gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13837 支持decrypted traffic steering/mirroring,并重构packet_io

Browse Source
This commit is contained in:
luwenpeng
2023-03-14 16:10:44 +08:00
parent 29755f2162
commit 0e85d3c9c5
26 changed files with 1960 additions and 1941 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
platform/include/global_metrics.h
View File

@@ -9,7 +9,7 @@ extern "C"
#include "utils.h"
#include <MESA/field_stat2.h>
struct global_metrics_config
struct metrics_config
{
char output_file[256];
char statsd_server[32];
@@ -21,42 +21,78 @@ struct global_metrics_config
char prometheus_listen_url[256];
};
struct device_metrics
{
struct throughput_metrics nf_rx; // 累计值
struct throughput_metrics nf_tx; // 累计值
struct throughput_metrics endpoint_rx; // 累计值
struct throughput_metrics endpoint_tx; // 累计值
struct throughput_metrics endpoint_drop; // 累计值
};
// raw_pkt_metrics 不包含 g_vxlan 所占的字节
struct raw_pkt_metrics
{
struct throughput_metrics mirr_bypass; // 累计值
struct throughput_metrics mirr_block; // 累计值
struct throughput_metrics mirr_rx_drop; // 累计值
struct throughput_metrics mirr_tx; // 累计值
struct throughput_metrics stee_bypass; // 累计值
struct throughput_metrics stee_block; // 累计值
struct throughput_metrics stee_rx; // 累计值
struct throughput_metrics stee_tx; // 累计值
struct throughput_metrics miss_sess; // 累计值
struct throughput_metrics error_bypass; // 累计值
struct throughput_metrics error_block; // 累计值
};
struct ctrl_pkt_metrics
{
struct throughput_metrics rx; // 累计值
struct throughput_metrics tx; // 累计值
uint64_t opening; // 累计值
uint64_t active; // 累计值
uint64_t closing; // 累计值
uint64_t resetall; // 累计值
uint64_t error; // 累计值
};
struct keepalived_pkt_metrics
{
struct throughput_metrics downlink_rx; // 累计值
struct throughput_metrics downlink_tx; // 累计值
struct throughput_metrics uplink_rx; // 累计值
struct throughput_metrics uplink_tx_drop; // 累计值
};
struct sf_status_metrics
{
uint64_t active; // 累计值
uint64_t inactive; // 累计值
};
struct sf_session_metrics
{
uint64_t num; // 当前值
uint64_t log; // 累计值
};
struct global_metrics
{
struct throughput_metrics dev_endpoint_rx; // 累计值
struct throughput_metrics dev_endpoint_tx; // 累计值
struct throughput_metrics dev_endpoint_err_drop; // 累计值
struct device_metrics device;
struct raw_pkt_metrics raw_pkt;
struct ctrl_pkt_metrics ctrl_pkt;
struct keepalived_pkt_metrics kee_pkt;
struct throughput_metrics raw_pkt_rx; // 累计值
struct throughput_metrics raw_pkt_tx; // 累计值
struct throughput_metrics raw_pkt_err_bypass; // 累计值
struct sf_status_metrics sf_status;
struct sf_session_metrics sf_session;
struct throughput_metrics hit_block_policy; // 累计值
struct throughput_metrics hit_bypass_policy; // 累计值
struct throughput_metrics steering_tx; // 累计值
struct throughput_metrics steering_rx; // 累计值
struct throughput_metrics mirroring_tx; // 累计值
struct throughput_metrics mirroring_rx_drop; // 累计值
struct throughput_metrics downlink_keepalive_pkt_rx; // 累计值
struct throughput_metrics uplink_keepalive_pkt_rx; // 累计值
struct throughput_metrics ctrl_pkt_rx; // 累计值
uint64_t ctrl_pkt_opening_num; // 累计值
uint64_t ctrl_pkt_active_num; // 累计值
uint64_t ctrl_pkt_closing_num; // 累计值
uint64_t ctrl_pkt_resetall_num; // 累计值
uint64_t ctrl_pkt_error_num; // 累计值
uint64_t sf_active_times; // 累计值
uint64_t sf_inactive_times; // 累计值
uint64_t session_nums; // 瞬时值
uint64_t send_log; // 瞬时值
struct global_metrics_config config;
struct metrics_config config;
screen_stat_handle_t fs_handle;
int fs_id[128];
};

4
platform/include/packet_io.h
View File

@@ -12,8 +12,8 @@ void packet_io_destory(struct packet_io *handle);
int packet_io_thread_init(struct packet_io *handle, struct thread_ctx *thread_ctx);
void packet_io_thread_wait(struct packet_io *handle, struct thread_ctx *thread_ctx, int timeout_ms);
int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, void *ctx);
int packet_io_polling_endpoint(struct packet_io *handle, int thread_seq, void *ctx);
int packet_io_thread_polling_nf(struct packet_io *handle, struct thread_ctx *thread_ctx);
int packet_io_thread_polling_endpoint(struct packet_io *handle, struct thread_ctx *thread_ctx);
#ifdef __cpluscplus
}

51
platform/include/policy.h
View File

@@ -30,19 +30,18 @@ enum session_action
SESSION_ACTION_BLOCK = 2,
};
enum session_action_reason
enum action_reason
{
ACTION_BYPASS_DUE_DEFAULT = 0x00,
ACTION_BYPASS_DUE_INVALID_POLICY = 0x01,
ACTION_BYPASS_DUE_FAILURE_ACTION = 0x02,
ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x03,
ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x04,
ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x12,
ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x13,
ACTION_BYPASS_DUE_FAILURE_ACTION = 0x14,
ACTION_BYPASS_DUE_INVALID_POLICY = 0x15,
ACTION_BLOCK_DUE_FAILURE_ACTION = 0x10,
ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x11,
ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x21,
ACTION_BLOCK_DUE_FAILURE_ACTION = 0x22,
ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF = 0x31,
ACTION_FORWAED_DUE_SELECTED_SF = 0x20,
};
enum package_method
@@ -90,7 +89,7 @@ struct selected_sf
int sf_need_skip;
int sf_profile_id;
enum session_action sf_action;
enum session_action_reason sf_action_reason;
enum action_reason sf_action_reason;
struct connectivity sf_connectivity;
struct throughput_metrics rx;
@@ -106,8 +105,29 @@ struct selected_chaining
struct selected_sf *chaining;
int chaining_size;
int chaining_used;
uint64_t session_id;
char *session_addr;
};
struct selected_chainings
{
struct selected_chaining *chaining_raw;
struct selected_chaining *chaining_decrypted;
};
const char *traffic_type_to_string(enum traffic_type traffic_type);
const char *forward_type_to_string(enum forward_type forward_type);
const char *session_action_to_string(enum session_action session_action);
const char *action_reason_to_string(enum action_reason action_reason);
const char *package_method_to_string(enum package_method package_method);
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr);
void selected_chaining_destory(struct selected_chaining *chaining);
void selected_chaining_dump(struct selected_chaining *chaining);
void selected_chaining_bref(struct selected_chaining *chaining);
void selected_chaining_uniq(struct selected_chaining *chaining);
// return NULL : error
// return !NULL : success
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger);
@@ -116,15 +136,8 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer);
// return 0 : success
// return -1 : error
int policy_enforcer_register(struct policy_enforcer *enforcer);
int policy_enforce_max_chaining_size(struct policy_enforcer *enforcer);
struct selected_chaining *selected_chaining_create(int chaining_size);
void selected_chaining_destory(struct selected_chaining *chaining);
void selected_chaining_dump(struct selected_chaining *chaining);
void selected_chaining_bref(struct selected_chaining *chaining);
const char *session_action_reason_to_string(enum session_action_reason session_action_reason);
void policy_enforce_select_chaining(struct selected_chaining *chaining, struct policy_enforcer *enforcer, struct raw_pkt_parser *parser, int policy_id, int dir_is_internal, struct session_ctx *s_ctx);
int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e);
#ifdef __cpluscplus
}

139
platform/include/sce.h
View File

@@ -15,85 +15,100 @@ extern "C"
#define MAX_THREAD_NUM 128
/******************************************************************************
* Struct For Thread
******************************************************************************/
/******************************************************************************
* Struct Thread Ctx
******************************************************************************/
struct thread_ctx
{
pthread_t tid;
int thread_index;
struct session_table *session_table;
struct sf_metrics *sf_metrics;
struct thread_ctx
{
pthread_t tid;
int thread_index;
struct packet_io *ref_io;
struct global_metrics *ref_metrics;
struct policy_enforcer *ref_enforcer;
struct sce_ctx *ref_sce_ctx;
struct sf_metrics *sf_metrics;
struct session_table *session_table;
int session_table_need_reset;
};
struct packet_io *ref_io;
struct sce_ctx *ref_sce_ctx;
struct global_metrics *ref_metrics;
struct policy_enforcer *ref_enforcer;
/******************************************************************************
* Struct For Session
******************************************************************************/
int session_table_need_reset;
};
struct packet_info
{
int dir_is_e2i;
struct addr_tuple4 tuple4;
char *addr_string;
/******************************************************************************
* Struct Metadata
******************************************************************************/
char *header_data;
int header_len;
struct metadata
{
int write_ref;
uint64_t session_id;
struct sids sids;
struct route_ctx route_ctx;
};
char *raw_data;
int raw_len;
uint16_t l7offset;
struct session_ctx
{
struct fixed_num_array policy_ids;
uint64_t session_id;
int is_e2i_dir;
int is_ctrl_pkt;
int is_decrypted;
struct route_ctx raw_pkt_i2e_route_ctx;
struct route_ctx raw_pkt_e2i_route_ctx;
struct sids sids;
struct route_ctx route_ctx;
};
struct sids raw_pkt_i2e_sids;
struct sids raw_pkt_e2i_sids;
struct metadata *metadata_new();
int metadata_is_empty(struct metadata *meta);
void metadata_deep_copy(struct metadata *dst, struct metadata *src);
void metadata_shadow_copy(struct metadata *dst, struct metadata *src);
void metadata_free(struct metadata *meta);
// depending on first control packet
struct packet_info first_ctrl_pkt;
struct selected_chaining *chaining;
/******************************************************************************
* Struct Session Ctx
******************************************************************************/
struct thread_ctx *ref_thread_ctx;
};
struct session_ctx
{
uint64_t session_id;
char *session_addr;
struct session_ctx *session_ctx_new();
void session_ctx_free(struct session_ctx *ctx);
struct addr_tuple4 inner_tuple4;
struct fixed_num_array policy_ids;
/******************************************************************************
* Struct For SCE
******************************************************************************/
struct metadata *raw_meta_i2e;
struct metadata *raw_meta_e2i;
struct metadata *ctrl_meta;
struct sce_ctx
{
int enable_debug;
int firewall_sids;
int nr_worker_threads;
int ts_update_interval_ms;
int cpu_affinity_mask[MAX_THREAD_NUM];
struct selected_chainings chainings;
cpu_set_t coremask;
struct timestamp *ts;
struct packet_io *io;
struct global_metrics *metrics;
struct policy_enforcer *enforcer;
struct thread_ctx work_threads[MAX_THREAD_NUM];
};
struct thread_ctx *ref_thread_ctx;
};
struct sce_ctx *sce_ctx_create(const char *profile);
void sce_ctx_destory(struct sce_ctx *ctx);
struct session_ctx *session_ctx_new();
void session_ctx_free(struct session_ctx *ctx);
/******************************************************************************
* Struct SCE Ctx
******************************************************************************/
struct sce_ctx
{
int enable_debug;
int enable_send_log;
int firewall_sids;
int nr_worker_threads;
int ts_update_interval_ms;
int cpu_affinity_mask[MAX_THREAD_NUM];
cpu_set_t coremask;
struct timestamp *ts;
struct packet_io *io;
struct global_metrics *metrics;
struct policy_enforcer *enforcer;
struct thread_ctx work_threads[MAX_THREAD_NUM];
};
struct sce_ctx *sce_ctx_create(const char *profile);
void sce_ctx_destory(struct sce_ctx *ctx);
#ifdef __cpluscplus
}