int addr_list_len; + size_t addr_list_offset; + size_t addr_list_len; int result = Maat_helper_read_column(table_line, 3, &addr_list_offset, &addr_list_len); if (unlikely(result < 0)) @@ -181,9 +179,9 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t goto ignore; } - ex_data->target_addr_type = TRAFFIC_MIRROR_TARGET_BY_VLAN_ID; ex_data->nr_targets = cJSON_GetArraySize(json_item); - ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(ex_data->vlans[0])); + ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int)); + ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr)); cJSON * element; unsigned int iter = 0; @@ -196,10 +194,12 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t goto ignore; } - ex_data->vlans[iter++] = element->valueint; + ex_data->vlans[iter] = element->valueint; + ex_data->ether_addrs[iter] = ether_addr_broadcast; + iter++; } - assert(iter + 1 == ex_data->nr_vlans); + assert(iter + 1 == ex_data->nr_targets); goto success; } @@ -212,13 +212,12 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t goto ignore; } - ex_data->target_addr_type = TRAFFIC_MIRROR_TARGET_BY_ETHER_ADDR; - ex_data->nr_ether_addrs = cJSON_GetArraySize(json_item); - ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_ether_addrs, sizeof(ex_data->ether_addrs[0])); + ex_data->nr_targets = cJSON_GetArraySize(json_item); + ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int)); + ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr)); cJSON * element; - unsigned int iter; - + unsigned int iter = 0; cJSON_ArrayForEach(element, json_item) { if (unlikely(!cJSON_IsString(element))) @@ -228,14 +227,20 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t goto ignore; } - struct ether_addr * result = ether_aton_r(element->valuestring, &ex_data->ether_addrs[iter++]); - if (unlikely(!result)) + struct ether_addr ether_addr_aton{}; + if (unlikely(!ether_aton_r(element->valuestring, ðer_addr_aton))) { TFE_LOG_ERROR(instance->logger, "invalid JSON, " "elements in mirror_profile->mac is not a valid ether address"); goto ignore; } + + ex_data->ether_addrs[iter] = ether_addr_aton; + ex_data->vlans[iter] = 0; + iter++; } + + assert(iter + 1 == ex_data->nr_targets); } success: diff --git a/plugin/business/decrypt-mirroring/src/ethdev.cpp b/plugin/business/traffic-mirror/src/ethdev.cpp similarity index 99% rename from plugin/business/decrypt-mirroring/src/ethdev.cpp rename to plugin/business/traffic-mirror/src/ethdev.cpp index 93e57f2..12deae9 100644 --- a/plugin/business/decrypt-mirroring/src/ethdev.cpp +++ b/plugin/business/traffic-mirror/src/ethdev.cpp @@ -6,6 +6,7 @@ #include #include +#include struct traffic_mirror_ethdev_pkt_desc{}; struct traffic_mirror_ethdev_pkt_desc_pcap diff --git a/plugin/business/decrypt-mirroring/src/rebuild.cpp b/plugin/business/traffic-mirror/src/rebuild.cpp similarity index 82% rename from plugin/business/decrypt-mirroring/src/rebuild.cpp rename to plugin/business/traffic-mirror/src/rebuild.cpp index 8587d6d..618f731 100644 --- a/plugin/business/decrypt-mirroring/src/rebuild.cpp +++ b/plugin/business/traffic-mirror/src/rebuild.cpp @@ -18,25 +18,50 @@ struct traffic_mirror_rebuild uint8_t s_ttl; }; +/* The definition of vlan_hdr and tcp_hdr is from DPDK 17.05 */ +struct vlan_hdr +{ + uint16_t vlan_tci; /**< Priority (3) + CFI (1) + Identifier Code (12) */ + uint16_t eth_proto;/**< Ethernet type of encapsulated frame. */ +} __attribute__((__packed__)); + +struct tcp_hdr { + uint16_t src_port; /**< TCP source port. */ + uint16_t dst_port; /**< TCP destination port. */ + uint32_t sent_seq; /**< TX data sequence number. */ + uint32_t recv_ack; /**< RX data acknowledgement sequence number. */ + uint8_t data_off; /**< Data offset. */ + uint8_t tcp_flags; /**< TCP flags */ + uint16_t rx_win; /**< RX flow control window. */ + uint16_t cksum; /**< TCP checksum. */ + uint16_t tcp_urp; /**< TCP urgent pointer, if any. */ +} __attribute__((__packed__)); + +#define TCP_URG_FLAG 0x20 +#define TCP_ACK_FLAG 0x10 +#define TCP_PSH_FLAG 0x08 +#define TCP_RST_FLAG 0x04 +#define TCP_SYN_FLAG 0x02 +#define TCP_FIN_FLAG 0x01 +#define TCP_FLAG_ALL 0x3F + static int tcp_header_construct(unsigned char *buf, unsigned short sp, unsigned short dp, unsigned int seq, unsigned int ack, unsigned char flags, unsigned short win, unsigned short urg) { - struct tcphdr * tcp_hdr = (struct tcphdr *) buf; + struct tcp_hdr * tcp_hdr = (struct tcp_hdr *) buf; assert(tcp_hdr != NULL); - tcp_hdr->th_sport = sp; - tcp_hdr->th_dport = dp; - tcp_hdr->th_seq = htonl(seq); - tcp_hdr->th_ack = htonl(ack); - tcp_hdr->th_flags = flags; - tcp_hdr->th_x2 = 0; - tcp_hdr->th_off = 5; /* 20 byte header */ - tcp_hdr->th_win = htons(win); /* window size */ - tcp_hdr->th_sum = 0; /* checksum done in userland */ - tcp_hdr->th_urp = 0; /* urgent pointer */ - - return sizeof(struct tcphdr); + tcp_hdr->src_port = sp; + tcp_hdr->dst_port = dp; + tcp_hdr->sent_seq = htonl(seq); + tcp_hdr->recv_ack = htonl(ack); + tcp_hdr->data_off = 5; + tcp_hdr->tcp_flags = flags; + tcp_hdr->rx_win = htons(win); + tcp_hdr->cksum = 0; + tcp_hdr->tcp_urp = 0; + return sizeof(struct tcp_hdr); } static int tcp_header_construct_by_stream_addr(struct tfe_stream_addr * addr, unsigned char *buf, @@ -92,6 +117,15 @@ static int ip_header_construct_by_stream_addr(struct tfe_stream_addr * addr, return ipv4_header_construct(buf, carry_layer_len, tos, id, frag, ttl, protocol, addr->tuple4_v4->saddr.s_addr, addr->tuple4_v4->daddr.s_addr); } + else if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V6) + { + /* TODO: IPv6 */ + assert(0); + } + else + { + assert(0); + } assert(0); return -1; @@ -106,12 +140,6 @@ static void ether_header_construct(unsigned char *buf, unsigned char *dst, eth_hdr->h_proto = htons(type); } -struct vlan_hdr -{ - uint16_t vlan_tci; /**< Priority (3) + CFI (1) + Identifier Code (12) */ - uint16_t eth_proto;/**< Ethernet type of encapsulated frame. */ -} __attribute__((__packed__)); - static void vlan_tag_construct(unsigned char *buf, unsigned short tci, unsigned short type) { struct vlan_hdr * vlan_hdr = (struct vlan_hdr *)buf; @@ -214,13 +242,13 @@ void traffic_mirror_rebuild_destroy(struct traffic_mirror_rebuild * instance) void traffic_mirror_rebuild_handshake(struct traffic_mirror_rebuild * instance) { tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target, - NULL, 0, instance->c_seq, 0, TH_SYN); + NULL, 0, instance->c_seq, 0, TCP_SYN_FLAG); tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target, - NULL, 0, instance->s_seq, instance->c_seq + 1, TH_SYN | TH_ACK); + NULL, 0, instance->s_seq, instance->c_seq + 1, TCP_SYN_FLAG | TCP_ACK_FLAG); tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target, - NULL, 0, instance->c_seq + 1, instance->s_seq + 1, TH_ACK); + NULL, 0, instance->c_seq + 1, instance->s_seq + 1, TCP_ACK_FLAG); instance->s_seq++; instance->c_seq++; @@ -232,14 +260,14 @@ void traffic_mirror_rebuild_data(struct traffic_mirror_rebuild * instance, if (dir == CONN_DIR_DOWNSTREAM) { tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target, - NULL, 0, instance->c_seq, instance->s_seq + 1, TH_ACK); + NULL, 0, instance->c_seq, instance->s_seq + 1, TCP_ACK_FLAG); instance->c_seq += datalen; } else { tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target, - NULL, 0, instance->s_seq, instance->c_seq + 1, TH_ACK); + NULL, 0, instance->s_seq, instance->c_seq + 1, TCP_ACK_FLAG); instance->s_seq += datalen; } diff --git a/plugin/business/decrypt-mirroring/test/test_deliver.c b/plugin/business/traffic-mirror/test/test_deliver.c similarity index 100% rename from plugin/business/decrypt-mirroring/test/test_deliver.c rename to plugin/business/traffic-mirror/test/test_deliver.c diff --git a/plugin/business/decrypt-mirroring/test/test_deliver.h b/plugin/business/traffic-mirror/test/test_deliver.h similarity index 100% rename from plugin/business/decrypt-mirroring/test/test_deliver.h rename to plugin/business/traffic-mirror/test/test_deliver.h