gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13837 支持decrypted traffic steering/mirroring,并重构packet_io

Browse Source
This commit is contained in:
luwenpeng
2023-03-14 16:10:44 +08:00
parent 29755f2162
commit 0e85d3c9c5
26 changed files with 1960 additions and 1941 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.gitlab-ci.yml
View File

@@ -53,7 +53,7 @@ develop_build_debug_for_centos7:
TESTING_VERSION_BUILD: 1 TESTING_VERSION_BUILD: 1
UPLOAD_SYMBOL_FILES: 1 UPLOAD_SYMBOL_FILES: 1
BUILD_TYPE: Debug BUILD_TYPE: Debug
# ASAN_OPTION: ADDRESS ASAN_OPTION: ADDRESS
PACKAGE: 1 PACKAGE: 1
PULP3_REPO_NAME: tsg-testing-x86_64.el7 PULP3_REPO_NAME: tsg-testing-x86_64.el7
PULP3_DIST_NAME: tsg-testing-x86_64.el7 PULP3_DIST_NAME: tsg-testing-x86_64.el7
@@ -71,7 +71,7 @@ develop_build_release_for_centos7:
variables: variables:
TESTING_VERSION_BUILD: 1 TESTING_VERSION_BUILD: 1
UPLOAD_SYMBOL_FILES: 1 UPLOAD_SYMBOL_FILES: 1
# ASAN_OPTION: ADDRESS ASAN_OPTION: ADDRESS
BUILD_TYPE: RelWithDebInfo BUILD_TYPE: RelWithDebInfo
PACKAGE: 1 PACKAGE: 1
PULP3_REPO_NAME: tsg-testing-x86_64.el7 PULP3_REPO_NAME: tsg-testing-x86_64.el7
@@ -160,7 +160,7 @@ develop_build_debug_for_centos8:
TESTING_VERSION_BUILD: 1 TESTING_VERSION_BUILD: 1
UPLOAD_SYMBOL_FILES: 1 UPLOAD_SYMBOL_FILES: 1
BUILD_TYPE: Debug BUILD_TYPE: Debug
# ASAN_OPTION: ADDRESS ASAN_OPTION: ADDRESS
PACKAGE: 1 PACKAGE: 1
PULP3_REPO_NAME: tsg-testing-x86_64.el8 PULP3_REPO_NAME: tsg-testing-x86_64.el8
PULP3_DIST_NAME: tsg-testing-x86_64.el8 PULP3_DIST_NAME: tsg-testing-x86_64.el8
@@ -178,7 +178,7 @@ develop_build_release_for_centos8:
variables: variables:
TESTING_VERSION_BUILD: 1 TESTING_VERSION_BUILD: 1
UPLOAD_SYMBOL_FILES: 1 UPLOAD_SYMBOL_FILES: 1
# ASAN_OPTION: ADDRESS ASAN_OPTION: ADDRESS
BUILD_TYPE: RelWithDebInfo BUILD_TYPE: RelWithDebInfo
PACKAGE: 1 PACKAGE: 1
PULP3_REPO_NAME: tsg-testing-x86_64.el8 PULP3_REPO_NAME: tsg-testing-x86_64.el8

2
ci/travis.sh
View File

@@ -58,7 +58,7 @@ cmake3 -DCMAKE_CXX_FLAGS=$CXX_FLAGS \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \ -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DVERSION_DAILY_BUILD=$TESTING_VERSION_BUILD \ -DVERSION_DAILY_BUILD=$TESTING_VERSION_BUILD \
.. ..
make make -j 4
if [ -n "${PACKAGE}" ]; then if [ -n "${PACKAGE}" ]; then
make package make package

29
common/include/addr_tuple4.h
View File

@@ -8,26 +8,26 @@ extern "C"
#include <netinet/in.h> #include <netinet/in.h>
enum addr_tuple4_type enum addr_tuple4_type
{ {
ADDR_TUPLE4_TYPE_V4, ADDR_TUPLE4_TYPE_V4,
ADDR_TUPLE4_TYPE_V6, ADDR_TUPLE4_TYPE_V6,
}; };
struct addr_v4 struct addr_v4
{ {
struct in_addr src_addr; /* network order */ struct in_addr src_addr; /* network order */
struct in_addr dst_addr; /* network order */ struct in_addr dst_addr; /* network order */
}; };
struct addr_v6 struct addr_v6
{ {
struct in6_addr src_addr; /* network order */ struct in6_addr src_addr; /* network order */
struct in6_addr dst_addr; /* network order */ struct in6_addr dst_addr; /* network order */
}; };
struct addr_tuple4 struct addr_tuple4
{ {
enum addr_tuple4_type addr_type; enum addr_tuple4_type addr_type;
in_port_t src_port; /* network order */ in_port_t src_port; /* network order */
in_port_t dst_port; /* network order */ in_port_t dst_port; /* network order */
@@ -36,7 +36,7 @@ extern "C"
struct addr_v4 addr_v4; struct addr_v4 addr_v4;
struct addr_v6 addr_v6; struct addr_v6 addr_v6;
}; };
}; };
#define INIT_ADDR_V4(name, src_addr_str, src_port_num, dst_addr_str, dst_port_num) \ #define INIT_ADDR_V4(name, src_addr_str, src_port_num, dst_addr_str, dst_port_num) \
struct addr_tuple4 name; \ struct addr_tuple4 name; \
@@ -56,8 +56,9 @@ extern "C"
inet_pton(AF_INET6, (src_addr_str), &(name).addr_v6.src_addr); \ inet_pton(AF_INET6, (src_addr_str), &(name).addr_v6.src_addr); \
inet_pton(AF_INET6, (dst_addr_str), &(name).addr_v6.dst_addr); inet_pton(AF_INET6, (dst_addr_str), &(name).addr_v6.dst_addr);
char *addr_tuple4_to_str(const struct addr_tuple4 *addr); void addr_tuple4_copy(struct addr_tuple4 *dst, struct addr_tuple4 *src);
void addr_tuple4_reverse(const struct addr_tuple4 *orin, struct addr_tuple4 *out); char *addr_tuple4_to_str(const struct addr_tuple4 *addr);
void addr_tuple4_reverse(const struct addr_tuple4 *orin, struct addr_tuple4 *out);
#ifdef __cpluscplus #ifdef __cpluscplus
} }

2
common/include/raw_packet.h
View File

@@ -90,7 +90,7 @@ int raw_packet_parser_get_most_outer_tuple4(struct raw_pkt_parser *handler, stru
int raw_packet_parser_get_most_inner_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr); int raw_packet_parser_get_most_inner_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
int raw_packet_parser_get_most_outer_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr); int raw_packet_parser_get_most_outer_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_internal); uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_i2e);
#ifdef __cpluscplus #ifdef __cpluscplus
} }

8
common/include/session_table.h
View File

@@ -21,8 +21,8 @@ struct session_node
uint64_t session_id; /* first key */ uint64_t session_id; /* first key */
struct addr_tuple4 session_addr; /* second key */ struct addr_tuple4 session_addr; /* second key */
void *val_data; void *value;
fn_free_cb *val_freecb; fn_free_cb *value_free_cb;
UT_hash_handle hh1; /* handle for first hash table */ UT_hash_handle hh1; /* handle for first hash table */
UT_hash_handle hh2; /* handle for second hash table */ UT_hash_handle hh2; /* handle for second hash table */
@@ -36,10 +36,10 @@ void session_table_reset(struct session_table *table);
uint64_t session_table_count(struct session_table *table); uint64_t session_table_count(struct session_table *table);
// session_addr : deep copy // session_addr : deep copy
// val_data : shallow copy (malloc by user, free by val_freecb) // value : shallow copy (malloc by user, free by value_free_cb)
// return 0 : suceess // return 0 : suceess
// return -1 : key exists // return -1 : key exists
int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *val_data, const fn_free_cb *val_freecb); int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *value, const fn_free_cb *value_free_cb);
// return 0 : success // return 0 : success
// return -1 : key not exists // return -1 : key not exists

10
common/include/utils.h
View File

@@ -8,16 +8,16 @@ extern "C"
#define MIN(a, b) ((a) > (b) ? (b) : (a)) #define MIN(a, b) ((a) > (b) ? (b) : (a))
#define LOG_TAG_SCE "SCE"
#define LOG_TAG_POLICY "POLICY" #define LOG_TAG_POLICY "POLICY"
#define LOG_TAG_UTILS "UTILS" #define LOG_TAG_PKTIO "PACKET_IO"
#define LOG_TAG_RAWPKT "RAW_PACKET" #define LOG_TAG_RAWPKT "RAW_PACKET"
#define LOG_TAG_CTRLPKT "CTRL_PACKET" #define LOG_TAG_CTRLPKT "CTRL_PACKET"
#define LOG_TAG_STABLE "SESSION_TABLE"
#define LOG_TAG_PKTIO "PACKET_IO"
#define LOG_TAG_METRICS "G_METRICS" #define LOG_TAG_METRICS "G_METRICS"
#define LOG_TAG_SF_METRICS "SF_METRICS" #define LOG_TAG_SF_METRICS "SF_METRICS"
#define LOG_TAG_SF_STATUS "SF_STATUS" #define LOG_TAG_SF_STATUS "SF_STATUS"
#define LOG_TAG_SCE "SCE" #define LOG_TAG_UTILS "UTILS"
#define LOG_TAG_HEALTH_CHECK "HEALTH_CHECK"
#define LOG_TAG_TIMESTAMP "TIMESTAMP" #define LOG_TAG_TIMESTAMP "TIMESTAMP"
#define ATOMIC_INC(x) __atomic_fetch_add(x, 1, __ATOMIC_RELAXED) #define ATOMIC_INC(x) __atomic_fetch_add(x, 1, __ATOMIC_RELAXED)
@@ -71,7 +71,7 @@ struct route_ctx
int len; int len;
}; };
int route_ctx_is_empty(struct route_ctx *ctx); void route_ctx_write_once(struct route_ctx *dst, struct route_ctx *src);
void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src); void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src);
/****************************************************************************** /******************************************************************************

18
common/src/addr_tuple4.cpp
View File

@@ -4,6 +4,24 @@
#include "addr_tuple4.h" #include "addr_tuple4.h"
void addr_tuple4_copy(struct addr_tuple4 *dst, struct addr_tuple4 *src)
{
dst->addr_type = src->addr_type;
dst->src_port = src->src_port;
dst->dst_port = src->dst_port;
if (src->addr_type == ADDR_TUPLE4_TYPE_V4)
{
memcpy(&(dst->addr_v4.src_addr), &(src->addr_v4.src_addr), sizeof(struct in_addr));
memcpy(&(dst->addr_v4.dst_addr), &(src->addr_v4.dst_addr), sizeof(struct in_addr));
}
else
{
memcpy(&(dst->addr_v6.src_addr), &(src->addr_v6.src_addr), sizeof(struct addr_v6));
memcpy(&(dst->addr_v6.dst_addr), &(src->addr_v6.dst_addr), sizeof(struct addr_v6));
}
}
char *addr_tuple4_to_str(const struct addr_tuple4 *addr) char *addr_tuple4_to_str(const struct addr_tuple4 *addr)
{ {
char *str_ret = NULL; char *str_ret = NULL;

14
common/src/raw_packet.cpp
View File

@@ -272,7 +272,7 @@ int raw_packet_parser_get_most_outer_address(struct raw_pkt_parser *handler, str
return -1; return -1;
} }
uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_internal) uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_i2e)
{ {
uint64_t temp = 0; uint64_t temp = 0;
uint64_t hash_value = 1; uint64_t hash_value = 1;
@@ -333,7 +333,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
switch (method) switch (method)
{ {
case LDBC_METHOD_HASH_INT_IP: case LDBC_METHOD_HASH_INT_IP:
if (dir_is_internal) if (dir_is_i2e)
{ {
// outer src ip // outer src ip
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value); HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
@@ -345,7 +345,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
} }
break; break;
case LDBC_METHOD_HASH_EXT_IP: case LDBC_METHOD_HASH_EXT_IP:
if (dir_is_internal) if (dir_is_i2e)
{ {
// outer dst ip // outer dst ip
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value); HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
@@ -363,7 +363,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
hash_value = hash_value ^ temp; hash_value = hash_value ^ temp;
break; break;
case LDBC_METHOD_HASH_INNERMOST_INT_IP: case LDBC_METHOD_HASH_INNERMOST_INT_IP:
if (dir_is_internal) if (dir_is_i2e)
{ {
// innner src ip // innner src ip
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value); HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
@@ -375,7 +375,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
} }
break; break;
case LDBC_METHOD_HASH_INNERMOST_EXT_IP: case LDBC_METHOD_HASH_INNERMOST_EXT_IP:
if (dir_is_internal) if (dir_is_i2e)
{ {
// innner dst ip // innner dst ip
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value); HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
@@ -393,7 +393,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
char *inner_addr_str = addr_tuple4_to_str(&inner_addr); char *inner_addr_str = addr_tuple4_to_str(&inner_addr);
char *outer_addr_str = addr_tuple4_to_str(&outer_addr); char *outer_addr_str = addr_tuple4_to_str(&outer_addr);
LOG_DEBUG("%s: pkt_trace_id: %lu, outer_addr: %s, inner_addr: %s, is_internal: %d, hash_method: %s, hash_value: %lu", LOG_DEBUG("%s: pkt_trace_id: %lu, outer_addr: %s, inner_addr: %s, is_internal: %d, hash_method: %s, hash_value: %lu",
LOG_TAG_RAWPKT, handler->pkt_trace_id, outer_addr_str, inner_addr_str, dir_is_internal, ldbc_method_to_string(method), hash_value); LOG_TAG_RAWPKT, handler->pkt_trace_id, outer_addr_str, inner_addr_str, dir_is_i2e, ldbc_method_to_string(method), hash_value);
free(inner_addr_str); free(inner_addr_str);
free(outer_addr_str); free(outer_addr_str);
@@ -814,7 +814,7 @@ static const void *parse_vxlan(struct raw_pkt_parser *handler, const void *data,
return data; return data;
} }
struct vxlan_hdr *vxlan_hdr = (struct vxlan_hdr *)data; // struct vxlan_hdr *vxlan_hdr = (struct vxlan_hdr *)data;
uint16_t hdr_len = sizeof(struct vxlan_hdr); uint16_t hdr_len = sizeof(struct vxlan_hdr);
const void *data_next_layer = (const char *)data + hdr_len; const void *data_next_layer = (const char *)data + hdr_len;
size_t data_next_length = length - hdr_len; size_t data_next_length = length - hdr_len;

50
common/src/session_table.cpp
View File

@@ -2,7 +2,6 @@
#include "session_table.h" #include "session_table.h"
#include "utils.h" #include "utils.h"
#include "log.h"
struct session_table struct session_table
{ {
@@ -33,9 +32,9 @@ void session_table_destory(struct session_table *table)
HASH_DELETE(hh1, table->root_by_id, node); HASH_DELETE(hh1, table->root_by_id, node);
HASH_DELETE(hh2, table->root_by_addr, node); HASH_DELETE(hh2, table->root_by_addr, node);
if (node->val_freecb && node->val_data) if (node->value_free_cb && node->value)
{ {
node->val_freecb(node->val_data); node->value_free_cb(node->value);
} }
free(node); free(node);
@@ -58,9 +57,9 @@ void session_table_reset(struct session_table *table)
HASH_DELETE(hh1, table->root_by_id, node); HASH_DELETE(hh1, table->root_by_id, node);
HASH_DELETE(hh2, table->root_by_addr, node); HASH_DELETE(hh2, table->root_by_addr, node);
if (node->val_freecb && node->val_data) if (node->value_free_cb && node->value)
{ {
node->val_freecb(node->val_data); node->value_free_cb(node->value);
} }
free(node); free(node);
@@ -84,14 +83,13 @@ uint64_t session_table_count(struct session_table *table)
} }
// session_addr : deep copy // session_addr : deep copy
// val_data : shallow copy (malloc by user, free by val_freecb) // value : shallow copy (malloc by user, free by value_free_cb)
int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *val_data, const fn_free_cb *val_freecb) int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *value, const fn_free_cb *value_free_cb)
{ {
struct session_node *temp = NULL; struct session_node *temp = NULL;
HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp); HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp);
if (temp) if (temp)
{ {
LOG_DEBUG("%s: insert: key %lu exists", LOG_TAG_STABLE, session_id);
return -1; return -1;
} }
@@ -100,13 +98,12 @@ int session_table_insert(struct session_table *table, uint64_t session_id, const
temp->session_id = session_id; temp->session_id = session_id;
memcpy(&temp->session_addr, session_addr, sizeof(struct addr_tuple4)); memcpy(&temp->session_addr, session_addr, sizeof(struct addr_tuple4));
temp->val_data = val_data; temp->value = value;
temp->val_freecb = val_freecb; temp->value_free_cb = value_free_cb;
HASH_ADD(hh1, table->root_by_id, session_id, sizeof(temp->session_id), temp); HASH_ADD(hh1, table->root_by_id, session_id, sizeof(temp->session_id), temp);
HASH_ADD(hh2, table->root_by_addr, session_addr, sizeof(temp->session_addr), temp); HASH_ADD(hh2, table->root_by_addr, session_addr, sizeof(temp->session_addr), temp);
LOG_DEBUG("%s: insert: key %lu success", LOG_TAG_STABLE, session_id);
table->session_node_count++; table->session_node_count++;
return 0; return 0;
@@ -118,23 +115,21 @@ int session_table_delete_by_id(struct session_table *table, uint64_t session_id)
HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp); HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp);
if (!temp) if (!temp)
{ {
LOG_DEBUG("%s: delete: key %lu not exists", LOG_TAG_STABLE, session_id);
return -1; return -1;
} }
HASH_DELETE(hh1, table->root_by_id, temp); HASH_DELETE(hh1, table->root_by_id, temp);
HASH_DELETE(hh2, table->root_by_addr, temp); HASH_DELETE(hh2, table->root_by_addr, temp);
if (temp->val_freecb && temp->val_data) if (temp->value_free_cb && temp->value)
{ {
temp->val_freecb(temp->val_data); temp->value_free_cb(temp->value);
temp->val_data = NULL; temp->value = NULL;
} }
free(temp); free(temp);
temp = NULL; temp = NULL;
LOG_DEBUG("%s: delete: key %lu success", LOG_TAG_STABLE, session_id);
table->session_node_count--; table->session_node_count--;
return 0; return 0;
@@ -143,7 +138,6 @@ int session_table_delete_by_id(struct session_table *table, uint64_t session_id)
int session_table_delete_by_addr(struct session_table *table, const struct addr_tuple4 *session_addr) int session_table_delete_by_addr(struct session_table *table, const struct addr_tuple4 *session_addr)
{ {
struct session_node *temp = NULL; struct session_node *temp = NULL;
char *addr_str = addr_tuple4_to_str(session_addr);
HASH_FIND(hh2, table->root_by_addr, session_addr, sizeof(struct addr_tuple4), temp); HASH_FIND(hh2, table->root_by_addr, session_addr, sizeof(struct addr_tuple4), temp);
if (!temp) if (!temp)
{ {
@@ -152,8 +146,6 @@ int session_table_delete_by_addr(struct session_table *table, const struct addr_
HASH_FIND(hh2, table->root_by_addr, &reverse_addr, sizeof(struct addr_tuple4), temp); HASH_FIND(hh2, table->root_by_addr, &reverse_addr, sizeof(struct addr_tuple4), temp);
if (!temp) if (!temp)
{ {
LOG_DEBUG("%s: delete: key %s not exists", LOG_TAG_STABLE, addr_str);
free(addr_str);
return -1; return -1;
} }
} }
@@ -161,18 +153,15 @@ int session_table_delete_by_addr(struct session_table *table, const struct addr_
HASH_DELETE(hh1, table->root_by_id, temp); HASH_DELETE(hh1, table->root_by_id, temp);
HASH_DELETE(hh2, table->root_by_addr, temp); HASH_DELETE(hh2, table->root_by_addr, temp);
if (temp->val_freecb && temp->val_data) if (temp->value_free_cb && temp->value)
{ {
temp->val_freecb(temp->val_data); temp->value_free_cb(temp->value);
temp->val_data = NULL; temp->value = NULL;
} }
free(temp); free(temp);
temp = NULL; temp = NULL;
LOG_DEBUG("%s: delete: key %s success", LOG_TAG_STABLE, addr_str);
free(addr_str);
addr_str = NULL;
table->session_node_count--; table->session_node_count--;
return 0; return 0;
@@ -184,19 +173,15 @@ struct session_node *session_table_search_by_id(struct session_table *table, uin
HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp); HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp);
if (!temp) if (!temp)
{ {
LOG_DEBUG("%s: search: key %lu not exists", LOG_TAG_STABLE, session_id);
return NULL; return NULL;
} }
LOG_DEBUG("%s: search: key %lu success", LOG_TAG_STABLE, session_id);
return temp; return temp;
} }
struct session_node *session_table_search_by_addr(struct session_table *table, const struct addr_tuple4 *session_addr) struct session_node *session_table_search_by_addr(struct session_table *table, const struct addr_tuple4 *session_addr)
{ {
struct session_node *temp = NULL; struct session_node *temp = NULL;
char *addr_str = addr_tuple4_to_str(session_addr);
HASH_FIND(hh2, table->root_by_addr, session_addr, sizeof(struct addr_tuple4), temp); HASH_FIND(hh2, table->root_by_addr, session_addr, sizeof(struct addr_tuple4), temp);
if (!temp) if (!temp)
{ {
@@ -205,16 +190,9 @@ struct session_node *session_table_search_by_addr(struct session_table *table, c
HASH_FIND(hh2, table->root_by_addr, &reverse_addr, sizeof(struct addr_tuple4), temp); HASH_FIND(hh2, table->root_by_addr, &reverse_addr, sizeof(struct addr_tuple4), temp);
if (!temp) if (!temp)
{ {
LOG_DEBUG("%s: search: key %s not exists", LOG_TAG_STABLE, addr_str);
free(addr_str);
addr_str = NULL;
return NULL; return NULL;
} }
} }
LOG_DEBUG("%s: search: key %s success", LOG_TAG_STABLE, addr_str);
free(addr_str);
addr_str = NULL;
return temp; return temp;
} }

15
common/src/utils.cpp
View File

@@ -126,15 +126,14 @@ void sids_copy(struct sids *dst, struct sids *src)
* route_ctx * route_ctx
******************************************************************************/ ******************************************************************************/
int route_ctx_is_empty(struct route_ctx *ctx) void route_ctx_write_once(struct route_ctx *dst, struct route_ctx *src)
{ {
if (ctx->len == 0) if (dst && src)
{ {
return 1; if (dst->len == 0)
{
route_ctx_copy(dst, src);
} }
else
{
return 0;
} }
} }
@@ -150,8 +149,8 @@ void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src)
void throughput_metrics_inc(struct throughput_metrics *iterm, uint64_t n_pkts, uint64_t n_bytes) void throughput_metrics_inc(struct throughput_metrics *iterm, uint64_t n_pkts, uint64_t n_bytes)
{ {
__atomic_fetch_add(&iterm->n_bytes, n_bytes, __ATOMIC_RELAXED); ATOMIC_ADD(&iterm->n_bytes, n_bytes);
__atomic_fetch_add(&iterm->n_pkts, n_pkts, __ATOMIC_RELAXED); ATOMIC_ADD(&iterm->n_pkts, n_pkts);
} }
/****************************************************************************** /******************************************************************************

2
common/test/gtest_ctrl_packet.cpp
View File

@@ -4,7 +4,7 @@
TEST(CTRL_PACKET, PARSE) TEST(CTRL_PACKET, PARSE)
{ {
const char *data = "{\"tsync\":\"1.0\",\"session_id\":123456789,\"state\":\"active\",\"method\":\"policy_update\",\"params\":{\"service_chaining\":[1,2,3],\"shaping\":[4,5,6]}}"; const char *data = "{\"tsync\":\"1.0\",\"session_id\":\"123456789\",\"state\":\"active\",\"method\":\"policy_update\",\"params\":{\"service_chaining\":[1,2,3],\"shaping\":[4,5,6]}}";
size_t length = strlen(data); size_t length = strlen(data);
struct ctrl_pkt_parser parser; struct ctrl_pkt_parser parser;

12
common/test/gtest_session_table.cpp
View File

@@ -48,10 +48,10 @@ TEST(STREAM_TABLE, SEARCH_BY_ID)
struct session_node *node = NULL; struct session_node *node = NULL;
node = session_table_search_by_id(table, 1); node = session_table_search_by_id(table, 1);
EXPECT_TRUE(node != nullptr); EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "HELLO"); EXPECT_STREQ((const char *)node->value, "HELLO");
node = session_table_search_by_id(table, 2); node = session_table_search_by_id(table, 2);
EXPECT_TRUE(node != nullptr); EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "WORLD"); EXPECT_STREQ((const char *)node->value, "WORLD");
node = session_table_search_by_id(table, 3); node = session_table_search_by_id(table, 3);
EXPECT_TRUE(node == nullptr); EXPECT_TRUE(node == nullptr);
@@ -80,10 +80,10 @@ TEST(STREAM_TABLE, SEARCH_BY_ADDR)
struct session_node *node = NULL; struct session_node *node = NULL;
node = session_table_search_by_addr(table, &addr1); node = session_table_search_by_addr(table, &addr1);
EXPECT_TRUE(node != nullptr); EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "HELLO"); EXPECT_STREQ((const char *)node->value, "HELLO");
node = session_table_search_by_addr(table, &addr2); node = session_table_search_by_addr(table, &addr2);
EXPECT_TRUE(node != nullptr); EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "WORLD"); EXPECT_STREQ((const char *)node->value, "WORLD");
node = session_table_search_by_addr(table, &addr3); node = session_table_search_by_addr(table, &addr3);
EXPECT_TRUE(node == nullptr); EXPECT_TRUE(node == nullptr);
@@ -115,10 +115,10 @@ TEST(STREAM_TABLE, SEARCH_BY_REVERSE_ADDR)
struct session_node *node = NULL; struct session_node *node = NULL;
node = session_table_search_by_addr(table, &addr1_reverse); node = session_table_search_by_addr(table, &addr1_reverse);
EXPECT_TRUE(node != nullptr); EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "HELLO"); EXPECT_STREQ((const char *)node->value, "HELLO");
node = session_table_search_by_addr(table, &addr2_reverse); node = session_table_search_by_addr(table, &addr2_reverse);
EXPECT_TRUE(node != nullptr); EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "WORLD"); EXPECT_STREQ((const char *)node->value, "WORLD");
// TEST Destory // TEST Destory
session_table_destory(table); session_table_destory(table);

1
conf/sce.conf
View File

@@ -3,6 +3,7 @@ nr_worker_threads=8
cpu_affinity_mask=2,3,4-9 cpu_affinity_mask=2,3,4-9
firewall_sids=1001 firewall_sids=1001
enable_debug=0 enable_debug=0
enable_send_log=0
ts_update_interval_ms=1 ts_update_interval_ms=1
# Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally # Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally

102
platform/include/global_metrics.h
View File

@@ -9,7 +9,7 @@ extern "C"
#include "utils.h" #include "utils.h"
#include <MESA/field_stat2.h> #include <MESA/field_stat2.h>
struct global_metrics_config struct metrics_config
{ {
char output_file[256]; char output_file[256];
char statsd_server[32]; char statsd_server[32];
@@ -21,42 +21,78 @@ struct global_metrics_config
char prometheus_listen_url[256]; char prometheus_listen_url[256];
}; };
struct device_metrics
{
struct throughput_metrics nf_rx; // 累计值
struct throughput_metrics nf_tx; // 累计值
struct throughput_metrics endpoint_rx; // 累计值
struct throughput_metrics endpoint_tx; // 累计值
struct throughput_metrics endpoint_drop; // 累计值
};
// raw_pkt_metrics 不包含 g_vxlan 所占的字节
struct raw_pkt_metrics
{
struct throughput_metrics mirr_bypass; // 累计值
struct throughput_metrics mirr_block; // 累计值
struct throughput_metrics mirr_rx_drop; // 累计值
struct throughput_metrics mirr_tx; // 累计值
struct throughput_metrics stee_bypass; // 累计值
struct throughput_metrics stee_block; // 累计值
struct throughput_metrics stee_rx; // 累计值
struct throughput_metrics stee_tx; // 累计值
struct throughput_metrics miss_sess; // 累计值
struct throughput_metrics error_bypass; // 累计值
struct throughput_metrics error_block; // 累计值
};
struct ctrl_pkt_metrics
{
struct throughput_metrics rx; // 累计值
struct throughput_metrics tx; // 累计值
uint64_t opening; // 累计值
uint64_t active; // 累计值
uint64_t closing; // 累计值
uint64_t resetall; // 累计值
uint64_t error; // 累计值
};
struct keepalived_pkt_metrics
{
struct throughput_metrics downlink_rx; // 累计值
struct throughput_metrics downlink_tx; // 累计值
struct throughput_metrics uplink_rx; // 累计值
struct throughput_metrics uplink_tx_drop; // 累计值
};
struct sf_status_metrics
{
uint64_t active; // 累计值
uint64_t inactive; // 累计值
};
struct sf_session_metrics
{
uint64_t num; // 当前值
uint64_t log; // 累计值
};
struct global_metrics struct global_metrics
{ {
struct throughput_metrics dev_endpoint_rx; // 累计值 struct device_metrics device;
struct throughput_metrics dev_endpoint_tx; // 累计值 struct raw_pkt_metrics raw_pkt;
struct throughput_metrics dev_endpoint_err_drop; // 累计值 struct ctrl_pkt_metrics ctrl_pkt;
struct keepalived_pkt_metrics kee_pkt;
struct throughput_metrics raw_pkt_rx; // 累计值 struct sf_status_metrics sf_status;
struct throughput_metrics raw_pkt_tx; // 累计值 struct sf_session_metrics sf_session;
struct throughput_metrics raw_pkt_err_bypass; // 累计值
struct throughput_metrics hit_block_policy; // 累计值 struct metrics_config config;
struct throughput_metrics hit_bypass_policy; // 累计值
struct throughput_metrics steering_tx; // 累计值
struct throughput_metrics steering_rx; // 累计值
struct throughput_metrics mirroring_tx; // 累计值
struct throughput_metrics mirroring_rx_drop; // 累计值
struct throughput_metrics downlink_keepalive_pkt_rx; // 累计值
struct throughput_metrics uplink_keepalive_pkt_rx; // 累计值
struct throughput_metrics ctrl_pkt_rx; // 累计值
uint64_t ctrl_pkt_opening_num; // 累计值
uint64_t ctrl_pkt_active_num; // 累计值
uint64_t ctrl_pkt_closing_num; // 累计值
uint64_t ctrl_pkt_resetall_num; // 累计值
uint64_t ctrl_pkt_error_num; // 累计值
uint64_t sf_active_times; // 累计值
uint64_t sf_inactive_times; // 累计值
uint64_t session_nums; // 瞬时值
uint64_t send_log; // 瞬时值
struct global_metrics_config config;
screen_stat_handle_t fs_handle; screen_stat_handle_t fs_handle;
int fs_id[128]; int fs_id[128];
}; };

4
platform/include/packet_io.h
View File

@@ -12,8 +12,8 @@ void packet_io_destory(struct packet_io *handle);
int packet_io_thread_init(struct packet_io *handle, struct thread_ctx *thread_ctx); int packet_io_thread_init(struct packet_io *handle, struct thread_ctx *thread_ctx);
void packet_io_thread_wait(struct packet_io *handle, struct thread_ctx *thread_ctx, int timeout_ms); void packet_io_thread_wait(struct packet_io *handle, struct thread_ctx *thread_ctx, int timeout_ms);
int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, void *ctx); int packet_io_thread_polling_nf(struct packet_io *handle, struct thread_ctx *thread_ctx);
int packet_io_polling_endpoint(struct packet_io *handle, int thread_seq, void *ctx); int packet_io_thread_polling_endpoint(struct packet_io *handle, struct thread_ctx *thread_ctx);
#ifdef __cpluscplus #ifdef __cpluscplus
} }

51
platform/include/policy.h
View File

@@ -30,19 +30,18 @@ enum session_action
SESSION_ACTION_BLOCK = 2, SESSION_ACTION_BLOCK = 2,
}; };
enum session_action_reason enum action_reason
{ {
ACTION_BYPASS_DUE_DEFAULT = 0x00, ACTION_BYPASS_DUE_DEFAULT = 0x00,
ACTION_BYPASS_DUE_INVALID_POLICY = 0x01,
ACTION_BYPASS_DUE_FAILURE_ACTION = 0x02,
ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x03,
ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x04,
ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x12, ACTION_BLOCK_DUE_FAILURE_ACTION = 0x10,
ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x13, ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x11,
ACTION_BYPASS_DUE_FAILURE_ACTION = 0x14,
ACTION_BYPASS_DUE_INVALID_POLICY = 0x15,
ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x21, ACTION_FORWAED_DUE_SELECTED_SF = 0x20,
ACTION_BLOCK_DUE_FAILURE_ACTION = 0x22,
ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF = 0x31,
}; };
enum package_method enum package_method
@@ -90,7 +89,7 @@ struct selected_sf
int sf_need_skip; int sf_need_skip;
int sf_profile_id; int sf_profile_id;
enum session_action sf_action; enum session_action sf_action;
enum session_action_reason sf_action_reason; enum action_reason sf_action_reason;
struct connectivity sf_connectivity; struct connectivity sf_connectivity;
struct throughput_metrics rx; struct throughput_metrics rx;
@@ -106,8 +105,29 @@ struct selected_chaining
struct selected_sf *chaining; struct selected_sf *chaining;
int chaining_size; int chaining_size;
int chaining_used; int chaining_used;
uint64_t session_id;
char *session_addr;
}; };
struct selected_chainings
{
struct selected_chaining *chaining_raw;
struct selected_chaining *chaining_decrypted;
};
const char *traffic_type_to_string(enum traffic_type traffic_type);
const char *forward_type_to_string(enum forward_type forward_type);
const char *session_action_to_string(enum session_action session_action);
const char *action_reason_to_string(enum action_reason action_reason);
const char *package_method_to_string(enum package_method package_method);
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr);
void selected_chaining_destory(struct selected_chaining *chaining);
void selected_chaining_dump(struct selected_chaining *chaining);
void selected_chaining_bref(struct selected_chaining *chaining);
void selected_chaining_uniq(struct selected_chaining *chaining);
// return NULL : error // return NULL : error
// return !NULL : success // return !NULL : success
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger); struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger);
@@ -116,15 +136,8 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer);
// return 0 : success // return 0 : success
// return -1 : error // return -1 : error
int policy_enforcer_register(struct policy_enforcer *enforcer); int policy_enforcer_register(struct policy_enforcer *enforcer);
int policy_enforce_max_chaining_size(struct policy_enforcer *enforcer); int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e);
struct selected_chaining *selected_chaining_create(int chaining_size);
void selected_chaining_destory(struct selected_chaining *chaining);
void selected_chaining_dump(struct selected_chaining *chaining);
void selected_chaining_bref(struct selected_chaining *chaining);
const char *session_action_reason_to_string(enum session_action_reason session_action_reason);
void policy_enforce_select_chaining(struct selected_chaining *chaining, struct policy_enforcer *enforcer, struct raw_pkt_parser *parser, int policy_id, int dir_is_internal, struct session_ctx *s_ctx);
#ifdef __cpluscplus #ifdef __cpluscplus
} }

103
platform/include/sce.h
View File

@@ -15,70 +15,85 @@ extern "C"
#define MAX_THREAD_NUM 128 #define MAX_THREAD_NUM 128
/****************************************************************************** /******************************************************************************
* Struct For Thread * Struct Thread Ctx
******************************************************************************/ ******************************************************************************/
struct thread_ctx struct thread_ctx
{ {
pthread_t tid; pthread_t tid;
int thread_index; int thread_index;
struct session_table *session_table;
struct sf_metrics *sf_metrics; struct sf_metrics *sf_metrics;
struct session_table *session_table;
struct packet_io *ref_io; struct packet_io *ref_io;
struct sce_ctx *ref_sce_ctx;
struct global_metrics *ref_metrics; struct global_metrics *ref_metrics;
struct policy_enforcer *ref_enforcer; struct policy_enforcer *ref_enforcer;
struct sce_ctx *ref_sce_ctx;
int session_table_need_reset; int session_table_need_reset;
}; };
/****************************************************************************** /******************************************************************************
* Struct For Session * Struct Metadata
******************************************************************************/ ******************************************************************************/
struct packet_info struct metadata
{ {
int dir_is_e2i; int write_ref;
struct addr_tuple4 tuple4; uint64_t session_id;
char *addr_string;
char *header_data; char *raw_data;
int header_len; int raw_len;
uint16_t l7offset;
int is_e2i_dir;
int is_ctrl_pkt;
int is_decrypted;
struct sids sids; struct sids sids;
struct route_ctx route_ctx; struct route_ctx route_ctx;
}; };
struct session_ctx struct metadata *metadata_new();
{ int metadata_is_empty(struct metadata *meta);
struct fixed_num_array policy_ids; void metadata_deep_copy(struct metadata *dst, struct metadata *src);
uint64_t session_id; void metadata_shadow_copy(struct metadata *dst, struct metadata *src);
void metadata_free(struct metadata *meta);
struct route_ctx raw_pkt_i2e_route_ctx; /******************************************************************************
struct route_ctx raw_pkt_e2i_route_ctx; * Struct Session Ctx
struct sids raw_pkt_i2e_sids;
struct sids raw_pkt_e2i_sids;
// depending on first control packet
struct packet_info first_ctrl_pkt;
struct selected_chaining *chaining;
struct thread_ctx *ref_thread_ctx;
};
struct session_ctx *session_ctx_new();
void session_ctx_free(struct session_ctx *ctx);
/******************************************************************************
* Struct For SCE
******************************************************************************/ ******************************************************************************/
struct sce_ctx struct session_ctx
{ {
uint64_t session_id;
char *session_addr;
struct addr_tuple4 inner_tuple4;
struct fixed_num_array policy_ids;
struct metadata *raw_meta_i2e;
struct metadata *raw_meta_e2i;
struct metadata *ctrl_meta;
struct selected_chainings chainings;
struct thread_ctx *ref_thread_ctx;
};
struct session_ctx *session_ctx_new();
void session_ctx_free(struct session_ctx *ctx);
/******************************************************************************
* Struct SCE Ctx
******************************************************************************/
struct sce_ctx
{
int enable_debug; int enable_debug;
int enable_send_log;
int firewall_sids; int firewall_sids;
int nr_worker_threads; int nr_worker_threads;
int ts_update_interval_ms; int ts_update_interval_ms;
@@ -90,10 +105,10 @@ extern "C"
struct global_metrics *metrics; struct global_metrics *metrics;
struct policy_enforcer *enforcer; struct policy_enforcer *enforcer;
struct thread_ctx work_threads[MAX_THREAD_NUM]; struct thread_ctx work_threads[MAX_THREAD_NUM];
}; };
struct sce_ctx *sce_ctx_create(const char *profile); struct sce_ctx *sce_ctx_create(const char *profile);
void sce_ctx_destory(struct sce_ctx *ctx); void sce_ctx_destory(struct sce_ctx *ctx);
#ifdef __cpluscplus #ifdef __cpluscplus
} }

349
platform/src/global_metrics.cpp
View File

@@ -8,49 +8,75 @@
enum SCE_STAT_FIELD enum SCE_STAT_FIELD
{ {
// dev endpoint // device_metrics
STAT_ENDPOINT_RX_PKT, STAT_DEVICE_NF_RX_PKT,
STAT_ENDPOINT_RX_B, STAT_DEVICE_NF_RX_B,
STAT_ENDPOINT_TX_PKT, STAT_DEVICE_NF_TX_PKT,
STAT_ENDPOINT_TX_B, STAT_DEVICE_NF_TX_B,
STAT_ENDPOINT_ERR_DROP_PKT, STAT_DEVICE_ENDPOINT_RX_PKT,
STAT_ENDPOINT_ERR_DROP_B, STAT_DEVICE_ENDPOINT_RX_B,
// hit block policy STAT_DEVICE_ENDPOINT_TX_PKT,
STAT_HIT_BLOCK_POLICY_PKT, STAT_DEVICE_ENDPOINT_TX_B,
STAT_HIT_BLOCK_POLICY_B,
// dev nf interface // keepalived_pkt_metrics
STAT_RAW_PKT_RX_PKT, STAT_KEE_PKT_DOWN_RX_PKT,
STAT_RAW_PKT_RX_B, STAT_KEE_PKT_DOWN_RX_B,
STAT_RAW_PKT_TX_PKT, STAT_KEE_PKT_DOWN_TX_PKT,
STAT_RAW_PKT_TX_B, STAT_KEE_PKT_DOWN_TX_B,
STAT_RAW_PKT_ERR_BYPASS_PKT, STAT_KEE_PKT_UP_RX_PKT,
STAT_RAW_PKT_ERR_BYPASS_B, STAT_KEE_PKT_UP_RX_B,
// hit bypass policy STAT_KEE_PKT_UP_TX_DROP_PKT,
STAT_HIT_BYPASS_POLICY_PKT, STAT_KEE_PKT_UP_TX_DROP_B,
STAT_HIT_BYPASS_POLICY_B,
// steering // raw_pkt_metrics
STAT_STEERING_TX_PKT, STAT_RAW_PKT_MIRR_BYPASS_PKT,
STAT_STEERING_TX_B, STAT_RAW_PKT_MIRR_BYPASS_B,
STAT_STEERING_RX_PKT,
STAT_STEERING_RX_B,
// mirroring STAT_RAW_PKT_MIRR_BLOCK_PKT,
STAT_MIRRORING_TX_PKT, STAT_RAW_PKT_MIRR_BLOCK_B,
STAT_MIRRORING_TX_B,
STAT_MIRRORING_RX_DROP_PKT,
STAT_MIRRORING_RX_DROP_B,
// control packet STAT_RAW_PKT_MIRR_RX_DROP_PKT,
STAT_CONTROL_RX_PKT, STAT_RAW_PKT_MIRR_RX_DROP_B,
STAT_CONTROL_RX_B,
STAT_RAW_PKT_MIRR_TX_PKT,
STAT_RAW_PKT_MIRR_TX_B,
STAT_RAW_PKT_STEE_BYPASS_PKT,
STAT_RAW_PKT_STEE_BYPASS_B,
STAT_RAW_PKT_STEE_BLOCK_PKT,
STAT_RAW_PKT_STEE_BLOCK_B,
STAT_RAW_PKT_STEE_RX_PKT,
STAT_RAW_PKT_STEE_RX_B,
STAT_RAW_PKT_STEE_TX_PKT,
STAT_RAW_PKT_STEE_TX_B,
STAT_RAW_PKT_MISS_SESS_PKT,
STAT_RAW_PKT_MISS_SESS_B,
STAT_RAW_PKT_ERROR_BYPASS_PKT,
STAT_RAW_PKT_ERROR_BYPASS_B,
STAT_RAW_PKT_ERROR_BLOCK_PKT,
STAT_RAW_PKT_ERROR_BLOCK_B,
STAT_DEVICE_ENDPOINT_DROP_PKT,
STAT_DEVICE_ENDPOINT_DROP_B,
// ctrl_pkt_metrics
STAT_CTRL_PKT_RX_PKT,
STAT_CTRL_PKT_RX_B,
STAT_CTRL_PKT_TX_PKT,
STAT_CTRL_PKT_TX_B,
STAT_CTRL_PKT_OPENING, STAT_CTRL_PKT_OPENING,
STAT_CTRL_PKT_ACTIVE, STAT_CTRL_PKT_ACTIVE,
@@ -58,21 +84,13 @@ enum SCE_STAT_FIELD
STAT_CTRL_PKT_RESETALL, STAT_CTRL_PKT_RESETALL,
STAT_CTRL_PKT_ERROR, STAT_CTRL_PKT_ERROR,
// current session number // sf_session_metrics
STAT_CURRENT_SESSION_NUMS, STAT_SF_SESSION_NUM,
STAT_SF_SESSION_LOG,
// keepalive packet // sf_status_metrics
STAT_DOWNLINK_KEEPALIVE_RX_PKT, STAT_SF_STATUS_ACTIVE,
STAT_DOWNLINK_KEEPALIVE_RX_B, STAT_SF_STATUS_INACTIVE,
STAT_UPLINK_KEEPALIVE_RX_PKT,
STAT_UPLINK_KEEPALIVE_RX_B,
// health check
STAT_SF_ACTIVE_TIMES,
STAT_SF_INACTIVE_TIMES,
// send log
STAT_SEND_LOG,
// max // max
STAT_MAX, STAT_MAX,
@@ -80,75 +98,93 @@ enum SCE_STAT_FIELD
static const char *stat_map[] = static const char *stat_map[] =
{ {
// dev endpoint // device_metrics
[STAT_ENDPOINT_RX_PKT] = "endp_rx_pkt", [STAT_DEVICE_NF_RX_PKT] = "nf_rx_pkt",
[STAT_ENDPOINT_RX_B] = "endp_rx_B", [STAT_DEVICE_NF_RX_B] = "nf_rx_B",
[STAT_ENDPOINT_TX_PKT] = "endp_tx_pkt", [STAT_DEVICE_NF_TX_PKT] = "nf_tx_pkt",
[STAT_ENDPOINT_TX_B] = "endp_tx_B", [STAT_DEVICE_NF_TX_B] = "nf_tx_B",
[STAT_ENDPOINT_ERR_DROP_PKT] = "endp_edrop_pkt", [STAT_DEVICE_ENDPOINT_RX_PKT] = "endp_rx_pkt",
[STAT_ENDPOINT_ERR_DROP_B] = "endp_edrop_B", [STAT_DEVICE_ENDPOINT_RX_B] = "endp_rx_B",
// hit block policy [STAT_DEVICE_ENDPOINT_TX_PKT] = "endp_tx_pkt",
[STAT_HIT_BLOCK_POLICY_PKT] = "hit_block_pkt", [STAT_DEVICE_ENDPOINT_TX_B] = "endp_tx_B",
[STAT_HIT_BLOCK_POLICY_B] = "hit_block_B",
// dev nf interface // keepalived_pkt_metrics
[STAT_RAW_PKT_RX_PKT] = "raw_rx_pkt", [STAT_KEE_PKT_DOWN_RX_PKT] = "kee_d_rx_pkt",
[STAT_RAW_PKT_RX_B] = "raw_rx_B", [STAT_KEE_PKT_DOWN_RX_B] = "kee_d_rx_B",
[STAT_RAW_PKT_TX_PKT] = "raw_tx_pkt", [STAT_KEE_PKT_DOWN_TX_PKT] = "kee_d_tx_pkt",
[STAT_RAW_PKT_TX_B] = "raw_tx_B", [STAT_KEE_PKT_DOWN_TX_B] = "kee_d_tx_B",
[STAT_RAW_PKT_ERR_BYPASS_PKT] = "raw_ebypass_pkt", [STAT_KEE_PKT_UP_RX_PKT] = "kee_u_rx_pkt",
[STAT_RAW_PKT_ERR_BYPASS_B] = "raw_ebypass_B", [STAT_KEE_PKT_UP_RX_B] = "kee_u_rx_B",
// hit bypass policy [STAT_KEE_PKT_UP_TX_DROP_PKT] = "kee_u_rxdop_pkt",
[STAT_HIT_BYPASS_POLICY_PKT] = "hit_bypass_pkt", [STAT_KEE_PKT_UP_TX_DROP_B] = "kee_u_rxdop_B",
[STAT_HIT_BYPASS_POLICY_B] = "hit_bypass_B",
// steering // raw_pkt_metrics
[STAT_STEERING_TX_PKT] = "stee_tx_pkt", [STAT_RAW_PKT_MIRR_BYPASS_PKT] = "mirr_bypass_pkt",
[STAT_STEERING_TX_B] = "stee_tx_B", [STAT_RAW_PKT_MIRR_BYPASS_B] = "mirr_bypass_B",
[STAT_STEERING_RX_PKT] = "stee_rx_pkt",
[STAT_STEERING_RX_B] = "stee_rx_B",
// mirroring [STAT_RAW_PKT_MIRR_BLOCK_PKT] = "mirr_block_pkt",
[STAT_MIRRORING_TX_PKT] = "mirr_tx_pkt", [STAT_RAW_PKT_MIRR_BLOCK_B] = "mirr_block_B",
[STAT_MIRRORING_TX_B] = "mirr_tx_B",
[STAT_MIRRORING_RX_DROP_PKT] = "mirr_rx_dop_pkt",
[STAT_MIRRORING_RX_DROP_B] = "mirr_rx_dop_B",
// control packet [STAT_RAW_PKT_MIRR_RX_DROP_PKT] = "mirr_rxdop_pkt",
[STAT_CONTROL_RX_PKT] = "ctrl_rx_pkt", [STAT_RAW_PKT_MIRR_RX_DROP_B] = "mirr_rxdop_B",
[STAT_CONTROL_RX_B] = "ctrl_rx_B",
[STAT_CTRL_PKT_OPENING] = "ctrl_pkt_open", [STAT_RAW_PKT_MIRR_TX_PKT] = "mirro_tx_pkt",
[STAT_CTRL_PKT_ACTIVE] = "ctrl_pkt_avtive", [STAT_RAW_PKT_MIRR_TX_B] = "mirro_tx_B",
[STAT_CTRL_PKT_CLOSING] = "ctrl_pkt_close",
[STAT_CTRL_PKT_RESETALL] = "ctrl_pkt_reset",
[STAT_CTRL_PKT_ERROR] = "ctrl_pkt_error",
// current session number [STAT_RAW_PKT_STEE_BYPASS_PKT] = "stee_bypass_pkt",
[STAT_CURRENT_SESSION_NUMS] = "curr_sess_num", [STAT_RAW_PKT_STEE_BYPASS_B] = "stee_bypass_B",
// keepalive packet [STAT_RAW_PKT_STEE_BLOCK_PKT] = "stee_block_pkt",
[STAT_DOWNLINK_KEEPALIVE_RX_PKT] = "dlnk_kep_rx_pkt", [STAT_RAW_PKT_STEE_BLOCK_B] = "stee_block_B",
[STAT_DOWNLINK_KEEPALIVE_RX_B] = "dlnk_kep_rx_B",
[STAT_UPLINK_KEEPALIVE_RX_PKT] = "ulnk_kep_rx_pkt",
[STAT_UPLINK_KEEPALIVE_RX_B] = "ulnk_kep_rx_B",
// health check [STAT_RAW_PKT_STEE_RX_PKT] = "stee_rx_pkt",
[STAT_SF_ACTIVE_TIMES] = "sf_active", [STAT_RAW_PKT_STEE_RX_B] = "stee_rx_B",
[STAT_SF_INACTIVE_TIMES] = "sf_inactive",
// send log [STAT_RAW_PKT_STEE_TX_PKT] = "stee_tx_pkt",
[STAT_SEND_LOG] = "send_log", [STAT_RAW_PKT_STEE_TX_B] = "stee_tx_B",
[STAT_RAW_PKT_MISS_SESS_PKT] = "miss_sess_pkt",
[STAT_RAW_PKT_MISS_SESS_B] = "miss_sess_B",
[STAT_RAW_PKT_ERROR_BYPASS_PKT] = "err_bypass_pkt",
[STAT_RAW_PKT_ERROR_BYPASS_B] = "err_bypass_B",
[STAT_RAW_PKT_ERROR_BLOCK_PKT] = "err_block_pkt",
[STAT_RAW_PKT_ERROR_BLOCK_B] = "err_block_B",
[STAT_DEVICE_ENDPOINT_DROP_PKT] = "endp_drop_pkt",
[STAT_DEVICE_ENDPOINT_DROP_B] = "endp_drop_B",
// ctrl_pkt_metrics
[STAT_CTRL_PKT_RX_PKT] = "ctrl_rx_pkt",
[STAT_CTRL_PKT_RX_B] = "ctrl_rx_B",
[STAT_CTRL_PKT_TX_PKT] = "ctrl_tx_pkt",
[STAT_CTRL_PKT_TX_B] = "ctrl_tx_B",
[STAT_CTRL_PKT_OPENING] = "ctrl_opening",
[STAT_CTRL_PKT_ACTIVE] = "ctrl_active",
[STAT_CTRL_PKT_CLOSING] = "ctrl_closing",
[STAT_CTRL_PKT_RESETALL] = "ctrl_resetall",
[STAT_CTRL_PKT_ERROR] = "ctrl_error",
// sf_session_metrics
[STAT_SF_SESSION_NUM] = "session_num",
[STAT_SF_SESSION_LOG] = "session_logs",
// sf_status_metrics
[STAT_SF_STATUS_ACTIVE] = "sf_active",
[STAT_SF_STATUS_INACTIVE] = "sf_inactive",
[STAT_MAX] = NULL}; [STAT_MAX] = NULL};
static void global_metrics_parse_config(const char *profile, struct global_metrics_config *config) static void global_metrics_parse_config(const char *profile, struct metrics_config *config)
{ {
MESA_load_profile_string_def(profile, "STAT", "output_file", config->output_file, sizeof(config->output_file), "log/sce.fs2"); MESA_load_profile_string_def(profile, "STAT", "output_file", config->output_file, sizeof(config->output_file), "log/sce.fs2");
MESA_load_profile_string_def(profile, "STAT", "statsd_server", config->statsd_server, sizeof(config->statsd_server), "127.0.0.1"); MESA_load_profile_string_def(profile, "STAT", "statsd_server", config->statsd_server, sizeof(config->statsd_server), "127.0.0.1");
@@ -231,73 +267,90 @@ void global_metrics_destory(struct global_metrics *metrics)
void global_metrics_dump(struct global_metrics *metrics) void global_metrics_dump(struct global_metrics *metrics)
{ {
// dev endpoint
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_rx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_TX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_tx.n_pkts), 0, __ATOMIC_RELAXED)); // device_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_TX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_tx.n_bytes), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_NF_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.nf_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_NF_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.nf_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_ERR_DROP_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_err_drop.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_NF_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.nf_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_ERR_DROP_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_err_drop.n_bytes), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_NF_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.nf_tx.n_bytes)));
// dev nf interface FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_rx.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_TX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_tx.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_TX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_tx.n_bytes), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_tx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERR_BYPASS_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_err_bypass.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_DROP_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_drop.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERR_BYPASS_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_err_bypass.n_bytes), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_DROP_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_drop.n_bytes)));
// hit block policy // raw_pkt_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_HIT_BLOCK_POLICY_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->hit_block_policy.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_BYPASS_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_bypass.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_HIT_BLOCK_POLICY_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->hit_block_policy.n_bytes), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_BYPASS_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_bypass.n_bytes)));
// hit bypass policy FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_BLOCK_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_block.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_HIT_BYPASS_POLICY_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->hit_bypass_policy.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_BLOCK_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_block.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_HIT_BYPASS_POLICY_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->hit_bypass_policy.n_bytes), 0, __ATOMIC_RELAXED));
// steering FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_RX_DROP_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_rx_drop.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_STEERING_TX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->steering_tx.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_RX_DROP_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_rx_drop.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_STEERING_TX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->steering_tx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_STEERING_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->steering_rx.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_STEERING_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->steering_rx.n_bytes), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_tx.n_bytes)));
// mirroring FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_BYPASS_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_bypass.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_MIRRORING_TX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->mirroring_tx.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_BYPASS_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_bypass.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_MIRRORING_TX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->mirroring_tx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_MIRRORING_RX_DROP_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->mirroring_rx_drop.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_BLOCK_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_block.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_MIRRORING_RX_DROP_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->mirroring_rx_drop.n_bytes), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_BLOCK_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_block.n_bytes)));
// keepalive packet FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DOWNLINK_KEEPALIVE_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->downlink_keepalive_pkt_rx.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DOWNLINK_KEEPALIVE_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->downlink_keepalive_pkt_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_UPLINK_KEEPALIVE_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->uplink_keepalive_pkt_rx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_UPLINK_KEEPALIVE_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->uplink_keepalive_pkt_rx.n_bytes), 0, __ATOMIC_RELAXED));
// control packet FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CONTROL_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_rx.n_pkts), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_tx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CONTROL_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_OPENING], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_opening_num), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MISS_SESS_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.miss_sess.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_ACTIVE], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_active_num), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MISS_SESS_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.miss_sess.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_CLOSING], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_closing_num), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_RESETALL], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_resetall_num), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_ERROR], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_error_num), 0, __ATOMIC_RELAXED));
// current session number FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERROR_BYPASS_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.error_bypass.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CURRENT_SESSION_NUMS], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->session_nums), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERROR_BYPASS_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.error_bypass.n_bytes)));
// health check FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERROR_BLOCK_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.error_block.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_ACTIVE_TIMES], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->sf_active_times), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERROR_BLOCK_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.error_block.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_INACTIVE_TIMES], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->sf_inactive_times), 0, __ATOMIC_RELAXED));
// send log // ctrl_pkt_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SEND_LOG], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->send_log), 0, __ATOMIC_RELAXED)); FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.tx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_OPENING], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.opening)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_ACTIVE], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.active)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_CLOSING], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.closing)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_RESETALL], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.resetall)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_ERROR], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.error)));
// keepalived_pkt_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_DOWN_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.downlink_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_DOWN_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.downlink_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_DOWN_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.downlink_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_DOWN_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.downlink_tx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_UP_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.uplink_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_UP_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.uplink_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_UP_TX_DROP_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.uplink_tx_drop.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_UP_TX_DROP_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.uplink_tx_drop.n_bytes)));
// sf_status_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_STATUS_ACTIVE], 0, FS_OP_SET, ATOMIC_READ(&(metrics->sf_status.active)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_STATUS_INACTIVE], 0, FS_OP_SET, ATOMIC_READ(&(metrics->sf_status.inactive)));
// sf_session_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_SESSION_NUM], 0, FS_OP_SET, ATOMIC_READ(&(metrics->sf_session.num)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_SESSION_LOG], 0, FS_OP_SET, ATOMIC_READ(&(metrics->sf_session.log)));
FS_passive_output(metrics->fs_handle); FS_passive_output(metrics->fs_handle);
} }

25
platform/src/main.cpp
View File

@@ -37,21 +37,6 @@ static void sig_handler(int signo)
} }
} }
static int thread_set_affinity(int core_id)
{
int num_cores = sysconf(_SC_NPROCESSORS_ONLN);
if (core_id < 0 || core_id >= num_cores)
{
return EINVAL;
}
cpu_set_t cpuset;
CPU_ZERO(&cpuset);
CPU_SET(core_id, &cpuset);
return pthread_setaffinity_np(pthread_self(), sizeof(cpu_set_t), &cpuset);
}
static void *worker_thread_cycle(void *arg) static void *worker_thread_cycle(void *arg)
{ {
struct thread_ctx *thread_ctx = (struct thread_ctx *)arg; struct thread_ctx *thread_ctx = (struct thread_ctx *)arg;
@@ -78,8 +63,8 @@ static void *worker_thread_cycle(void *arg)
while (1) while (1)
{ {
n_pkt_recv_from_nf = packet_io_polling_nf_interface(handle, thread_ctx->thread_index, thread_ctx); n_pkt_recv_from_nf = packet_io_thread_polling_nf(handle, thread_ctx);
n_pkt_recv_from_endp = packet_io_polling_endpoint(handle, thread_ctx->thread_index, thread_ctx); n_pkt_recv_from_endp = packet_io_thread_polling_endpoint(handle, thread_ctx);
if (n_pkt_recv_from_nf == 0 && n_pkt_recv_from_endp == 0) if (n_pkt_recv_from_nf == 0 && n_pkt_recv_from_endp == 0)
{ {
timeout_ms = sf_metrics_last_send_ts + sf_metrics_send_interval - timestamp_get_msec(ts); timeout_ms = sf_metrics_last_send_ts + sf_metrics_send_interval - timestamp_get_msec(ts);
@@ -91,10 +76,10 @@ static void *worker_thread_cycle(void *arg)
packet_io_thread_wait(handle, thread_ctx, timeout_ms); packet_io_thread_wait(handle, thread_ctx, timeout_ms);
} }
if (__atomic_fetch_add(&thread_ctx->session_table_need_reset, 0, __ATOMIC_RELAXED) > 0) if (ATOMIC_READ(&thread_ctx->session_table_need_reset) > 0)
{ {
session_table_reset(thread_ctx->session_table); session_table_reset(thread_ctx->session_table);
__atomic_fetch_and(&thread_ctx->session_table_need_reset, 0, __ATOMIC_RELAXED); ATOMIC_ZERO(&thread_ctx->session_table_need_reset);
} }
if (timestamp_get_msec(ts) - sf_metrics_last_send_ts >= sf_metrics_send_interval) if (timestamp_get_msec(ts) - sf_metrics_last_send_ts >= sf_metrics_send_interval)
@@ -131,12 +116,12 @@ int main(int argc, char **argv)
return 0; return 0;
} }
} }
fprintf(stderr, "TSG Service Chaining Engine, Version: %s\n", __sce_version);
if (LOG_INIT("./conf/zlog.conf") == -1) if (LOG_INIT("./conf/zlog.conf") == -1)
{ {
return -1; return -1;
} }
LOG_ERROR("%s: TSG Service Chaining Engine, Version: %s Start ...", LOG_TAG_SCE, __sce_version);
if (signal(SIGHUP, sig_handler) == SIG_ERR) if (signal(SIGHUP, sig_handler) == SIG_ERR)
{ {

2240
platform/src/packet_io.cpp
View File

File diff suppressed because it is too large Load Diff

510
platform/src/policy.cpp
View File

@@ -150,88 +150,14 @@ struct sf_param
* Private API * Private API
******************************************************************************/ ******************************************************************************/
static const char *traffic_type_to_string(enum traffic_type traffic_type) static const char *admin_status_to_string(enum admin_status admin_status)
{ {
switch (traffic_type) switch (admin_status)
{ {
case TRAFFIC_TYPE_NONE: case ADMMIN_STATUS_ACTIVE:
return "none"; return "active";
case TRAFFIC_TYPE_RAW: case ADMMIN_STATUS_INACTIVE:
return "raw"; return "inactive";
case TRAFFIC_TYPE_DECRYPTED:
return "decrypted";
default:
return "unknown";
}
}
static const char *forward_type_to_string(enum forward_type forward_type)
{
switch (forward_type)
{
case FORWARD_TYPE_NONE:
return "none";
case FORWARD_TYPE_STEERING:
return "steering";
case FORWARD_TYPE_MIRRORING:
return "mirroring";
default:
return "unknown";
}
}
static const char *session_action_to_string(enum session_action session_action)
{
switch (session_action)
{
case SESSION_ACTION_BYPASS:
return "bypass";
case SESSION_ACTION_FORWARD:
return "forward";
case SESSION_ACTION_BLOCK:
return "block";
default:
return "unknown";
}
}
const char *session_action_reason_to_string(enum session_action_reason session_action_reason)
{
switch (session_action_reason)
{
case ACTION_BYPASS_DUE_DEFAULT:
return "bypass_due_default";
case ACTION_BYPASS_DUE_HEALTH_SF_LIMIT:
return "bypass_due_health_sf_limit";
case ACTION_BYPASS_DUE_UNAVAILABLE_ACTION:
return "bypass_due_unavailable_action";
case ACTION_BYPASS_DUE_FAILURE_ACTION:
return "bypass_due_failure_action";
case ACTION_BYPASS_DUE_INVALID_POLICY:
return "bypass_due_invalid_policy";
case ACTION_BLOCK_DUE_UNAVAILABLE_ACTION:
return "block_due_unavailable_action";
case ACTION_BLOCK_DUE_FAILURE_ACTION:
return "block_due_failure_action";
case ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF:
return "forward_due_selected_available_sf";
default:
return "unknown";
}
}
static const char *package_method_to_string(enum package_method package_method)
{
switch (package_method)
{
case PACKAGE_METHOD_NONE:
return "none";
case PACKAGE_METHOD_LAYER2_SWITCH:
return "layer2_switch";
case PACKAGE_METHOD_LAYER3_SWITCH:
return "layer3_switch";
case PACKAGE_METHOD_VXLAN_G:
return "vxlan_g";
default: default:
return "unknown"; return "unknown";
} }
@@ -380,12 +306,10 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
} }
if (strcasecmp(item->valuestring, "raw") == 0) if (strcasecmp(item->valuestring, "raw") == 0)
{ {
LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: raw", LOG_TAG_POLICY, param->policy_id);
param->traffic_type = TRAFFIC_TYPE_RAW; param->traffic_type = TRAFFIC_TYPE_RAW;
} }
else if (strcasecmp(item->valuestring, "decrypted") == 0) else if (strcasecmp(item->valuestring, "decrypted") == 0)
{ {
LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: decrypted", LOG_TAG_POLICY, param->policy_id);
param->traffic_type = TRAFFIC_TYPE_DECRYPTED; param->traffic_type = TRAFFIC_TYPE_DECRYPTED;
} }
else else
@@ -393,6 +317,7 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line); LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
goto error_out; goto error_out;
} }
LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: %s", LOG_TAG_POLICY, param->policy_id, traffic_type_to_string(param->traffic_type));
// sff_profiles // sff_profiles
item = cJSON_GetObjectItem(json, "sff_profiles"); item = cJSON_GetObjectItem(json, "sff_profiles");
@@ -525,16 +450,15 @@ static void sff_param_new_cb(int table_id, const char *key, const char *table_li
{ {
case 1: case 1:
param->sff_forward_type = FORWARD_TYPE_STEERING; param->sff_forward_type = FORWARD_TYPE_STEERING;
LOG_DEBUG("%s: parse sff profile: %d, type: steering", LOG_TAG_POLICY, param->sff_profile_id);
break; break;
case 2: case 2:
param->sff_forward_type = FORWARD_TYPE_MIRRORING; param->sff_forward_type = FORWARD_TYPE_MIRRORING;
LOG_DEBUG("%s: parse sff profile: %d, type: mirroring", LOG_TAG_POLICY, param->sff_profile_id);
break; break;
default: default:
LOG_ERROR("%s: unexpected sff profile: (invalid type param) %s", LOG_TAG_POLICY, table_line); LOG_ERROR("%s: unexpected sff profile: (invalid type param) %s", LOG_TAG_POLICY, table_line);
goto error_out; goto error_out;
} }
LOG_DEBUG("%s: parse sff profile: %d, type: %s", LOG_TAG_POLICY, param->sff_profile_id, forward_type_to_string(param->sff_forward_type));
// load_balance_method // load_balance_method
if (0 == strcasecmp(load_balance_method, "hash-int-ip")) if (0 == strcasecmp(load_balance_method, "hash-int-ip"))
@@ -762,16 +686,15 @@ static void sf_param_new_cb(int table_id, const char *key, const char *table_lin
{ {
case 1: case 1:
param->sf_admin_status = ADMMIN_STATUS_ACTIVE; param->sf_admin_status = ADMMIN_STATUS_ACTIVE;
LOG_DEBUG("%s: parse sf profile: %d, admin_status: active", LOG_TAG_POLICY, param->sf_profile_id);
break; break;
case 0: case 0:
param->sf_admin_status = ADMMIN_STATUS_INACTIVE; param->sf_admin_status = ADMMIN_STATUS_INACTIVE;
LOG_DEBUG("%s: parse sf profile: %d, admin_status: inactive", LOG_TAG_POLICY, param->sf_profile_id);
break; break;
default: default:
LOG_ERROR("%s: unexpected sf profile: (invalid admin_status param) %s", LOG_TAG_POLICY, table_line); LOG_ERROR("%s: unexpected sf profile: (invalid admin_status param) %s", LOG_TAG_POLICY, table_line);
goto error_out; goto error_out;
} }
LOG_DEBUG("%s: parse sf profile: %d, admin_status: %s", LOG_TAG_POLICY, param->sf_profile_id, admin_status_to_string(param->sf_admin_status));
// connectivity // connectivity
root1 = cJSON_Parse(connectivity); root1 = cJSON_Parse(connectivity);
@@ -804,7 +727,7 @@ static void sf_param_new_cb(int table_id, const char *key, const char *table_lin
LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->method param) %s", LOG_TAG_POLICY, table_line); LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->method param) %s", LOG_TAG_POLICY, table_line);
goto error_out; goto error_out;
} }
LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, item->valuestring); LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, package_method_to_string(param->sf_connectivity.method));
if (param->sf_connectivity.method == PACKAGE_METHOD_LAYER2_SWITCH || param->sf_connectivity.method == PACKAGE_METHOD_LAYER3_SWITCH) if (param->sf_connectivity.method == PACKAGE_METHOD_LAYER2_SWITCH || param->sf_connectivity.method == PACKAGE_METHOD_LAYER3_SWITCH)
{ {
@@ -979,7 +902,7 @@ static void sf_param_free(struct sf_param *param)
} }
// After return must check array elem nums // After return must check array elem nums
static void select_sf_by_nearby_and_active(struct policy_enforcer *enforcer, struct sff_param *sff_param, struct fixed_num_array *array) static void select_sf_by_nearby_and_adminstatus(struct policy_enforcer *enforcer, struct sff_param *sff_param, struct fixed_num_array *array)
{ {
char buffer[16]; char buffer[16];
struct sf_param *sf = NULL; struct sf_param *sf = NULL;
@@ -1019,14 +942,14 @@ static void select_sf_by_nearby_and_active(struct policy_enforcer *enforcer, str
// return : SESSION_ACTION_BYPASS, not care selected_sf_profile_id // return : SESSION_ACTION_BYPASS, not care selected_sf_profile_id
// return : SESSION_ACTION_BLOCK, not care selected_sf_profile_id // return : SESSION_ACTION_BLOCK, not care selected_sf_profile_id
// return : SESSION_ACTION_FORWARD, care selected_sf_profile_id // return : SESSION_ACTION_FORWARD, care selected_sf_profile_id
static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforcer *enforcer, struct sff_param *sff_param, struct fixed_num_array *array, int *selected_sf_profile_id, enum session_action_reason *sf_action_reason, char *sf_dst_mac, struct session_ctx *s_ctx) static enum session_action select_sf_by_ldbc(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct sff_param *sff_param, struct selected_sf *sf, struct fixed_num_array *array, uint64_t hash)
{ {
struct thread_ctx *thread = (struct thread_ctx *)s_ctx->ref_thread_ctx; struct thread_ctx *thread = (struct thread_ctx *)s_ctx->ref_thread_ctx;
struct global_metrics *g_metrics = thread->ref_metrics; struct global_metrics *g_metrics = thread->ref_metrics;
struct sf_param *sf = NULL; struct sf_param *sf_param = NULL;
char buffer[16]; char buffer[16];
*selected_sf_profile_id = -1; sf->sf_profile_id = -1;
int sf_profile_id = 0; int sf_profile_id = 0;
int sf_profile_index = 0; int sf_profile_index = 0;
int sf_profile_num = 0; int sf_profile_num = 0;
@@ -1041,28 +964,28 @@ static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforc
memset(&buffer, 0, sizeof(buffer)); memset(&buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%u", sf_profile_id); snprintf(buffer, sizeof(buffer), "%u", sf_profile_id);
sf = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer); sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
if (sf == NULL) if (sf_param == NULL)
{ {
LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sf_profile_id); LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sf_profile_id);
fixed_num_array_del_elem(array, sf_profile_id); fixed_num_array_del_elem(array, sf_profile_id);
continue; continue;
} }
health_check_session_id = sf->health_check_session_id; health_check_session_id = sf_param->health_check_session_id;
sf_param_free(sf); sf_param_free(sf_param);
memset(sf_dst_mac, 0, 32); memset(sf->sf_dst_mac, 0, 32);
if (health_check_session_get_mac(health_check_session_id, sf_dst_mac) == 0) if (health_check_session_get_mac(health_check_session_id, sf->sf_dst_mac) == 0)
{ {
__atomic_fetch_add(&g_metrics->sf_active_times, 1, __ATOMIC_RELAXED); ATOMIC_INC(&(g_metrics->sf_status.active));
*selected_sf_profile_id = sf_profile_id; sf->sf_profile_id = sf_profile_id;
*sf_action_reason = ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF; sf->sf_action_reason = ACTION_FORWAED_DUE_SELECTED_SF;
return SESSION_ACTION_FORWARD; return SESSION_ACTION_FORWARD;
} }
else else
{ {
__atomic_fetch_add(&g_metrics->sf_inactive_times, 1, __ATOMIC_RELAXED); ATOMIC_INC(&(g_metrics->sf_status.inactive));
if (sff_param->sff_exception.fail_action == FAILURE_ACTION_RE_DISPATCH) if (sff_param->sff_exception.fail_action == FAILURE_ACTION_RE_DISPATCH)
{ {
@@ -1071,7 +994,7 @@ static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforc
if (sff_param->sff_exception.health_service_func_lt > 0 && sf_profile_num < sff_param->sff_exception.health_service_func_lt) if (sff_param->sff_exception.health_service_func_lt > 0 && sf_profile_num < sff_param->sff_exception.health_service_func_lt)
{ {
*sf_action_reason = ACTION_BYPASS_DUE_HEALTH_SF_LIMIT; sf->sf_action_reason = ACTION_BYPASS_DUE_HEALTH_SF_LIMIT;
return SESSION_ACTION_BYPASS; return SESSION_ACTION_BYPASS;
} }
else else
@@ -1080,12 +1003,12 @@ static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforc
{ {
if (sff_param->sff_exception.unavail_action == UNAVAILABLE_ACTION_BYPASSS) if (sff_param->sff_exception.unavail_action == UNAVAILABLE_ACTION_BYPASSS)
{ {
*sf_action_reason = ACTION_BYPASS_DUE_UNAVAILABLE_ACTION; sf->sf_action_reason = ACTION_BYPASS_DUE_UNAVAILABLE_ACTION;
return SESSION_ACTION_BYPASS; return SESSION_ACTION_BYPASS;
} }
else else
{ {
*sf_action_reason = ACTION_BLOCK_DUE_UNAVAILABLE_ACTION; sf->sf_action_reason = ACTION_BLOCK_DUE_UNAVAILABLE_ACTION;
return SESSION_ACTION_BLOCK; return SESSION_ACTION_BLOCK;
} }
} }
@@ -1097,20 +1020,20 @@ static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforc
} }
else if (sff_param->sff_exception.fail_action == FAILURE_ACTION_BYPASS) else if (sff_param->sff_exception.fail_action == FAILURE_ACTION_BYPASS)
{ {
*selected_sf_profile_id = sf_profile_id; sf->sf_profile_id = sf_profile_id;
*sf_action_reason = ACTION_BYPASS_DUE_FAILURE_ACTION; sf->sf_action_reason = ACTION_BYPASS_DUE_FAILURE_ACTION;
return SESSION_ACTION_BYPASS; return SESSION_ACTION_BYPASS;
} }
else if (sff_param->sff_exception.fail_action == FAILURE_ACTION_BLOCK) else if (sff_param->sff_exception.fail_action == FAILURE_ACTION_BLOCK)
{ {
*selected_sf_profile_id = sf_profile_id; sf->sf_profile_id = sf_profile_id;
*sf_action_reason = ACTION_BLOCK_DUE_FAILURE_ACTION; sf->sf_action_reason = ACTION_BLOCK_DUE_FAILURE_ACTION;
return SESSION_ACTION_BLOCK; return SESSION_ACTION_BLOCK;
} }
} }
}; };
*sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY; sf->sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY;
return SESSION_ACTION_BYPASS; return SESSION_ACTION_BYPASS;
} }
@@ -1130,10 +1053,228 @@ static void selected_sf_init(struct selected_sf *item)
} }
} }
static void connectivity_copy(struct connectivity *dst, struct connectivity *src)
{
if (dst && src)
{
dst->method = src->method;
dst->int_vlan_tag = src->int_vlan_tag;
dst->ext_vlan_tag = src->ext_vlan_tag;
memcpy(dst->dest_ip, src->dest_ip, sizeof(dst->dest_ip));
}
}
/****************************************************************************** /******************************************************************************
* Public API * Public API
******************************************************************************/ ******************************************************************************/
const char *traffic_type_to_string(enum traffic_type traffic_type)
{
switch (traffic_type)
{
case TRAFFIC_TYPE_NONE:
return "none";
case TRAFFIC_TYPE_RAW:
return "raw";
case TRAFFIC_TYPE_DECRYPTED:
return "decrypted";
default:
return "unknown";
}
}
const char *forward_type_to_string(enum forward_type forward_type)
{
switch (forward_type)
{
case FORWARD_TYPE_NONE:
return "none";
case FORWARD_TYPE_STEERING:
return "steering";
case FORWARD_TYPE_MIRRORING:
return "mirroring";
default:
return "unknown";
}
}
const char *session_action_to_string(enum session_action session_action)
{
switch (session_action)
{
case SESSION_ACTION_BYPASS:
return "bypass";
case SESSION_ACTION_FORWARD:
return "forward";
case SESSION_ACTION_BLOCK:
return "block";
default:
return "unknown";
}
}
const char *action_reason_to_string(enum action_reason action_reason)
{
switch (action_reason)
{
case ACTION_BYPASS_DUE_DEFAULT:
return "bypass_due_default";
case ACTION_BYPASS_DUE_HEALTH_SF_LIMIT:
return "bypass_due_health_sf_limit";
case ACTION_BYPASS_DUE_UNAVAILABLE_ACTION:
return "bypass_due_unavailable_action";
case ACTION_BYPASS_DUE_FAILURE_ACTION:
return "bypass_due_failure_action";
case ACTION_BYPASS_DUE_INVALID_POLICY:
return "bypass_due_invalid_policy";
case ACTION_BLOCK_DUE_UNAVAILABLE_ACTION:
return "block_due_unavailable_action";
case ACTION_BLOCK_DUE_FAILURE_ACTION:
return "block_due_failure_action";
case ACTION_FORWAED_DUE_SELECTED_SF:
return "forward_due_selected_sf";
default:
return "unknown";
}
}
const char *package_method_to_string(enum package_method package_method)
{
switch (package_method)
{
case PACKAGE_METHOD_NONE:
return "none";
case PACKAGE_METHOD_LAYER2_SWITCH:
return "layer2_switch";
case PACKAGE_METHOD_LAYER3_SWITCH:
return "layer3_switch";
case PACKAGE_METHOD_VXLAN_G:
return "vxlan_g";
default:
return "unknown";
}
}
// return NULL : error
// return !NULL : success
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr)
{
struct selected_chaining *chaining = (struct selected_chaining *)calloc(1, sizeof(struct selected_chaining));
assert(chaining);
chaining->chaining_used = 0;
chaining->chaining_size = chaining_size;
chaining->chaining = (struct selected_sf *)calloc(chaining->chaining_size, sizeof(struct selected_sf));
assert(chaining->chaining);
for (int i = 0; i < chaining->chaining_size; i++)
{
struct selected_sf *item = &(chaining->chaining[i]);
selected_sf_init(item);
}
chaining->session_id = session_id;
chaining->session_addr = session_addr;
return chaining;
}
void selected_chaining_destory(struct selected_chaining *chaining)
{
if (chaining)
{
if (chaining->chaining)
{
free(chaining->chaining);
chaining->chaining = NULL;
}
free(chaining);
chaining = NULL;
}
}
void selected_chaining_dump(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
LOG_DEBUG("%s: selected_chaining: NULL", LOG_TAG_POLICY);
return;
}
LOG_DEBUG("%s: session %lu %s selected_chaining->chaining_size : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, chaining->chaining_size);
LOG_DEBUG("%s: session %lu %s selected_chaining->chaining_used : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, chaining->chaining_used);
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->policy_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->policy_id);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_to_string(node->traffic_type));
// sff
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, forward_type_to_string(node->sff_forward_type));
// sf
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_profile_id);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_need_skip : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_need_skip);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, session_action_to_string(node->sf_action));
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action_reason : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, action_reason_to_string(node->sf_action_reason));
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->package_method : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, package_method_to_string(node->sf_connectivity.method));
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->int_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.int_vlan_tag);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->ext_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.ext_vlan_tag);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->dest_ip : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.dest_ip);
}
}
void selected_chaining_bref(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
return;
}
char buff[4096] = {0};
int buff_used = 0;
int buff_size = sizeof(buff);
buff_used += snprintf(buff + buff_used, buff_size - buff_used, "chaining_size:%d, chaining_used:%d, {", chaining->chaining_size, chaining->chaining_used);
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
if (buff_size - buff_used > 0)
{
if (i != 0)
{
buff_used += snprintf(buff + buff_used, buff_size - buff_used, ",");
}
buff_used += snprintf(buff + buff_used, buff_size - buff_used,
"\"node[%d]\":{\"skip\":%d,\"policy_id\":%d,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"traffic_type\":\"%s\",\"sff_forward_type\":\"%s\",\"sf_action\":\"%s\",\"reason\":\"%s\"}",
i, node->sf_need_skip, node->policy_id, node->sff_profile_id, node->sf_profile_id,
traffic_type_to_string(node->traffic_type), forward_type_to_string(node->sff_forward_type), session_action_to_string(node->sf_action), action_reason_to_string(node->sf_action_reason));
}
}
LOG_INFO("%s: session %lu %s selected_chaining_bref: %s}", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, buff);
}
void selected_chaining_uniq(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
return;
}
// Selected Service Chaining Before Unique : [1,2,3,1,2]
// Selected Service Chaining After Unique : [1,2,3]
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node_i = &(chaining->chaining[i]);
for (int j = 0; j < i; j++)
{
struct selected_sf *node_j = &(chaining->chaining[j]);
if (node_i->sf_profile_id == node_j->sf_profile_id)
{
node_i->sf_need_skip = 1;
break;
}
}
}
}
// return NULL : error // return NULL : error
// return !NULL : success // return !NULL : success
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger) struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger)
@@ -1261,15 +1402,11 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer)
} }
} }
int policy_enforce_max_chaining_size(struct policy_enforcer *enforcer)
{
return enforcer->config.max_chaining_size;
}
// return 0 : success // return 0 : success
// return -1 : error // return -1 : error
int policy_enforcer_register(struct policy_enforcer *enforcer) int policy_enforcer_register(struct policy_enforcer *enforcer)
{ {
LOG_INFO("%s: register policy callback ...", LOG_TAG_POLICY);
enforcer->compile_table_id = Maat_table_register(enforcer->maat, "SERVICE_CHAINING_COMPILE"); enforcer->compile_table_id = Maat_table_register(enforcer->maat, "SERVICE_CHAINING_COMPILE");
if (enforcer->compile_table_id < 0) if (enforcer->compile_table_id < 0)
{ {
@@ -1320,117 +1457,43 @@ int policy_enforcer_register(struct policy_enforcer *enforcer)
LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY); LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY);
return -1; return -1;
} }
LOG_INFO("%s: register policy callback success", LOG_TAG_POLICY);
return 0; return 0;
} }
// return NULL : error int policy_enforce_chaining_size(struct policy_enforcer *enforcer)
// return !NULL : success
struct selected_chaining *selected_chaining_create(int chaining_size)
{ {
struct selected_chaining *chaining = (struct selected_chaining *)calloc(1, sizeof(struct selected_chaining)); return enforcer->config.max_chaining_size;
assert(chaining);
chaining->chaining_used = 0;
chaining->chaining_size = chaining_size;
chaining->chaining = (struct selected_sf *)calloc(chaining->chaining_size, sizeof(struct selected_sf));
assert(chaining->chaining);
for (int i = 0; i < chaining->chaining_size; i++)
{
struct selected_sf *item = &(chaining->chaining[i]);
selected_sf_init(item);
}
return chaining;
} }
void selected_chaining_destory(struct selected_chaining *chaining) void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e)
{ {
if (chaining)
{
if (chaining->chaining)
{
free(chaining->chaining);
chaining->chaining = NULL;
}
free(chaining);
chaining = NULL;
}
}
void selected_chaining_dump(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
LOG_DEBUG("%s: selected_chaining: NULL", LOG_TAG_POLICY);
return;
}
LOG_DEBUG("%s: selected_chaining->chaining_size : %d", LOG_TAG_POLICY, chaining->chaining_size);
LOG_DEBUG("%s: selected_chaining->chaining_used : %d", LOG_TAG_POLICY, chaining->chaining_used);
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_DEBUG("%s: selected_chaining->node[%d]->policy_id : %d", LOG_TAG_POLICY, i, node->policy_id);
LOG_DEBUG("%s: selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, i, traffic_type_to_string(node->traffic_type));
// sff
LOG_DEBUG("%s: selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, i, node->sff_profile_id);
LOG_DEBUG("%s: selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, i, forward_type_to_string(node->sff_forward_type));
// sf
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_profile_id : %d", LOG_TAG_POLICY, i, node->sf_profile_id);
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_need_skip : %d", LOG_TAG_POLICY, i, node->sf_need_skip);
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_action : %s", LOG_TAG_POLICY, i, session_action_to_string(node->sf_action));
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_action_reason : %s", LOG_TAG_POLICY, i, session_action_reason_to_string(node->sf_action_reason));
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_connectivity->package_method : %s", LOG_TAG_POLICY, i, package_method_to_string(node->sf_connectivity.method));
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_connectivity->int_vlan_tag : %d", LOG_TAG_POLICY, i, node->sf_connectivity.int_vlan_tag);
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_connectivity->ext_vlan_tag : %d", LOG_TAG_POLICY, i, node->sf_connectivity.ext_vlan_tag);
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_connectivity->dest_ip : %s", LOG_TAG_POLICY, i, node->sf_connectivity.dest_ip);
}
}
void selected_chaining_bref(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
return;
}
char buff[4096] = {0};
int buff_used = 0;
int buff_size = sizeof(buff);
buff_used += snprintf(buff + buff_used, buff_size - buff_used, "chaining_size:%d, chaining_used:%d, {", chaining->chaining_size, chaining->chaining_used);
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
if (buff_size - buff_used > 0)
{
buff_used += snprintf(buff + buff_used, buff_size - buff_used, "\"node[%d]\":{\"skip\":%d,\"reason\":\"%s\",\"policy_id\":%d,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"sff_forward_type\":\"%s\"}, ", i, node->sf_need_skip, session_action_reason_to_string(node->sf_action_reason), node->policy_id, node->sff_profile_id, node->sf_profile_id, forward_type_to_string(node->sff_forward_type));
}
}
LOG_DEBUG("%s: selected_chaining_bref: %s}", LOG_TAG_POLICY, buff);
}
void policy_enforce_select_chaining(struct selected_chaining *chaining, struct policy_enforcer *enforcer, struct raw_pkt_parser *parser, int policy_id, int dir_is_internal, struct session_ctx *s_ctx)
{
struct thread_ctx *thread = (struct thread_ctx *)s_ctx->ref_thread_ctx;
struct global_metrics *g_metrics = thread->ref_metrics;
uint64_t hash_value = 0; uint64_t hash_value = 0;
char buffer[16] = {0}; char buffer[16] = {0};
struct sf_param *sf_param = NULL; struct sf_param *sf_param = NULL;
struct sff_param *sff_param = NULL; struct sff_param *sff_param = NULL;
struct fixed_num_array array = {0}; struct fixed_num_array array = {0};
struct chaining_param *chaining_param = NULL; struct chaining_param *chaining_param = NULL;
struct selected_chaining *chaining = NULL;
snprintf(buffer, sizeof(buffer), "%d", policy_id); snprintf(buffer, sizeof(buffer), "%d", policy_id);
chaining_param = (struct chaining_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->compile_table_id, buffer); chaining_param = (struct chaining_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->compile_table_id, buffer);
if (chaining_param == NULL) if (chaining_param == NULL)
{ {
LOG_ERROR("%s: failed to get chaining parameter of policy %d", LOG_TAG_POLICY, policy_id); LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %d", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, policy_id);
return; return;
} }
LOG_DEBUG("%s: enforce chaining policy %d", LOG_TAG_POLICY, policy_id);
if (chaining_param->traffic_type == TRAFFIC_TYPE_RAW)
{
chaining = chainings->chaining_raw;
}
else
{
chaining = chainings->chaining_decrypted;
}
LOG_INFO("%s: session %lu %s enforce %s chaining policy %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), policy_id);
for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++) for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++)
{ {
@@ -1447,19 +1510,18 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
sff_param = (struct sff_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sff_table_id, buffer); sff_param = (struct sff_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sff_table_id, buffer);
if (sff_param == NULL) if (sff_param == NULL)
{ {
LOG_ERROR("%s: failed to get sff parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, item->sff_profile_id); LOG_ERROR("%s: session %lu %s failed to get sff parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sff_profile_id);
item->sf_action = SESSION_ACTION_BYPASS; item->sf_action = SESSION_ACTION_BYPASS;
item->sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY; item->sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY;
chaining->chaining_used++; chaining->chaining_used++;
continue; continue;
} }
item->sff_forward_type = sff_param->sff_forward_type; item->sff_forward_type = sff_param->sff_forward_type;
LOG_DEBUG("%s: chaining policy %d -> sff_profile %d sf_profile_ids_num %d (before filter nearby and active)", LOG_TAG_POLICY, policy_id, item->sff_profile_id, sff_param->sf_profile_ids_num);
memset(&array, 0, sizeof(array)); memset(&array, 0, sizeof(array));
fixed_num_array_init(&array); fixed_num_array_init(&array);
select_sf_by_nearby_and_active(enforcer, sff_param, &array); select_sf_by_nearby_and_adminstatus(enforcer, sff_param, &array);
LOG_DEBUG("%s: chaining policy %d -> sff_profile %d sf_profile_ids_num %d (after filter nearby and active)", LOG_TAG_POLICY, policy_id, item->sff_profile_id, fixed_num_array_count_elem(&array)); LOG_DEBUG("%s: session %lu %s select sf from chaining policy %d sff_profile %d, sf_profile_num (before filter: %d -> filter nearby/admin_status: %d)", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, sff_param->sf_profile_ids_num, fixed_num_array_count_elem(&array));
if (fixed_num_array_count_elem(&array) == 0) if (fixed_num_array_count_elem(&array) == 0)
{ {
switch (sff_param->sff_exception.fail_action) switch (sff_param->sff_exception.fail_action)
@@ -1485,15 +1547,14 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
} }
break; break;
} }
LOG_DEBUG("%s: chaining policy %d -> sff_profile %d, no sf available after filtering by 'nearby & active', %s", LOG_TAG_POLICY, policy_id, item->sff_profile_id, session_action_reason_to_string(item->sf_action_reason)); LOG_DEBUG("%s: session %lu %s select sf frome chaining policy %d sff_profile %d, no sf available after filtering by 'nearby & admin_status', %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, action_reason_to_string(item->sf_action_reason));
chaining->chaining_used++; chaining->chaining_used++;
sff_param_free(sff_param); sff_param_free(sff_param);
continue; continue;
} }
hash_value = raw_packet_parser_get_hash_value(parser, sff_param->sff_ldbc.method, dir_is_internal); hash_value = raw_packet_parser_get_hash_value(parser, sff_param->sff_ldbc.method, dir_is_i2e);
item->sf_action = select_sf_by_ldbc(hash_value, enforcer, sff_param, &array, &(item->sf_profile_id), &(item->sf_action_reason), item->sf_dst_mac, s_ctx); item->sf_action = select_sf_by_ldbc(enforcer, s_ctx, sff_param, item, &array, hash_value);
LOG_DEBUG("%s: chaining policy %d -> sff_profile %d sf_profile_ids_num %d (after filter ldbc)", LOG_TAG_POLICY, policy_id, item->sff_profile_id, fixed_num_array_count_elem(&array));
if (item->sf_action != SESSION_ACTION_FORWARD) if (item->sf_action != SESSION_ACTION_FORWARD)
{ {
chaining->chaining_used++; chaining->chaining_used++;
@@ -1506,7 +1567,7 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer); sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
if (sf_param == NULL) if (sf_param == NULL)
{ {
LOG_ERROR("%s: failed to get sf parameter of selected profile %d, bypass current sff !!!", LOG_TAG_POLICY, item->sf_profile_id); LOG_ERROR("%s: session %lu %s failed to get sf parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sf_profile_id);
item->sf_action = SESSION_ACTION_BYPASS; item->sf_action = SESSION_ACTION_BYPASS;
item->sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY; item->sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY;
chaining->chaining_used++; chaining->chaining_used++;
@@ -1514,33 +1575,14 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
continue; continue;
} }
item->sf_connectivity.method = sf_param->sf_connectivity.method; connectivity_copy(&item->sf_connectivity, &sf_param->sf_connectivity);
item->sf_connectivity.int_vlan_tag = sf_param->sf_connectivity.int_vlan_tag;
item->sf_connectivity.ext_vlan_tag = sf_param->sf_connectivity.ext_vlan_tag;
memcpy(item->sf_connectivity.dest_ip, sf_param->sf_connectivity.dest_ip, strlen(sf_param->sf_connectivity.dest_ip));
memcpy(item->sf_dst_ip, sf_param->sf_connectivity.dest_ip, strlen(sf_param->sf_connectivity.dest_ip)); memcpy(item->sf_dst_ip, sf_param->sf_connectivity.dest_ip, strlen(sf_param->sf_connectivity.dest_ip));
chaining->chaining_used++; chaining->chaining_used++;
sf_param_free(sf_param); sf_param_free(sf_param);
sff_param_free(sff_param); sff_param_free(sff_param);
} }
// Selected Service Chaining Before Unique : [1,2,3,1,2] selected_chaining_uniq(chaining);
// Selected Service Chaining After Unique : [1,2,3]
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node_i = &(chaining->chaining[i]);
for (int j = 0; j < i; j++)
{
struct selected_sf *node_j = &(chaining->chaining[j]);
if (node_i->sf_profile_id == node_j->sf_profile_id)
{
node_i->sf_need_skip = 1;
break;
}
}
}
chaining_param_free(chaining_param); chaining_param_free(chaining_param);
} }

197
platform/src/sce.cpp
View File

@@ -6,107 +6,194 @@
#include "global_metrics.h" #include "global_metrics.h"
/****************************************************************************** /******************************************************************************
* session_ctx * Struct Metadata
******************************************************************************/ ******************************************************************************/
struct session_ctx *session_ctx_new() struct metadata *metadata_new()
{ {
struct session_ctx *ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx)); struct metadata *meta = (struct metadata *)calloc(1, sizeof(struct metadata));
assert(ctx != NULL);
return ctx; return meta;
} }
void session_ctx_free(struct session_ctx *ctx) int metadata_is_empty(struct metadata *meta)
{ {
if (ctx) if (meta->write_ref == 0)
{ {
if (ctx->first_ctrl_pkt.addr_string) return 1;
}
else
{ {
free(ctx->first_ctrl_pkt.addr_string); return 0;
ctx->first_ctrl_pkt.addr_string = NULL; }
}
void metadata_deep_copy(struct metadata *dst, struct metadata *src)
{
dst->write_ref++;
dst->session_id = src->session_id;
dst->raw_data = strndup(src->raw_data, src->raw_len);
dst->raw_len = src->raw_len;
dst->l7offset = src->l7offset;
dst->is_e2i_dir = src->is_e2i_dir;
dst->is_ctrl_pkt = src->is_ctrl_pkt;
dst->is_decrypted = src->is_decrypted;
sids_copy(&dst->sids, &src->sids);
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
}
void metadata_shadow_copy(struct metadata *dst, struct metadata *src)
{
dst->write_ref++;
dst->session_id = src->session_id;
dst->raw_data = src->raw_data;
dst->raw_len = src->raw_len;
dst->l7offset = src->l7offset;
dst->is_e2i_dir = src->is_e2i_dir;
dst->is_ctrl_pkt = src->is_ctrl_pkt;
dst->is_decrypted = src->is_decrypted;
sids_copy(&dst->sids, &src->sids);
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
}
void metadata_free(struct metadata *meta)
{
if (meta)
{
if (meta->raw_data)
{
free(meta->raw_data);
meta->raw_data = NULL;
} }
if (ctx->first_ctrl_pkt.header_data) free(meta);
{ meta = NULL;
free(ctx->first_ctrl_pkt.header_data);
ctx->first_ctrl_pkt.header_data = NULL;
}
if (ctx->chaining)
{
selected_chaining_destory(ctx->chaining);
ctx->chaining = NULL;
}
free(ctx);
ctx = 0;
} }
} }
/****************************************************************************** /******************************************************************************
* sce_ctx * Struct Session Ctx
******************************************************************************/
struct session_ctx *session_ctx_new()
{
struct session_ctx *session_ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
assert(session_ctx != NULL);
fixed_num_array_init(&session_ctx->policy_ids);
session_ctx->raw_meta_i2e = metadata_new();
session_ctx->raw_meta_e2i = metadata_new();
session_ctx->ctrl_meta = metadata_new();
return session_ctx;
}
void session_ctx_free(struct session_ctx *session_ctx)
{
if (session_ctx)
{
if (session_ctx->raw_meta_i2e)
{
metadata_free(session_ctx->raw_meta_i2e);
session_ctx->raw_meta_i2e = NULL;
}
if (session_ctx->raw_meta_e2i)
{
metadata_free(session_ctx->raw_meta_e2i);
session_ctx->raw_meta_e2i = NULL;
}
if (session_ctx->ctrl_meta)
{
metadata_free(session_ctx->ctrl_meta);
session_ctx->ctrl_meta = NULL;
}
if (session_ctx->chainings.chaining_raw)
{
selected_chaining_destory(session_ctx->chainings.chaining_raw);
session_ctx->chainings.chaining_raw = NULL;
}
if (session_ctx->chainings.chaining_decrypted)
{
selected_chaining_destory(session_ctx->chainings.chaining_decrypted);
session_ctx->chainings.chaining_decrypted = NULL;
}
free(session_ctx);
session_ctx = 0;
}
}
/******************************************************************************
* Struct SCE Ctx
******************************************************************************/ ******************************************************************************/
struct sce_ctx *sce_ctx_create(const char *profile) struct sce_ctx *sce_ctx_create(const char *profile)
{ {
struct sce_ctx *ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx)); struct sce_ctx *sce_ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx));
MESA_load_profile_int_def(profile, "system", "enable_debug", (int *)&(ctx->enable_debug), 0); MESA_load_profile_int_def(profile, "system", "enable_debug", (int *)&(sce_ctx->enable_debug), 0);
MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(ctx->firewall_sids), 1001); MESA_load_profile_int_def(profile, "system", "enable_send_log", (int *)&(sce_ctx->enable_send_log), 0);
MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(ctx->nr_worker_threads), 8); MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(sce_ctx->firewall_sids), 1001);
MESA_load_profile_uint_range(profile, "system", "cpu_affinity_mask", MAX_THREAD_NUM, (unsigned int *)ctx->cpu_affinity_mask); MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(sce_ctx->nr_worker_threads), 8);
MESA_load_profile_int_def(profile, "system", "ts_update_interval_ms", (int *)&(ctx->ts_update_interval_ms), 1); MESA_load_profile_uint_range(profile, "system", "cpu_affinity_mask", MAX_THREAD_NUM, (unsigned int *)sce_ctx->cpu_affinity_mask);
ctx->nr_worker_threads = MIN(ctx->nr_worker_threads, MAX_THREAD_NUM); MESA_load_profile_int_def(profile, "system", "ts_update_interval_ms", (int *)&(sce_ctx->ts_update_interval_ms), 1);
CPU_ZERO(&ctx->coremask); sce_ctx->nr_worker_threads = MIN(sce_ctx->nr_worker_threads, MAX_THREAD_NUM);
for (int i = 0; i < ctx->nr_worker_threads; i++) CPU_ZERO(&sce_ctx->coremask);
for (int i = 0; i < sce_ctx->nr_worker_threads; i++)
{ {
int cpu_id = ctx->cpu_affinity_mask[i]; int cpu_id = sce_ctx->cpu_affinity_mask[i];
CPU_SET(cpu_id, &ctx->coremask); CPU_SET(cpu_id, &sce_ctx->coremask);
} }
ctx->ts = timestamp_new(ctx->ts_update_interval_ms); sce_ctx->ts = timestamp_new(sce_ctx->ts_update_interval_ms);
sce_ctx->metrics = global_metrics_create(profile);
ctx->io = packet_io_create(profile, ctx->nr_worker_threads, &ctx->coremask); if (sce_ctx->metrics == NULL)
if (ctx->io == NULL)
{ {
goto error_out; goto error_out;
} }
ctx->metrics = global_metrics_create(profile); sce_ctx->enforcer = policy_enforcer_create("SCE", profile, sce_ctx->nr_worker_threads, NULL);
if (ctx->metrics == NULL) if (sce_ctx->enforcer == NULL)
{ {
goto error_out; goto error_out;
} }
ctx->enforcer = policy_enforcer_create("SCE", profile, ctx->nr_worker_threads, NULL); if (policy_enforcer_register(sce_ctx->enforcer) == -1)
if (ctx->enforcer == NULL)
{ {
goto error_out; goto error_out;
} }
if (policy_enforcer_register(ctx->enforcer) == -1) sce_ctx->io = packet_io_create(profile, sce_ctx->nr_worker_threads, &sce_ctx->coremask);
if (sce_ctx->io == NULL)
{ {
goto error_out; goto error_out;
} }
return ctx; return sce_ctx;
error_out: error_out:
sce_ctx_destory(ctx); sce_ctx_destory(sce_ctx);
return NULL; return NULL;
} }
void sce_ctx_destory(struct sce_ctx *ctx) void sce_ctx_destory(struct sce_ctx *sce_ctx)
{ {
if (ctx) if (sce_ctx)
{ {
policy_enforcer_destory(ctx->enforcer); packet_io_destory(sce_ctx->io);
global_metrics_destory(ctx->metrics); policy_enforcer_destory(sce_ctx->enforcer);
packet_io_destory(ctx->io); global_metrics_destory(sce_ctx->metrics);
timestamp_free(ctx->ts); timestamp_free(sce_ctx->ts);
free(ctx); free(sce_ctx);
ctx = NULL; sce_ctx = NULL;
} }
} }

15
platform/src/sf_status.cpp
View File

@@ -104,7 +104,7 @@ struct sf_status *sf_status_create(const char *profile)
void sf_status_reset(struct sf_status *handle) void sf_status_reset(struct sf_status *handle)
{ {
if (handle->config.enable == 0) if (handle == NULL || handle->config.enable == 0)
{ {
return; return;
} }
@@ -125,7 +125,7 @@ void sf_status_reset(struct sf_status *handle)
void sf_status_delete(struct sf_status *handle, int sf_profile_id) void sf_status_delete(struct sf_status *handle, int sf_profile_id)
{ {
if (handle->config.enable == 0) if (handle == NULL || handle->config.enable == 0)
{ {
return; return;
} }
@@ -146,7 +146,7 @@ void sf_status_delete(struct sf_status *handle, int sf_profile_id)
void sf_status_update(struct sf_status *handle, int sf_profile_id, int sf_status, int sf_latency) void sf_status_update(struct sf_status *handle, int sf_profile_id, int sf_status, int sf_latency)
{ {
if (handle->config.enable == 0) if (handle == NULL || handle->config.enable == 0)
{ {
return; return;
} }
@@ -185,7 +185,7 @@ void sf_status_send(struct sf_status *handle)
struct node *temp = NULL; struct node *temp = NULL;
struct node *node = NULL; struct node *node = NULL;
if (handle->config.enable == 0) if (handle == NULL || handle->config.enable == 0)
{ {
return; return;
} }
@@ -203,5 +203,12 @@ void sf_status_send(struct sf_status *handle)
int sf_status_get_interval(struct sf_status *handle) int sf_status_get_interval(struct sf_status *handle)
{ {
if (handle == NULL)
{
return 0;
}
else
{
return handle->config.interval_s; return handle->config.interval_s;
}
} }

28
platform/test/gtest_policy.cpp
View File

@@ -18,7 +18,7 @@ TEST(POLICY, SELECTED_CHAINING_LIFE_CYCLE)
{ {
struct selected_chaining *chaining = NULL; struct selected_chaining *chaining = NULL;
chaining = selected_chaining_create(128); chaining = selected_chaining_create(128, 0, NULL);
EXPECT_TRUE(chaining != nullptr); EXPECT_TRUE(chaining != nullptr);
selected_chaining_destory(chaining); selected_chaining_destory(chaining);
@@ -45,16 +45,22 @@ TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
EXPECT_TRUE(enforcer != nullptr); EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0); EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_internal = 1; int dir_is_i2e = 1;
struct selected_chaining *chaining = selected_chaining_create(64); struct selected_chainings chainings;
EXPECT_TRUE(chaining != nullptr); chainings.chaining_raw = selected_chaining_create(64, 0, NULL);
policy_enforce_select_chaining(chaining, enforcer, &handler, 1, dir_is_internal, &s_ctx); chainings.chaining_decrypted = selected_chaining_create(64, 0, NULL);
policy_enforce_select_chaining(chaining, enforcer, &handler, 2, dir_is_internal, &s_ctx); policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
policy_enforce_select_chaining(chaining, enforcer, &handler, 11, dir_is_internal, &s_ctx); policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
policy_enforce_select_chaining(chaining, enforcer, &handler, 12, dir_is_internal, &s_ctx); policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
selected_chaining_dump(chaining); policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
selected_chaining_bref(chaining);
selected_chaining_destory(chaining); selected_chaining_dump(chainings.chaining_raw);
selected_chaining_bref(chainings.chaining_raw);
selected_chaining_destory(chainings.chaining_raw);
selected_chaining_dump(chainings.chaining_decrypted);
selected_chaining_bref(chainings.chaining_decrypted);
selected_chaining_destory(chainings.chaining_decrypted);
printf("Before Sleep\n"); printf("Before Sleep\n");
sleep(15); sleep(15);