修正部分编译错误

CMakeLists.txt

@@ -25,7 +25,7 @@ option(ENABLE_SANITIZE_THREAD "Enable ThreadSanitizer" FALSE)
 
 # Plugins
 option(ENABLE_PLUGIN_HTTP "Enable HTTP support" TRUE)
-option(ENABLE_PLUGIN_DECRYPT_MIRRORING "Enable decrypt mirroring" TRUE)
+option(ENABLE_PLUGIN_TRAFFIC_MIRROR "Enable traffic mirror" TRUE)
 option(ENABLE_PLUGIN_PANGU_HTTP "Enable Pangu-HTTP business" TRUE)
 option(ENABLE_PLUGIN_HTTP2 "Enable HTTP2 business" TRUE)
 option(ENABLE_PLUGIN_SSL_POLICY "Enable SSL policy support" TRUE)

platform/CMakeLists.txt

@@ -30,8 +30,8 @@ if(ENABLE_PLUGIN_HTTP2)
 	target_link_libraries(tfe -Wl,--whole-archive http2 -Wl,--no-whole-archive)
 endif()
 
-if(ENABLE_PLUGIN_DECRYPT_MIRRORING)
+if(ENABLE_PLUGIN_TRAFFIC_MIRROR)
-	target_link_libraries(tfe -Wl,--whole-archive decrypt-mirroring -Wl,--no-whole-archive)
+	target_link_libraries(tfe -Wl,--whole-archive traffic-mirror -Wl,--no-whole-archive)
 endif()
 
 if(ENABLE_PLUGIN_PANGU_HTTP)

plugin/business/CMakeLists.txt

@@ -1,3 +1,3 @@
-add_subdirectory(decrypt-mirroring)
+add_subdirectory(traffic-mirror)
 add_subdirectory(pangu-http)
-add_subdirectory(ssl-policy)
+add_subdirectory(ssl-policy)

plugin/business/traffic-mirror/CMakeLists.txt

@@ -1,4 +1,4 @@
 
 add_library(traffic-mirror src/entry.cpp src/ethdev.cpp src/rebuild.cpp)
 target_include_directories(traffic-mirror PRIVATE include)
-target_link_libraries(traffic-mirror common cjson)
+target_link_libraries(traffic-mirror common cjson pcap)

plugin/business/traffic-mirror/include/traffic_mirror.h

@@ -1,5 +1,6 @@
 #pragma once
 
+#include <tfe_stream.h>
 #include <netinet/ether.h>
 #include <MESA/Maat_rule.h>
 #include <pcap/pcap.h>
@@ -40,8 +41,6 @@ struct policy_table_ex_data
 struct profile_table_ex_data
 {
     unsigned int atomic_refcnt;
-
-    enum traffic_mirror_target_addr_type target_addr_type;
     unsigned int nr_targets;
 
     /* Target VLANS */
@@ -78,7 +77,7 @@ struct traffic_mirror_rebuild * traffic_mirror_rebuild_create(struct tfe_stream_
     struct profile_table_ex_data * target, struct traffic_mirror_ethdev * ethdev);
 void traffic_mirror_rebuild_destroy(struct traffic_mirror_rebuild * instance);
 void traffic_mirror_rebuild_handshake(struct traffic_mirror_rebuild * instance);
-void traffic_mirror_rebuild_data(struct traffic_mirror_rebuild * instance,
+void traffic_mirror_rebuild_data(struct traffic_mirror_rebuild * instance, const char * data,
-    const char * data, unsigned int datalen, enum tfe_conn_dir dir);
+    unsigned int datalen, enum tfe_conn_dir dir);
 void traffic_mirror_rebuild_farewell(struct traffic_mirror_rebuild * instance);
 

plugin/business/traffic-mirror/src/entry.cpp

@@ -48,10 +48,8 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta
 
     struct policy_table_ex_data * ex_data = NULL;
 
-    unsigned int user_region_offset;
+    size_t user_region_offset;
-    unsigned int user_region_len;
+    size_t user_region_len;
-    unsigned int policy_enable;
-    unsigned int policy_profile_id;
 
     int result = Maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len);
     if (unlikely(result < 0))
@@ -118,6 +116,11 @@ out:
     if (str_json) free(str_json);
 }
 
+void profile_table_ex_data_free(struct profile_table_ex_data * object)
+{
+    if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object);
+}
+
 void profile_table_ex_data_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA * to,
     MAAT_PLUGIN_EX_DATA * from, long argl, void * argp)
 {
@@ -126,11 +129,6 @@ void profile_table_ex_data_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA * to,
     *to = (void *)ex_data;
 }
 
-void profile_table_ex_data_free(struct profile_table_ex_data * object)
-{
-    if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object);
-}
-
 void profile_table_ex_data_free_cb(int table_id, MAAT_PLUGIN_EX_DATA * ad, long argl, void * argp)
 {
     struct profile_table_ex_data * ex_data = (struct profile_table_ex_data *)ad;
@@ -143,14 +141,14 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
     struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp;
     assert(instance != nullptr && instance->logger != nullptr);
 
+    const static struct ether_addr ether_addr_broadcast{0xff,0xff,0xff,0xff, 0xff, 0xff};
     char * str_json = NULL;
     cJSON * json_root = NULL;
     cJSON * json_item = NULL;
 
     struct profile_table_ex_data * ex_data = NULL;
-
+    size_t addr_list_offset;
-    unsigned int addr_list_offset;
+    size_t addr_list_len;
-    unsigned int addr_list_len;
 
     int result = Maat_helper_read_column(table_line, 3, &addr_list_offset, &addr_list_len);
     if (unlikely(result < 0))
@@ -181,9 +179,9 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
             goto ignore;
         }
 
-        ex_data->target_addr_type = TRAFFIC_MIRROR_TARGET_BY_VLAN_ID;
         ex_data->nr_targets = cJSON_GetArraySize(json_item);
-        ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(ex_data->vlans[0]));
+        ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int));
+        ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr));
 
         cJSON * element;
         unsigned int iter = 0;
@@ -196,10 +194,12 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
                 goto ignore;
             }
 
-            ex_data->vlans[iter++] = element->valueint;
+            ex_data->vlans[iter] = element->valueint;
+            ex_data->ether_addrs[iter] = ether_addr_broadcast;
+            iter++;
         }
 
-        assert(iter + 1 == ex_data->nr_vlans);
+        assert(iter + 1 == ex_data->nr_targets);
         goto success;
     }
 
@@ -212,13 +212,12 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
             goto ignore;
         }
 
-        ex_data->target_addr_type = TRAFFIC_MIRROR_TARGET_BY_ETHER_ADDR;
+        ex_data->nr_targets = cJSON_GetArraySize(json_item);
-        ex_data->nr_ether_addrs = cJSON_GetArraySize(json_item);
+        ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int));
-        ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_ether_addrs, sizeof(ex_data->ether_addrs[0]));
+        ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr));
 
         cJSON * element;
-        unsigned int iter;
+        unsigned int iter = 0;
-
         cJSON_ArrayForEach(element, json_item)
         {
             if (unlikely(!cJSON_IsString(element)))
@@ -228,14 +227,20 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
                 goto ignore;
             }
 
-            struct ether_addr * result = ether_aton_r(element->valuestring, &ex_data->ether_addrs[iter++]);
+            struct ether_addr ether_addr_aton{};
-            if (unlikely(!result))
+            if (unlikely(!ether_aton_r(element->valuestring, &ether_addr_aton)))
             {
                 TFE_LOG_ERROR(instance->logger, "invalid JSON, "
                                                 "elements in mirror_profile->mac is not a valid ether address");
                 goto ignore;
             }
+
+            ex_data->ether_addrs[iter] = ether_addr_aton;
+            ex_data->vlans[iter] = 0;
+            iter++;
         }
+
+        assert(iter + 1 == ex_data->nr_targets);
     }
 
 success:

plugin/business/traffic-mirror/src/ethdev.cpp

@@ -6,6 +6,7 @@
 
 #include <tfe_utils.h>
 #include <tfe_proxy.h>
+#include <traffic_mirror.h>
 
 struct traffic_mirror_ethdev_pkt_desc{};
 struct traffic_mirror_ethdev_pkt_desc_pcap

plugin/business/traffic-mirror/src/rebuild.cpp

@@ -18,25 +18,50 @@ struct traffic_mirror_rebuild
     uint8_t s_ttl;
 };
 
+/* The definition of vlan_hdr and tcp_hdr is from DPDK 17.05 */
+struct vlan_hdr
+{
+    uint16_t vlan_tci; /**< Priority (3) + CFI (1) + Identifier Code (12) */
+    uint16_t eth_proto;/**< Ethernet type of encapsulated frame. */
+} __attribute__((__packed__));
+
+struct tcp_hdr {
+    uint16_t src_port;  /**< TCP source port. */
+    uint16_t dst_port;  /**< TCP destination port. */
+    uint32_t sent_seq;  /**< TX data sequence number. */
+    uint32_t recv_ack;  /**< RX data acknowledgement sequence number. */
+    uint8_t  data_off;  /**< Data offset. */
+    uint8_t  tcp_flags; /**< TCP flags */
+    uint16_t rx_win;    /**< RX flow control window. */
+    uint16_t cksum;     /**< TCP checksum. */
+    uint16_t tcp_urp;   /**< TCP urgent pointer, if any. */
+} __attribute__((__packed__));
+
+#define TCP_URG_FLAG 0x20
+#define TCP_ACK_FLAG 0x10
+#define TCP_PSH_FLAG 0x08
+#define TCP_RST_FLAG 0x04
+#define TCP_SYN_FLAG 0x02
+#define TCP_FIN_FLAG 0x01
+#define TCP_FLAG_ALL 0x3F
+
 static int tcp_header_construct(unsigned char *buf, unsigned short sp,
     unsigned short dp, unsigned int seq, unsigned int ack,
     unsigned char flags, unsigned short win, unsigned short urg)
 {
-    struct tcphdr * tcp_hdr = (struct tcphdr *) buf;
+    struct tcp_hdr * tcp_hdr = (struct tcp_hdr *) buf;
     assert(tcp_hdr != NULL);
 
-    tcp_hdr->th_sport = sp;
+    tcp_hdr->src_port = sp;
-    tcp_hdr->th_dport = dp;
+    tcp_hdr->dst_port = dp;
-    tcp_hdr->th_seq = htonl(seq);
+    tcp_hdr->sent_seq = htonl(seq);
-    tcp_hdr->th_ack = htonl(ack);
+    tcp_hdr->recv_ack = htonl(ack);
-    tcp_hdr->th_flags = flags;
+    tcp_hdr->data_off = 5;
-    tcp_hdr->th_x2 = 0;
+    tcp_hdr->tcp_flags = flags;
-    tcp_hdr->th_off = 5;            /* 20 byte header */
+    tcp_hdr->rx_win = htons(win);
-    tcp_hdr->th_win = htons(win);   /* window size */
+    tcp_hdr->cksum = 0;
-    tcp_hdr->th_sum = 0;            /* checksum done in userland */
+    tcp_hdr->tcp_urp = 0;
-    tcp_hdr->th_urp = 0;             /* urgent pointer */
+    return sizeof(struct tcp_hdr);
-
-    return sizeof(struct tcphdr);
 }
 
 static int tcp_header_construct_by_stream_addr(struct tfe_stream_addr * addr, unsigned char *buf,
@@ -92,6 +117,15 @@ static int ip_header_construct_by_stream_addr(struct tfe_stream_addr * addr,
         return ipv4_header_construct(buf, carry_layer_len, tos, id,
             frag, ttl, protocol, addr->tuple4_v4->saddr.s_addr, addr->tuple4_v4->daddr.s_addr);
     }
+    else if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V6)
+    {
+        /* TODO: IPv6 */
+        assert(0);
+    }
+    else
+    {
+        assert(0);
+    }
 
     assert(0);
     return -1;
@@ -106,12 +140,6 @@ static void ether_header_construct(unsigned char *buf, unsigned char *dst,
     eth_hdr->h_proto = htons(type);
 }
 
-struct vlan_hdr
-{
-    uint16_t vlan_tci; /**< Priority (3) + CFI (1) + Identifier Code (12) */
-    uint16_t eth_proto;/**< Ethernet type of encapsulated frame. */
-} __attribute__((__packed__));
-
 static void vlan_tag_construct(unsigned char *buf, unsigned short tci, unsigned short type)
 {
     struct vlan_hdr * vlan_hdr = (struct vlan_hdr *)buf;
@@ -214,13 +242,13 @@ void traffic_mirror_rebuild_destroy(struct traffic_mirror_rebuild * instance)
 void traffic_mirror_rebuild_handshake(struct traffic_mirror_rebuild * instance)
 {
     tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
-        NULL, 0, instance->c_seq, 0, TH_SYN);
+        NULL, 0, instance->c_seq, 0, TCP_SYN_FLAG);
 
     tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
-        NULL, 0, instance->s_seq, instance->c_seq + 1, TH_SYN | TH_ACK);
+        NULL, 0, instance->s_seq, instance->c_seq + 1, TCP_SYN_FLAG | TCP_ACK_FLAG);
 
     tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
-        NULL, 0, instance->c_seq + 1, instance->s_seq + 1, TH_ACK);
+        NULL, 0, instance->c_seq + 1, instance->s_seq + 1, TCP_ACK_FLAG);
 
     instance->s_seq++;
     instance->c_seq++;
@@ -232,14 +260,14 @@ void traffic_mirror_rebuild_data(struct traffic_mirror_rebuild * instance,
     if (dir == CONN_DIR_DOWNSTREAM)
     {
         tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
-            NULL, 0, instance->c_seq, instance->s_seq + 1, TH_ACK);
+            NULL, 0, instance->c_seq, instance->s_seq + 1, TCP_ACK_FLAG);
 
         instance->c_seq += datalen;
     }
     else
     {
         tcp_send_to_target_group(instance->addr, instance->ethdev, instance->target,
-            NULL, 0, instance->s_seq, instance->c_seq + 1, TH_ACK);
+            NULL, 0, instance->s_seq, instance->c_seq + 1, TCP_ACK_FLAG);
 
         instance->s_seq += datalen;
     }