gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-9180 Proxy支持Traffic Mirroring Profiles

Browse Source
This commit is contained in:
luwenpeng
2021-12-26 16:02:12 +08:00
parent d201968652
commit aae738391e
7 changed files with 46 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
conf/tfe/tfe.conf
View File

@@ -161,7 +161,6 @@ enable=1
device=eth4
# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO
type=1
default_vlan_id_for_mac=0
table_info=resource/pangu/table_info_traffic_mirror.conf
stat_file=log/traffic_mirror.status

1
plugin/business/traffic-mirror/include/traffic_mirror.h
View File

@@ -23,7 +23,6 @@ struct traffic_mirror_instance
void * logger;
unsigned int enable;
unsigned int nr_threads;
unsigned int default_vlan_id_for_mac;
Maat_feather_t maat_feather;
int policy_table_id;

124
plugin/business/traffic-mirror/src/entry.cpp
View File

@@ -94,10 +94,10 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta
goto out;
}
json_subroot = cJSON_GetObjectItem(json_root, "decrypt_mirror");
json_subroot = cJSON_GetObjectItem(json_root, "traffic_mirror");
if (unlikely(!json_subroot))
{
TFE_LOG_ERROR(instance->logger, "invalid format, decrypt_mirror is not defined.");
TFE_LOG_ERROR(instance->logger, "invalid format, traffic_mirror is not defined.");
goto ignore;
}
@@ -109,7 +109,7 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta
json_item = cJSON_GetObjectItem(json_subroot, "enable");
if (unlikely(!json_item || !cJSON_IsNumber(json_item)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, decrypt_mirror->enable not existed or invalid type.");
TFE_LOG_ERROR(instance->logger, "invalid JSON, traffic_mirror->enable not existed or invalid type.");
goto ignore;
}
@@ -122,7 +122,7 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta
json_item = cJSON_GetObjectItem(json_subroot, "mirror_profile");
if (unlikely(!json_item || !cJSON_IsNumber(json_item)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, decrypt_mirror->mirror_profile not existed or invalid type.");
TFE_LOG_ERROR(instance->logger, "invalid JSON, traffic_mirror->mirror_profile not existed or invalid type.");
goto ignore;
}
@@ -184,7 +184,8 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
const static struct ether_addr ether_addr_broadcast{0xff,0xff,0xff,0xff, 0xff, 0xff};
char * str_json = NULL;
cJSON * json_root = NULL;
cJSON * json_item = NULL;
cJSON * element = NULL;
unsigned int iter = 0;
struct profile_table_ex_data * ex_data = NULL;
size_t addr_list_offset;
@@ -212,98 +213,40 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
ex_data->rewrite_mac = 0;
ex_data->rewrite_vlan = 0;
json_item = cJSON_GetObjectItem(json_root, "vlan");
if (json_item)
if (unlikely(!cJSON_IsArray(json_root)))
{
if (unlikely(!cJSON_IsArray(json_item)))
TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->vlan is not a array, %s.", str_json);
goto ignore;
}
ex_data->nr_targets = cJSON_GetArraySize(json_root);
ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int));
ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr));
cJSON_ArrayForEach(element, json_root)
{
if (unlikely(!cJSON_IsNumber(element)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->vlan is not a array.");
TFE_LOG_ERROR(instance->logger, "invalid JSON, elements in mirror_profile->vlan is not a number, %s.", str_json);
goto ignore;
}
ex_data->nr_targets = cJSON_GetArraySize(json_item);
ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int));
ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr));
cJSON * element;
unsigned int iter = 0;
cJSON_ArrayForEach(element, json_item)
unsigned int vlan_in_number = element->valueint;
if (unlikely(vlan_in_number <= 0 || vlan_in_number > 4094))
{
if (unlikely(!cJSON_IsString(element)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, "
"elements in mirror_profile->vlan is not a string");
goto ignore;
}
unsigned int vlan_in_number = 0;
sscanf(element->valuestring, "%u", &vlan_in_number);
if (unlikely(vlan_in_number <= 0 || vlan_in_number > 4094))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, "
"vlan id must between 1 and 4094.");
goto ignore;
}
ex_data->rewrite_vlan = 1;
ex_data->vlans[iter] = vlan_in_number;
ex_data->ether_addrs[iter] = ether_addr_broadcast;
iter++;
}
assert(iter == ex_data->nr_targets);
goto success;
}
json_item = cJSON_GetObjectItem(json_root, "mac");
if (json_item)
{
if (unlikely(!cJSON_IsArray(json_item)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->mac is not a array.");
TFE_LOG_ERROR(instance->logger, "invalid JSON, vlan id must between 1 and 4094.");
goto ignore;
}
ex_data->nr_targets = cJSON_GetArraySize(json_item);
ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int));
ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr));
cJSON * element;
unsigned int iter = 0;
cJSON_ArrayForEach(element, json_item)
{
if (unlikely(!cJSON_IsString(element)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, "
"elements in mirror_profile->mac is not a string");
goto ignore;
}
struct ether_addr ether_addr_aton{};
if (unlikely(!ether_aton_r(element->valuestring, &ether_addr_aton)))
{
TFE_LOG_ERROR(instance->logger, "invalid JSON, "
"elements in mirror_profile->mac is not a valid ether address");
goto ignore;
}
ex_data->ether_addrs[iter] = ether_addr_aton;
ex_data->vlans[iter] = instance->default_vlan_id_for_mac;
iter++;
ex_data->rewrite_mac = 1;
if (instance->default_vlan_id_for_mac)
{
ex_data->rewrite_vlan = 1;
}
}
assert(iter == ex_data->nr_targets);
goto success;
TFE_LOG_DEBUG(instance->logger, "traffic mirror profile %s: vlan id[%d] %d", key, iter, vlan_in_number);
ex_data->rewrite_vlan = 1;
ex_data->vlans[iter] = vlan_in_number;
ex_data->ether_addrs[iter] = ether_addr_broadcast;
iter++;
}
success:
assert(iter == ex_data->nr_targets);
*ad = (void *)ex_data;
ex_data = nullptr;
@@ -311,7 +254,7 @@ success:
goto out;
ignore:
TFE_LOG_ERROR(instance->logger, "table line in PXY_PROFILE_TRAFFIC_MIRROR ignored %s: %s", key, table_line);
TFE_LOG_ERROR(instance->logger, "table line in TSG_PROFILE_TRAFFIC_MIRROR ignored %s: %s", key, table_line);
goto out;
out:
@@ -460,7 +403,6 @@ static int traffic_mirror_ethdev_init(struct traffic_mirror_instance * instance)
return -1;
}
MESA_load_profile_uint_def(profile, "traffic_mirror", "default_vlan_id_for_mac", &(instance->default_vlan_id_for_mac), 0);
unsigned int device_type;
MESA_load_profile_uint_def(profile, "traffic_mirror", "type", &device_type, TRAFFIC_MIRROR_ETHDEV_AF_PACKET);
@@ -524,10 +466,10 @@ int traffic_mirror_init(struct tfe_proxy * proxy)
instance->policy_table_id); goto errout;
}
instance->profile_table_id = Maat_table_register(instance->maat_feather, "PXY_PROFILE_TRAFFIC_MIRROR");
instance->profile_table_id = Maat_table_register(instance->maat_feather, "TSG_PROFILE_TRAFFIC_MIRROR");
if (unlikely(instance->profile_table_id < 0))
{
TFE_LOG_ERROR(instance->logger, "failed at register table PXY_PROFILE_TRAFFIC_MIRROR, ret = %d",
TFE_LOG_ERROR(instance->logger, "failed at register table TSG_PROFILE_TRAFFIC_MIRROR, ret = %d",
instance->profile_table_id); goto errout;
}
@@ -548,7 +490,7 @@ int traffic_mirror_init(struct tfe_proxy * proxy)
if (unlikely(result < 0))
{
TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(PXY_PROFILE_TRAFFIC_MIRROR), "
TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(TSG_PROFILE_TRAFFIC_MIRROR), "
"table_id = %d, ret = %d", instance->policy_table_id, result);
}

6
resource/pangu/doh.json
View File

@@ -161,9 +161,9 @@
{
"table_name": "TSG_SECURITY_COMPILE",
"table_content": [
"0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":765,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2",
"656\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2",
"49\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2"
"0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":765,\"decryption\":0},\"traffic_mirror\":{\"enable\":0}}\t1\t2",
"656\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"traffic_mirror\":{\"enable\":0}}\t1\t2",
"49\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"traffic_mirror\":{\"enable\":0}}\t1\t2"
]
}
]

10
resource/pangu/pangu_http.json
View File

@@ -226,6 +226,12 @@
}
],
"plugin_table": [
{
"table_name": "TSG_PROFILE_TRAFFIC_MIRROR",
"table_content": [
"1234\ttest-traffic-mirror\t[1,2,3,4,5,6,7,8,9]\t1"
]
},
{
"table_name": "TSG_PROFILE_RESPONSE_PAGES",
"table_content": [
@@ -255,8 +261,8 @@
{
"table_name": "TSG_SECURITY_COMPILE",
"table_content": [
"0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":765,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2",
"4\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2"
"0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":765,\"decryption\":0},\"traffic_mirror\":{\"enable\":0}}\t1\t2",
"4\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"traffic_mirror\":{\"enable\":1,\"mirror_profile\":1234}}\t1\t2"
]
},
{

2
resource/pangu/table_info.conf
View File

@@ -47,7 +47,7 @@
27 PXY_PROFILE_HIJACK_FILES plugin {"key":1,"foreign":"5","valid":6}
28 PXY_PROFILE_INSERT_SCRIPTS plugin {"key":1,"foreign":"4","valid":6}
29 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8}
30 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4}
30 TSG_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4}
31 TSG_PROFILE_DECRYPTION plugin {"key":1,"valid":4}
32 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0
33 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER --

2
resource/pangu/table_info_traffic_mirror.conf
View File

@@ -16,4 +16,4 @@
#For expr/expr_plus Table
#id name type src_charset dst_charset do_merge cross_cache quick_mode
0 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8}
1 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4}
1 TSG_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4}