gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13837 支持decrypted traffic steering/mirroring,并重构packet_io

Browse Source
This commit is contained in:
luwenpeng
2023-03-14 16:10:44 +08:00
parent 29755f2162
commit 0e85d3c9c5
26 changed files with 1960 additions and 1941 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
platform/src/sce.cpp
View File

@@ -6,107 +6,194 @@
#include "global_metrics.h"
/******************************************************************************
* session_ctx
* Struct Metadata
******************************************************************************/
struct session_ctx *session_ctx_new()
struct metadata *metadata_new()
{
struct session_ctx *ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
assert(ctx != NULL);
return ctx;
struct metadata *meta = (struct metadata *)calloc(1, sizeof(struct metadata));
return meta;
}
void session_ctx_free(struct session_ctx *ctx)
int metadata_is_empty(struct metadata *meta)
{
if (ctx)
if (meta->write_ref == 0)
{
if (ctx->first_ctrl_pkt.addr_string)
return 1;
}
else
{
return 0;
}
}
void metadata_deep_copy(struct metadata *dst, struct metadata *src)
{
dst->write_ref++;
dst->session_id = src->session_id;
dst->raw_data = strndup(src->raw_data, src->raw_len);
dst->raw_len = src->raw_len;
dst->l7offset = src->l7offset;
dst->is_e2i_dir = src->is_e2i_dir;
dst->is_ctrl_pkt = src->is_ctrl_pkt;
dst->is_decrypted = src->is_decrypted;
sids_copy(&dst->sids, &src->sids);
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
}
void metadata_shadow_copy(struct metadata *dst, struct metadata *src)
{
dst->write_ref++;
dst->session_id = src->session_id;
dst->raw_data = src->raw_data;
dst->raw_len = src->raw_len;
dst->l7offset = src->l7offset;
dst->is_e2i_dir = src->is_e2i_dir;
dst->is_ctrl_pkt = src->is_ctrl_pkt;
dst->is_decrypted = src->is_decrypted;
sids_copy(&dst->sids, &src->sids);
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
}
void metadata_free(struct metadata *meta)
{
if (meta)
{
if (meta->raw_data)
{
free(ctx->first_ctrl_pkt.addr_string);
ctx->first_ctrl_pkt.addr_string = NULL;
free(meta->raw_data);
meta->raw_data = NULL;
}
if (ctx->first_ctrl_pkt.header_data)
{
free(ctx->first_ctrl_pkt.header_data);
ctx->first_ctrl_pkt.header_data = NULL;
}
if (ctx->chaining)
{
selected_chaining_destory(ctx->chaining);
ctx->chaining = NULL;
}
free(ctx);
ctx = 0;
free(meta);
meta = NULL;
}
}
/******************************************************************************
* sce_ctx
* Struct Session Ctx
******************************************************************************/
struct session_ctx *session_ctx_new()
{
struct session_ctx *session_ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
assert(session_ctx != NULL);
fixed_num_array_init(&session_ctx->policy_ids);
session_ctx->raw_meta_i2e = metadata_new();
session_ctx->raw_meta_e2i = metadata_new();
session_ctx->ctrl_meta = metadata_new();
return session_ctx;
}
void session_ctx_free(struct session_ctx *session_ctx)
{
if (session_ctx)
{
if (session_ctx->raw_meta_i2e)
{
metadata_free(session_ctx->raw_meta_i2e);
session_ctx->raw_meta_i2e = NULL;
}
if (session_ctx->raw_meta_e2i)
{
metadata_free(session_ctx->raw_meta_e2i);
session_ctx->raw_meta_e2i = NULL;
}
if (session_ctx->ctrl_meta)
{
metadata_free(session_ctx->ctrl_meta);
session_ctx->ctrl_meta = NULL;
}
if (session_ctx->chainings.chaining_raw)
{
selected_chaining_destory(session_ctx->chainings.chaining_raw);
session_ctx->chainings.chaining_raw = NULL;
}
if (session_ctx->chainings.chaining_decrypted)
{
selected_chaining_destory(session_ctx->chainings.chaining_decrypted);
session_ctx->chainings.chaining_decrypted = NULL;
}
free(session_ctx);
session_ctx = 0;
}
}
/******************************************************************************
* Struct SCE Ctx
******************************************************************************/
struct sce_ctx *sce_ctx_create(const char *profile)
{
struct sce_ctx *ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx));
struct sce_ctx *sce_ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx));
MESA_load_profile_int_def(profile, "system", "enable_debug", (int *)&(ctx->enable_debug), 0);
MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(ctx->firewall_sids), 1001);
MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(ctx->nr_worker_threads), 8);
MESA_load_profile_uint_range(profile, "system", "cpu_affinity_mask", MAX_THREAD_NUM, (unsigned int *)ctx->cpu_affinity_mask);
MESA_load_profile_int_def(profile, "system", "ts_update_interval_ms", (int *)&(ctx->ts_update_interval_ms), 1);
ctx->nr_worker_threads = MIN(ctx->nr_worker_threads, MAX_THREAD_NUM);
MESA_load_profile_int_def(profile, "system", "enable_debug", (int *)&(sce_ctx->enable_debug), 0);
MESA_load_profile_int_def(profile, "system", "enable_send_log", (int *)&(sce_ctx->enable_send_log), 0);
MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(sce_ctx->firewall_sids), 1001);
MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(sce_ctx->nr_worker_threads), 8);
MESA_load_profile_uint_range(profile, "system", "cpu_affinity_mask", MAX_THREAD_NUM, (unsigned int *)sce_ctx->cpu_affinity_mask);
MESA_load_profile_int_def(profile, "system", "ts_update_interval_ms", (int *)&(sce_ctx->ts_update_interval_ms), 1);
CPU_ZERO(&ctx->coremask);
for (int i = 0; i < ctx->nr_worker_threads; i++)
sce_ctx->nr_worker_threads = MIN(sce_ctx->nr_worker_threads, MAX_THREAD_NUM);
CPU_ZERO(&sce_ctx->coremask);
for (int i = 0; i < sce_ctx->nr_worker_threads; i++)
{
int cpu_id = ctx->cpu_affinity_mask[i];
CPU_SET(cpu_id, &ctx->coremask);
int cpu_id = sce_ctx->cpu_affinity_mask[i];
CPU_SET(cpu_id, &sce_ctx->coremask);
}
ctx->ts = timestamp_new(ctx->ts_update_interval_ms);
ctx->io = packet_io_create(profile, ctx->nr_worker_threads, &ctx->coremask);
if (ctx->io == NULL)
sce_ctx->ts = timestamp_new(sce_ctx->ts_update_interval_ms);
sce_ctx->metrics = global_metrics_create(profile);
if (sce_ctx->metrics == NULL)
{
goto error_out;
}
ctx->metrics = global_metrics_create(profile);
if (ctx->metrics == NULL)
sce_ctx->enforcer = policy_enforcer_create("SCE", profile, sce_ctx->nr_worker_threads, NULL);
if (sce_ctx->enforcer == NULL)
{
goto error_out;
}
ctx->enforcer = policy_enforcer_create("SCE", profile, ctx->nr_worker_threads, NULL);
if (ctx->enforcer == NULL)
if (policy_enforcer_register(sce_ctx->enforcer) == -1)
{
goto error_out;
}
if (policy_enforcer_register(ctx->enforcer) == -1)
sce_ctx->io = packet_io_create(profile, sce_ctx->nr_worker_threads, &sce_ctx->coremask);
if (sce_ctx->io == NULL)
{
goto error_out;
}
return ctx;
return sce_ctx;
error_out:
sce_ctx_destory(ctx);
sce_ctx_destory(sce_ctx);
return NULL;
}
void sce_ctx_destory(struct sce_ctx *ctx)
void sce_ctx_destory(struct sce_ctx *sce_ctx)
{
if (ctx)
if (sce_ctx)
{
policy_enforcer_destory(ctx->enforcer);
global_metrics_destory(ctx->metrics);
packet_io_destory(ctx->io);
timestamp_free(ctx->ts);
packet_io_destory(sce_ctx->io);
policy_enforcer_destory(sce_ctx->enforcer);
global_metrics_destory(sce_ctx->metrics);
timestamp_free(sce_ctx->ts);
free(ctx);
ctx = NULL;
free(sce_ctx);
sce_ctx = NULL;
}
}