diff --git a/conf/tfe/tfe.conf b/conf/tfe/tfe.conf index bea2b6c..db18093 100644 --- a/conf/tfe/tfe.conf +++ b/conf/tfe/tfe.conf @@ -161,7 +161,6 @@ enable=1 device=eth4 # 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO type=1 -default_vlan_id_for_mac=0 table_info=resource/pangu/table_info_traffic_mirror.conf stat_file=log/traffic_mirror.status diff --git a/plugin/business/traffic-mirror/include/traffic_mirror.h b/plugin/business/traffic-mirror/include/traffic_mirror.h index 4d3c7f4..0306ab0 100644 --- a/plugin/business/traffic-mirror/include/traffic_mirror.h +++ b/plugin/business/traffic-mirror/include/traffic_mirror.h @@ -23,7 +23,6 @@ struct traffic_mirror_instance void * logger; unsigned int enable; unsigned int nr_threads; - unsigned int default_vlan_id_for_mac; Maat_feather_t maat_feather; int policy_table_id; diff --git a/plugin/business/traffic-mirror/src/entry.cpp b/plugin/business/traffic-mirror/src/entry.cpp index 0c1b5f4..9a197b5 100644 --- a/plugin/business/traffic-mirror/src/entry.cpp +++ b/plugin/business/traffic-mirror/src/entry.cpp @@ -94,10 +94,10 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta goto out; } - json_subroot = cJSON_GetObjectItem(json_root, "decrypt_mirror"); + json_subroot = cJSON_GetObjectItem(json_root, "traffic_mirror"); if (unlikely(!json_subroot)) { - TFE_LOG_ERROR(instance->logger, "invalid format, decrypt_mirror is not defined."); + TFE_LOG_ERROR(instance->logger, "invalid format, traffic_mirror is not defined."); goto ignore; } @@ -109,7 +109,7 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta json_item = cJSON_GetObjectItem(json_subroot, "enable"); if (unlikely(!json_item || !cJSON_IsNumber(json_item))) { - TFE_LOG_ERROR(instance->logger, "invalid JSON, decrypt_mirror->enable not existed or invalid type."); + TFE_LOG_ERROR(instance->logger, "invalid JSON, traffic_mirror->enable not existed or invalid type."); goto ignore; } @@ -122,7 +122,7 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta json_item = cJSON_GetObjectItem(json_subroot, "mirror_profile"); if (unlikely(!json_item || !cJSON_IsNumber(json_item))) { - TFE_LOG_ERROR(instance->logger, "invalid JSON, decrypt_mirror->mirror_profile not existed or invalid type."); + TFE_LOG_ERROR(instance->logger, "invalid JSON, traffic_mirror->mirror_profile not existed or invalid type."); goto ignore; } @@ -184,7 +184,8 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t const static struct ether_addr ether_addr_broadcast{0xff,0xff,0xff,0xff, 0xff, 0xff}; char * str_json = NULL; cJSON * json_root = NULL; - cJSON * json_item = NULL; + cJSON * element = NULL; + unsigned int iter = 0; struct profile_table_ex_data * ex_data = NULL; size_t addr_list_offset; @@ -212,98 +213,40 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t ex_data->rewrite_mac = 0; ex_data->rewrite_vlan = 0; - json_item = cJSON_GetObjectItem(json_root, "vlan"); - if (json_item) + if (unlikely(!cJSON_IsArray(json_root))) { - if (unlikely(!cJSON_IsArray(json_item))) + TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->vlan is not a array, %s.", str_json); + goto ignore; + } + + ex_data->nr_targets = cJSON_GetArraySize(json_root); + ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int)); + ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr)); + + cJSON_ArrayForEach(element, json_root) + { + if (unlikely(!cJSON_IsNumber(element))) { - TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->vlan is not a array."); + TFE_LOG_ERROR(instance->logger, "invalid JSON, elements in mirror_profile->vlan is not a number, %s.", str_json); goto ignore; } - ex_data->nr_targets = cJSON_GetArraySize(json_item); - ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int)); - ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr)); - - cJSON * element; - unsigned int iter = 0; - cJSON_ArrayForEach(element, json_item) + unsigned int vlan_in_number = element->valueint; + if (unlikely(vlan_in_number <= 0 || vlan_in_number > 4094)) { - if (unlikely(!cJSON_IsString(element))) - { - TFE_LOG_ERROR(instance->logger, "invalid JSON, " - "elements in mirror_profile->vlan is not a string"); - goto ignore; - } - - unsigned int vlan_in_number = 0; - sscanf(element->valuestring, "%u", &vlan_in_number); - - if (unlikely(vlan_in_number <= 0 || vlan_in_number > 4094)) - { - TFE_LOG_ERROR(instance->logger, "invalid JSON, " - "vlan id must between 1 and 4094."); - goto ignore; - } - - ex_data->rewrite_vlan = 1; - ex_data->vlans[iter] = vlan_in_number; - ex_data->ether_addrs[iter] = ether_addr_broadcast; - iter++; - } - - assert(iter == ex_data->nr_targets); - goto success; - } - - json_item = cJSON_GetObjectItem(json_root, "mac"); - if (json_item) - { - if (unlikely(!cJSON_IsArray(json_item))) - { - TFE_LOG_ERROR(instance->logger, "invalid JSON, mirror_profile->mac is not a array."); + TFE_LOG_ERROR(instance->logger, "invalid JSON, vlan id must between 1 and 4094."); goto ignore; } - ex_data->nr_targets = cJSON_GetArraySize(json_item); - ex_data->vlans = (unsigned int *)calloc(ex_data->nr_targets, sizeof(unsigned int)); - ex_data->ether_addrs = (struct ether_addr *)calloc(ex_data->nr_targets, sizeof(struct ether_addr)); - - cJSON * element; - unsigned int iter = 0; - cJSON_ArrayForEach(element, json_item) - { - if (unlikely(!cJSON_IsString(element))) - { - TFE_LOG_ERROR(instance->logger, "invalid JSON, " - "elements in mirror_profile->mac is not a string"); - goto ignore; - } - - struct ether_addr ether_addr_aton{}; - if (unlikely(!ether_aton_r(element->valuestring, ðer_addr_aton))) - { - TFE_LOG_ERROR(instance->logger, "invalid JSON, " - "elements in mirror_profile->mac is not a valid ether address"); - goto ignore; - } - - ex_data->ether_addrs[iter] = ether_addr_aton; - ex_data->vlans[iter] = instance->default_vlan_id_for_mac; - iter++; - - ex_data->rewrite_mac = 1; - if (instance->default_vlan_id_for_mac) - { - ex_data->rewrite_vlan = 1; - } - } - - assert(iter == ex_data->nr_targets); - goto success; + TFE_LOG_DEBUG(instance->logger, "traffic mirror profile %s: vlan id[%d]: %d", key, iter, vlan_in_number); + ex_data->rewrite_vlan = 1; + ex_data->vlans[iter] = vlan_in_number; + ex_data->ether_addrs[iter] = ether_addr_broadcast; + iter++; } -success: + assert(iter == ex_data->nr_targets); + *ad = (void *)ex_data; ex_data = nullptr; @@ -311,7 +254,7 @@ success: goto out; ignore: - TFE_LOG_ERROR(instance->logger, "table line in PXY_PROFILE_TRAFFIC_MIRROR ignored %s: %s", key, table_line); + TFE_LOG_ERROR(instance->logger, "table line in TSG_PROFILE_TRAFFIC_MIRROR ignored %s: %s", key, table_line); goto out; out: @@ -460,7 +403,6 @@ static int traffic_mirror_ethdev_init(struct traffic_mirror_instance * instance) return -1; } - MESA_load_profile_uint_def(profile, "traffic_mirror", "default_vlan_id_for_mac", &(instance->default_vlan_id_for_mac), 0); unsigned int device_type; MESA_load_profile_uint_def(profile, "traffic_mirror", "type", &device_type, TRAFFIC_MIRROR_ETHDEV_AF_PACKET); @@ -524,10 +466,10 @@ int traffic_mirror_init(struct tfe_proxy * proxy) instance->policy_table_id); goto errout; } - instance->profile_table_id = Maat_table_register(instance->maat_feather, "PXY_PROFILE_TRAFFIC_MIRROR"); + instance->profile_table_id = Maat_table_register(instance->maat_feather, "TSG_PROFILE_TRAFFIC_MIRROR"); if (unlikely(instance->profile_table_id < 0)) { - TFE_LOG_ERROR(instance->logger, "failed at register table PXY_PROFILE_TRAFFIC_MIRROR, ret = %d", + TFE_LOG_ERROR(instance->logger, "failed at register table TSG_PROFILE_TRAFFIC_MIRROR, ret = %d", instance->profile_table_id); goto errout; } @@ -548,7 +490,7 @@ int traffic_mirror_init(struct tfe_proxy * proxy) if (unlikely(result < 0)) { - TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(PXY_PROFILE_TRAFFIC_MIRROR), " + TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(TSG_PROFILE_TRAFFIC_MIRROR), " "table_id = %d, ret = %d", instance->policy_table_id, result); } diff --git a/resource/pangu/doh.json b/resource/pangu/doh.json index 47ea0c2..a125794 100644 --- a/resource/pangu/doh.json +++ b/resource/pangu/doh.json @@ -161,9 +161,9 @@ { "table_name": "TSG_SECURITY_COMPILE", "table_content": [ - "0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":765,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", - "656\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", - "49\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2" + "0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":765,\"decryption\":0},\"traffic_mirror\":{\"enable\":0}}\t1\t2", + "656\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"traffic_mirror\":{\"enable\":0}}\t1\t2", + "49\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"traffic_mirror\":{\"enable\":0}}\t1\t2" ] } ] diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index 91c8195..9e21d50 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -226,6 +226,12 @@ } ], "plugin_table": [ + { + "table_name": "TSG_PROFILE_TRAFFIC_MIRROR", + "table_content": [ + "1234\ttest-traffic-mirror\t[1,2,3,4,5,6,7,8,9]\t1" + ] + }, { "table_name": "TSG_PROFILE_RESPONSE_PAGES", "table_content": [ @@ -255,8 +261,8 @@ { "table_name": "TSG_SECURITY_COMPILE", "table_content": [ - "0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":765,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", - "4\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"decrypt_mirror\":{\"enable\":0}}\t1\t2" + "0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":765,\"decryption\":0},\"traffic_mirror\":{\"enable\":0}}\t1\t2", + "4\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL\",\"keyring\":1,\"decryption\":0},\"traffic_mirror\":{\"enable\":1,\"mirror_profile\":1234}}\t1\t2" ] }, { diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 99eebf1..3ba83e4 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -47,7 +47,7 @@ 27 PXY_PROFILE_HIJACK_FILES plugin {"key":1,"foreign":"5","valid":6} 28 PXY_PROFILE_INSERT_SCRIPTS plugin {"key":1,"foreign":"4","valid":6} 29 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8} -30 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4} +30 TSG_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4} 31 TSG_PROFILE_DECRYPTION plugin {"key":1,"valid":4} 32 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0 33 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER -- diff --git a/resource/pangu/table_info_traffic_mirror.conf b/resource/pangu/table_info_traffic_mirror.conf index fb0bd87..f7bf53b 100644 --- a/resource/pangu/table_info_traffic_mirror.conf +++ b/resource/pangu/table_info_traffic_mirror.conf @@ -16,4 +16,4 @@ #For expr/expr_plus Table #id name type src_charset dst_charset do_merge cross_cache quick_mode 0 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8} -1 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4} +1 TSG_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4}