gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13837 支持decrypted traffic steering/mirroring,并重构packet_io

Browse Source
This commit is contained in:
luwenpeng
2023-03-14 16:10:44 +08:00
parent 29755f2162
commit 0e85d3c9c5
26 changed files with 1960 additions and 1941 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.gitlab-ci.yml
View File

@@ -53,7 +53,7 @@ develop_build_debug_for_centos7:
TESTING_VERSION_BUILD: 1
UPLOAD_SYMBOL_FILES: 1
BUILD_TYPE: Debug
# ASAN_OPTION: ADDRESS
ASAN_OPTION: ADDRESS
PACKAGE: 1
PULP3_REPO_NAME: tsg-testing-x86_64.el7
PULP3_DIST_NAME: tsg-testing-x86_64.el7
@@ -71,7 +71,7 @@ develop_build_release_for_centos7:
variables:
TESTING_VERSION_BUILD: 1
UPLOAD_SYMBOL_FILES: 1
# ASAN_OPTION: ADDRESS
ASAN_OPTION: ADDRESS
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
PULP3_REPO_NAME: tsg-testing-x86_64.el7
@@ -160,7 +160,7 @@ develop_build_debug_for_centos8:
TESTING_VERSION_BUILD: 1
UPLOAD_SYMBOL_FILES: 1
BUILD_TYPE: Debug
# ASAN_OPTION: ADDRESS
ASAN_OPTION: ADDRESS
PACKAGE: 1
PULP3_REPO_NAME: tsg-testing-x86_64.el8
PULP3_DIST_NAME: tsg-testing-x86_64.el8
@@ -178,7 +178,7 @@ develop_build_release_for_centos8:
variables:
TESTING_VERSION_BUILD: 1
UPLOAD_SYMBOL_FILES: 1
# ASAN_OPTION: ADDRESS
ASAN_OPTION: ADDRESS
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
PULP3_REPO_NAME: tsg-testing-x86_64.el8

2
ci/travis.sh
View File

@@ -58,7 +58,7 @@ cmake3 -DCMAKE_CXX_FLAGS=$CXX_FLAGS \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DVERSION_DAILY_BUILD=$TESTING_VERSION_BUILD \
..
make
make -j 4
if [ -n "${PACKAGE}" ]; then
make package

29
common/include/addr_tuple4.h
View File

@@ -8,26 +8,26 @@ extern "C"
#include <netinet/in.h>
enum addr_tuple4_type
{
enum addr_tuple4_type
{
ADDR_TUPLE4_TYPE_V4,
ADDR_TUPLE4_TYPE_V6,
};
};
struct addr_v4
{
struct addr_v4
{
struct in_addr src_addr; /* network order */
struct in_addr dst_addr; /* network order */
};
};
struct addr_v6
{
struct addr_v6
{
struct in6_addr src_addr; /* network order */
struct in6_addr dst_addr; /* network order */
};
};
struct addr_tuple4
{
struct addr_tuple4
{
enum addr_tuple4_type addr_type;
in_port_t src_port; /* network order */
in_port_t dst_port; /* network order */
@@ -36,7 +36,7 @@ extern "C"
struct addr_v4 addr_v4;
struct addr_v6 addr_v6;
};
};
};
#define INIT_ADDR_V4(name, src_addr_str, src_port_num, dst_addr_str, dst_port_num) \
struct addr_tuple4 name; \
@@ -56,8 +56,9 @@ extern "C"
inet_pton(AF_INET6, (src_addr_str), &(name).addr_v6.src_addr); \
inet_pton(AF_INET6, (dst_addr_str), &(name).addr_v6.dst_addr);
char *addr_tuple4_to_str(const struct addr_tuple4 *addr);
void addr_tuple4_reverse(const struct addr_tuple4 *orin, struct addr_tuple4 *out);
void addr_tuple4_copy(struct addr_tuple4 *dst, struct addr_tuple4 *src);
char *addr_tuple4_to_str(const struct addr_tuple4 *addr);
void addr_tuple4_reverse(const struct addr_tuple4 *orin, struct addr_tuple4 *out);
#ifdef __cpluscplus
}

2
common/include/raw_packet.h
View File

@@ -90,7 +90,7 @@ int raw_packet_parser_get_most_outer_tuple4(struct raw_pkt_parser *handler, stru
int raw_packet_parser_get_most_inner_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
int raw_packet_parser_get_most_outer_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_internal);
uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_i2e);
#ifdef __cpluscplus
}

8
common/include/session_table.h
View File

@@ -21,8 +21,8 @@ struct session_node
uint64_t session_id; /* first key */
struct addr_tuple4 session_addr; /* second key */
void *val_data;
fn_free_cb *val_freecb;
void *value;
fn_free_cb *value_free_cb;
UT_hash_handle hh1; /* handle for first hash table */
UT_hash_handle hh2; /* handle for second hash table */
@@ -36,10 +36,10 @@ void session_table_reset(struct session_table *table);
uint64_t session_table_count(struct session_table *table);
// session_addr : deep copy
// val_data : shallow copy (malloc by user, free by val_freecb)
// value : shallow copy (malloc by user, free by value_free_cb)
// return 0 : suceess
// return -1 : key exists
int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *val_data, const fn_free_cb *val_freecb);
int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *value, const fn_free_cb *value_free_cb);
// return 0 : success
// return -1 : key not exists

10
common/include/utils.h
View File

@@ -8,16 +8,16 @@ extern "C"
#define MIN(a, b) ((a) > (b) ? (b) : (a))
#define LOG_TAG_SCE "SCE"
#define LOG_TAG_POLICY "POLICY"
#define LOG_TAG_UTILS "UTILS"
#define LOG_TAG_PKTIO "PACKET_IO"
#define LOG_TAG_RAWPKT "RAW_PACKET"
#define LOG_TAG_CTRLPKT "CTRL_PACKET"
#define LOG_TAG_STABLE "SESSION_TABLE"
#define LOG_TAG_PKTIO "PACKET_IO"
#define LOG_TAG_METRICS "G_METRICS"
#define LOG_TAG_SF_METRICS "SF_METRICS"
#define LOG_TAG_SF_STATUS "SF_STATUS"
#define LOG_TAG_SCE "SCE"
#define LOG_TAG_UTILS "UTILS"
#define LOG_TAG_HEALTH_CHECK "HEALTH_CHECK"
#define LOG_TAG_TIMESTAMP "TIMESTAMP"
#define ATOMIC_INC(x) __atomic_fetch_add(x, 1, __ATOMIC_RELAXED)
@@ -71,7 +71,7 @@ struct route_ctx
int len;
};
int route_ctx_is_empty(struct route_ctx *ctx);
void route_ctx_write_once(struct route_ctx *dst, struct route_ctx *src);
void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src);
/******************************************************************************

18
common/src/addr_tuple4.cpp
View File

@@ -4,6 +4,24 @@
#include "addr_tuple4.h"
void addr_tuple4_copy(struct addr_tuple4 *dst, struct addr_tuple4 *src)
{
dst->addr_type = src->addr_type;
dst->src_port = src->src_port;
dst->dst_port = src->dst_port;
if (src->addr_type == ADDR_TUPLE4_TYPE_V4)
{
memcpy(&(dst->addr_v4.src_addr), &(src->addr_v4.src_addr), sizeof(struct in_addr));
memcpy(&(dst->addr_v4.dst_addr), &(src->addr_v4.dst_addr), sizeof(struct in_addr));
}
else
{
memcpy(&(dst->addr_v6.src_addr), &(src->addr_v6.src_addr), sizeof(struct addr_v6));
memcpy(&(dst->addr_v6.dst_addr), &(src->addr_v6.dst_addr), sizeof(struct addr_v6));
}
}
char *addr_tuple4_to_str(const struct addr_tuple4 *addr)
{
char *str_ret = NULL;

14
common/src/raw_packet.cpp
View File

@@ -272,7 +272,7 @@ int raw_packet_parser_get_most_outer_address(struct raw_pkt_parser *handler, str
return -1;
}
uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_internal)
uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_i2e)
{
uint64_t temp = 0;
uint64_t hash_value = 1;
@@ -333,7 +333,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
switch (method)
{
case LDBC_METHOD_HASH_INT_IP:
if (dir_is_internal)
if (dir_is_i2e)
{
// outer src ip
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
@@ -345,7 +345,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
}
break;
case LDBC_METHOD_HASH_EXT_IP:
if (dir_is_internal)
if (dir_is_i2e)
{
// outer dst ip
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
@@ -363,7 +363,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
hash_value = hash_value ^ temp;
break;
case LDBC_METHOD_HASH_INNERMOST_INT_IP:
if (dir_is_internal)
if (dir_is_i2e)
{
// innner src ip
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
@@ -375,7 +375,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
}
break;
case LDBC_METHOD_HASH_INNERMOST_EXT_IP:
if (dir_is_internal)
if (dir_is_i2e)
{
// innner dst ip
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
@@ -393,7 +393,7 @@ uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum l
char *inner_addr_str = addr_tuple4_to_str(&inner_addr);
char *outer_addr_str = addr_tuple4_to_str(&outer_addr);
LOG_DEBUG("%s: pkt_trace_id: %lu, outer_addr: %s, inner_addr: %s, is_internal: %d, hash_method: %s, hash_value: %lu",
LOG_TAG_RAWPKT, handler->pkt_trace_id, outer_addr_str, inner_addr_str, dir_is_internal, ldbc_method_to_string(method), hash_value);
LOG_TAG_RAWPKT, handler->pkt_trace_id, outer_addr_str, inner_addr_str, dir_is_i2e, ldbc_method_to_string(method), hash_value);
free(inner_addr_str);
free(outer_addr_str);
@@ -814,7 +814,7 @@ static const void *parse_vxlan(struct raw_pkt_parser *handler, const void *data,
return data;
}
struct vxlan_hdr *vxlan_hdr = (struct vxlan_hdr *)data;
// struct vxlan_hdr *vxlan_hdr = (struct vxlan_hdr *)data;
uint16_t hdr_len = sizeof(struct vxlan_hdr);
const void *data_next_layer = (const char *)data + hdr_len;
size_t data_next_length = length - hdr_len;

50
common/src/session_table.cpp
View File

@@ -2,7 +2,6 @@
#include "session_table.h"
#include "utils.h"
#include "log.h"
struct session_table
{
@@ -33,9 +32,9 @@ void session_table_destory(struct session_table *table)
HASH_DELETE(hh1, table->root_by_id, node);
HASH_DELETE(hh2, table->root_by_addr, node);
if (node->val_freecb && node->val_data)
if (node->value_free_cb && node->value)
{
node->val_freecb(node->val_data);
node->value_free_cb(node->value);
}
free(node);
@@ -58,9 +57,9 @@ void session_table_reset(struct session_table *table)
HASH_DELETE(hh1, table->root_by_id, node);
HASH_DELETE(hh2, table->root_by_addr, node);
if (node->val_freecb && node->val_data)
if (node->value_free_cb && node->value)
{
node->val_freecb(node->val_data);
node->value_free_cb(node->value);
}
free(node);
@@ -84,14 +83,13 @@ uint64_t session_table_count(struct session_table *table)
}
// session_addr : deep copy
// val_data : shallow copy (malloc by user, free by val_freecb)
int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *val_data, const fn_free_cb *val_freecb)
// value : shallow copy (malloc by user, free by value_free_cb)
int session_table_insert(struct session_table *table, uint64_t session_id, const struct addr_tuple4 *session_addr, void *value, const fn_free_cb *value_free_cb)
{
struct session_node *temp = NULL;
HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp);
if (temp)
{
LOG_DEBUG("%s: insert: key %lu exists", LOG_TAG_STABLE, session_id);
return -1;
}
@@ -100,13 +98,12 @@ int session_table_insert(struct session_table *table, uint64_t session_id, const
temp->session_id = session_id;
memcpy(&temp->session_addr, session_addr, sizeof(struct addr_tuple4));
temp->val_data = val_data;
temp->val_freecb = val_freecb;
temp->value = value;
temp->value_free_cb = value_free_cb;
HASH_ADD(hh1, table->root_by_id, session_id, sizeof(temp->session_id), temp);
HASH_ADD(hh2, table->root_by_addr, session_addr, sizeof(temp->session_addr), temp);
LOG_DEBUG("%s: insert: key %lu success", LOG_TAG_STABLE, session_id);
table->session_node_count++;
return 0;
@@ -118,23 +115,21 @@ int session_table_delete_by_id(struct session_table *table, uint64_t session_id)
HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp);
if (!temp)
{
LOG_DEBUG("%s: delete: key %lu not exists", LOG_TAG_STABLE, session_id);
return -1;
}
HASH_DELETE(hh1, table->root_by_id, temp);
HASH_DELETE(hh2, table->root_by_addr, temp);
if (temp->val_freecb && temp->val_data)
if (temp->value_free_cb && temp->value)
{
temp->val_freecb(temp->val_data);
temp->val_data = NULL;
temp->value_free_cb(temp->value);
temp->value = NULL;
}
free(temp);
temp = NULL;
LOG_DEBUG("%s: delete: key %lu success", LOG_TAG_STABLE, session_id);
table->session_node_count--;
return 0;
@@ -143,7 +138,6 @@ int session_table_delete_by_id(struct session_table *table, uint64_t session_id)
int session_table_delete_by_addr(struct session_table *table, const struct addr_tuple4 *session_addr)
{
struct session_node *temp = NULL;
char *addr_str = addr_tuple4_to_str(session_addr);
HASH_FIND(hh2, table->root_by_addr, session_addr, sizeof(struct addr_tuple4), temp);
if (!temp)
{
@@ -152,8 +146,6 @@ int session_table_delete_by_addr(struct session_table *table, const struct addr_
HASH_FIND(hh2, table->root_by_addr, &reverse_addr, sizeof(struct addr_tuple4), temp);
if (!temp)
{
LOG_DEBUG("%s: delete: key %s not exists", LOG_TAG_STABLE, addr_str);
free(addr_str);
return -1;
}
}
@@ -161,18 +153,15 @@ int session_table_delete_by_addr(struct session_table *table, const struct addr_
HASH_DELETE(hh1, table->root_by_id, temp);
HASH_DELETE(hh2, table->root_by_addr, temp);
if (temp->val_freecb && temp->val_data)
if (temp->value_free_cb && temp->value)
{
temp->val_freecb(temp->val_data);
temp->val_data = NULL;
temp->value_free_cb(temp->value);
temp->value = NULL;
}
free(temp);
temp = NULL;
LOG_DEBUG("%s: delete: key %s success", LOG_TAG_STABLE, addr_str);
free(addr_str);
addr_str = NULL;
table->session_node_count--;
return 0;
@@ -184,19 +173,15 @@ struct session_node *session_table_search_by_id(struct session_table *table, uin
HASH_FIND(hh1, table->root_by_id, &session_id, sizeof(session_id), temp);
if (!temp)
{
LOG_DEBUG("%s: search: key %lu not exists", LOG_TAG_STABLE, session_id);
return NULL;
}
LOG_DEBUG("%s: search: key %lu success", LOG_TAG_STABLE, session_id);
return temp;
}
struct session_node *session_table_search_by_addr(struct session_table *table, const struct addr_tuple4 *session_addr)
{
struct session_node *temp = NULL;
char *addr_str = addr_tuple4_to_str(session_addr);
HASH_FIND(hh2, table->root_by_addr, session_addr, sizeof(struct addr_tuple4), temp);
if (!temp)
{
@@ -205,16 +190,9 @@ struct session_node *session_table_search_by_addr(struct session_table *table, c
HASH_FIND(hh2, table->root_by_addr, &reverse_addr, sizeof(struct addr_tuple4), temp);
if (!temp)
{
LOG_DEBUG("%s: search: key %s not exists", LOG_TAG_STABLE, addr_str);
free(addr_str);
addr_str = NULL;
return NULL;
}
}
LOG_DEBUG("%s: search: key %s success", LOG_TAG_STABLE, addr_str);
free(addr_str);
addr_str = NULL;
return temp;
}

15
common/src/utils.cpp
View File

@@ -126,15 +126,14 @@ void sids_copy(struct sids *dst, struct sids *src)
* route_ctx
******************************************************************************/
int route_ctx_is_empty(struct route_ctx *ctx)
void route_ctx_write_once(struct route_ctx *dst, struct route_ctx *src)
{
if (ctx->len == 0)
if (dst && src)
{
return 1;
if (dst->len == 0)
{
route_ctx_copy(dst, src);
}
else
{
return 0;
}
}
@@ -150,8 +149,8 @@ void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src)
void throughput_metrics_inc(struct throughput_metrics *iterm, uint64_t n_pkts, uint64_t n_bytes)
{
__atomic_fetch_add(&iterm->n_bytes, n_bytes, __ATOMIC_RELAXED);
__atomic_fetch_add(&iterm->n_pkts, n_pkts, __ATOMIC_RELAXED);
ATOMIC_ADD(&iterm->n_bytes, n_bytes);
ATOMIC_ADD(&iterm->n_pkts, n_pkts);
}
/******************************************************************************

2
common/test/gtest_ctrl_packet.cpp
View File

@@ -4,7 +4,7 @@
TEST(CTRL_PACKET, PARSE)
{
const char *data = "{\"tsync\":\"1.0\",\"session_id\":123456789,\"state\":\"active\",\"method\":\"policy_update\",\"params\":{\"service_chaining\":[1,2,3],\"shaping\":[4,5,6]}}";
const char *data = "{\"tsync\":\"1.0\",\"session_id\":\"123456789\",\"state\":\"active\",\"method\":\"policy_update\",\"params\":{\"service_chaining\":[1,2,3],\"shaping\":[4,5,6]}}";
size_t length = strlen(data);
struct ctrl_pkt_parser parser;

12
common/test/gtest_session_table.cpp
View File

@@ -48,10 +48,10 @@ TEST(STREAM_TABLE, SEARCH_BY_ID)
struct session_node *node = NULL;
node = session_table_search_by_id(table, 1);
EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "HELLO");
EXPECT_STREQ((const char *)node->value, "HELLO");
node = session_table_search_by_id(table, 2);
EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "WORLD");
EXPECT_STREQ((const char *)node->value, "WORLD");
node = session_table_search_by_id(table, 3);
EXPECT_TRUE(node == nullptr);
@@ -80,10 +80,10 @@ TEST(STREAM_TABLE, SEARCH_BY_ADDR)
struct session_node *node = NULL;
node = session_table_search_by_addr(table, &addr1);
EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "HELLO");
EXPECT_STREQ((const char *)node->value, "HELLO");
node = session_table_search_by_addr(table, &addr2);
EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "WORLD");
EXPECT_STREQ((const char *)node->value, "WORLD");
node = session_table_search_by_addr(table, &addr3);
EXPECT_TRUE(node == nullptr);
@@ -115,10 +115,10 @@ TEST(STREAM_TABLE, SEARCH_BY_REVERSE_ADDR)
struct session_node *node = NULL;
node = session_table_search_by_addr(table, &addr1_reverse);
EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "HELLO");
EXPECT_STREQ((const char *)node->value, "HELLO");
node = session_table_search_by_addr(table, &addr2_reverse);
EXPECT_TRUE(node != nullptr);
EXPECT_STREQ((const char *)node->val_data, "WORLD");
EXPECT_STREQ((const char *)node->value, "WORLD");
// TEST Destory
session_table_destory(table);

1
conf/sce.conf
View File

@@ -3,6 +3,7 @@ nr_worker_threads=8
cpu_affinity_mask=2,3,4-9
firewall_sids=1001
enable_debug=0
enable_send_log=0
ts_update_interval_ms=1
# Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally

102
platform/include/global_metrics.h
View File

@@ -9,7 +9,7 @@ extern "C"
#include "utils.h"
#include <MESA/field_stat2.h>
struct global_metrics_config
struct metrics_config
{
char output_file[256];
char statsd_server[32];
@@ -21,42 +21,78 @@ struct global_metrics_config
char prometheus_listen_url[256];
};
struct device_metrics
{
struct throughput_metrics nf_rx; // 累计值
struct throughput_metrics nf_tx; // 累计值
struct throughput_metrics endpoint_rx; // 累计值
struct throughput_metrics endpoint_tx; // 累计值
struct throughput_metrics endpoint_drop; // 累计值
};
// raw_pkt_metrics 不包含 g_vxlan 所占的字节
struct raw_pkt_metrics
{
struct throughput_metrics mirr_bypass; // 累计值
struct throughput_metrics mirr_block; // 累计值
struct throughput_metrics mirr_rx_drop; // 累计值
struct throughput_metrics mirr_tx; // 累计值
struct throughput_metrics stee_bypass; // 累计值
struct throughput_metrics stee_block; // 累计值
struct throughput_metrics stee_rx; // 累计值
struct throughput_metrics stee_tx; // 累计值
struct throughput_metrics miss_sess; // 累计值
struct throughput_metrics error_bypass; // 累计值
struct throughput_metrics error_block; // 累计值
};
struct ctrl_pkt_metrics
{
struct throughput_metrics rx; // 累计值
struct throughput_metrics tx; // 累计值
uint64_t opening; // 累计值
uint64_t active; // 累计值
uint64_t closing; // 累计值
uint64_t resetall; // 累计值
uint64_t error; // 累计值
};
struct keepalived_pkt_metrics
{
struct throughput_metrics downlink_rx; // 累计值
struct throughput_metrics downlink_tx; // 累计值
struct throughput_metrics uplink_rx; // 累计值
struct throughput_metrics uplink_tx_drop; // 累计值
};
struct sf_status_metrics
{
uint64_t active; // 累计值
uint64_t inactive; // 累计值
};
struct sf_session_metrics
{
uint64_t num; // 当前值
uint64_t log; // 累计值
};
struct global_metrics
{
struct throughput_metrics dev_endpoint_rx; // 累计值
struct throughput_metrics dev_endpoint_tx; // 累计值
struct throughput_metrics dev_endpoint_err_drop; // 累计值
struct device_metrics device;
struct raw_pkt_metrics raw_pkt;
struct ctrl_pkt_metrics ctrl_pkt;
struct keepalived_pkt_metrics kee_pkt;
struct throughput_metrics raw_pkt_rx; // 累计值
struct throughput_metrics raw_pkt_tx; // 累计值
struct throughput_metrics raw_pkt_err_bypass; // 累计值
struct sf_status_metrics sf_status;
struct sf_session_metrics sf_session;
struct throughput_metrics hit_block_policy; // 累计值
struct throughput_metrics hit_bypass_policy; // 累计值
struct throughput_metrics steering_tx; // 累计值
struct throughput_metrics steering_rx; // 累计值
struct throughput_metrics mirroring_tx; // 累计值
struct throughput_metrics mirroring_rx_drop; // 累计值
struct throughput_metrics downlink_keepalive_pkt_rx; // 累计值
struct throughput_metrics uplink_keepalive_pkt_rx; // 累计值
struct throughput_metrics ctrl_pkt_rx; // 累计值
uint64_t ctrl_pkt_opening_num; // 累计值
uint64_t ctrl_pkt_active_num; // 累计值
uint64_t ctrl_pkt_closing_num; // 累计值
uint64_t ctrl_pkt_resetall_num; // 累计值
uint64_t ctrl_pkt_error_num; // 累计值
uint64_t sf_active_times; // 累计值
uint64_t sf_inactive_times; // 累计值
uint64_t session_nums; // 瞬时值
uint64_t send_log; // 瞬时值
struct global_metrics_config config;
struct metrics_config config;
screen_stat_handle_t fs_handle;
int fs_id[128];
};

4
platform/include/packet_io.h
View File

@@ -12,8 +12,8 @@ void packet_io_destory(struct packet_io *handle);
int packet_io_thread_init(struct packet_io *handle, struct thread_ctx *thread_ctx);
void packet_io_thread_wait(struct packet_io *handle, struct thread_ctx *thread_ctx, int timeout_ms);
int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, void *ctx);
int packet_io_polling_endpoint(struct packet_io *handle, int thread_seq, void *ctx);
int packet_io_thread_polling_nf(struct packet_io *handle, struct thread_ctx *thread_ctx);
int packet_io_thread_polling_endpoint(struct packet_io *handle, struct thread_ctx *thread_ctx);
#ifdef __cpluscplus
}

51
platform/include/policy.h
View File

@@ -30,19 +30,18 @@ enum session_action
SESSION_ACTION_BLOCK = 2,
};
enum session_action_reason
enum action_reason
{
ACTION_BYPASS_DUE_DEFAULT = 0x00,
ACTION_BYPASS_DUE_INVALID_POLICY = 0x01,
ACTION_BYPASS_DUE_FAILURE_ACTION = 0x02,
ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x03,
ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x04,
ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x12,
ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x13,
ACTION_BYPASS_DUE_FAILURE_ACTION = 0x14,
ACTION_BYPASS_DUE_INVALID_POLICY = 0x15,
ACTION_BLOCK_DUE_FAILURE_ACTION = 0x10,
ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x11,
ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x21,
ACTION_BLOCK_DUE_FAILURE_ACTION = 0x22,
ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF = 0x31,
ACTION_FORWAED_DUE_SELECTED_SF = 0x20,
};
enum package_method
@@ -90,7 +89,7 @@ struct selected_sf
int sf_need_skip;
int sf_profile_id;
enum session_action sf_action;
enum session_action_reason sf_action_reason;
enum action_reason sf_action_reason;
struct connectivity sf_connectivity;
struct throughput_metrics rx;
@@ -106,8 +105,29 @@ struct selected_chaining
struct selected_sf *chaining;
int chaining_size;
int chaining_used;
uint64_t session_id;
char *session_addr;
};
struct selected_chainings
{
struct selected_chaining *chaining_raw;
struct selected_chaining *chaining_decrypted;
};
const char *traffic_type_to_string(enum traffic_type traffic_type);
const char *forward_type_to_string(enum forward_type forward_type);
const char *session_action_to_string(enum session_action session_action);
const char *action_reason_to_string(enum action_reason action_reason);
const char *package_method_to_string(enum package_method package_method);
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr);
void selected_chaining_destory(struct selected_chaining *chaining);
void selected_chaining_dump(struct selected_chaining *chaining);
void selected_chaining_bref(struct selected_chaining *chaining);
void selected_chaining_uniq(struct selected_chaining *chaining);
// return NULL : error
// return !NULL : success
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger);
@@ -116,15 +136,8 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer);
// return 0 : success
// return -1 : error
int policy_enforcer_register(struct policy_enforcer *enforcer);
int policy_enforce_max_chaining_size(struct policy_enforcer *enforcer);
struct selected_chaining *selected_chaining_create(int chaining_size);
void selected_chaining_destory(struct selected_chaining *chaining);
void selected_chaining_dump(struct selected_chaining *chaining);
void selected_chaining_bref(struct selected_chaining *chaining);
const char *session_action_reason_to_string(enum session_action_reason session_action_reason);
void policy_enforce_select_chaining(struct selected_chaining *chaining, struct policy_enforcer *enforcer, struct raw_pkt_parser *parser, int policy_id, int dir_is_internal, struct session_ctx *s_ctx);
int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e);
#ifdef __cpluscplus
}

103
platform/include/sce.h
View File

@@ -15,70 +15,85 @@ extern "C"
#define MAX_THREAD_NUM 128
/******************************************************************************
* Struct For Thread
/******************************************************************************
* Struct Thread Ctx
******************************************************************************/
struct thread_ctx
{
struct thread_ctx
{
pthread_t tid;
int thread_index;
struct session_table *session_table;
struct sf_metrics *sf_metrics;
struct session_table *session_table;
struct packet_io *ref_io;
struct sce_ctx *ref_sce_ctx;
struct global_metrics *ref_metrics;
struct policy_enforcer *ref_enforcer;
struct sce_ctx *ref_sce_ctx;
int session_table_need_reset;
};
};
/******************************************************************************
* Struct For Session
/******************************************************************************
* Struct Metadata
******************************************************************************/
struct packet_info
{
int dir_is_e2i;
struct addr_tuple4 tuple4;
char *addr_string;
struct metadata
{
int write_ref;
uint64_t session_id;
char *header_data;
int header_len;
char *raw_data;
int raw_len;
uint16_t l7offset;
int is_e2i_dir;
int is_ctrl_pkt;
int is_decrypted;
struct sids sids;
struct route_ctx route_ctx;
};
};
struct session_ctx
{
struct fixed_num_array policy_ids;
uint64_t session_id;
struct metadata *metadata_new();
int metadata_is_empty(struct metadata *meta);
void metadata_deep_copy(struct metadata *dst, struct metadata *src);
void metadata_shadow_copy(struct metadata *dst, struct metadata *src);
void metadata_free(struct metadata *meta);
struct route_ctx raw_pkt_i2e_route_ctx;
struct route_ctx raw_pkt_e2i_route_ctx;
struct sids raw_pkt_i2e_sids;
struct sids raw_pkt_e2i_sids;
// depending on first control packet
struct packet_info first_ctrl_pkt;
struct selected_chaining *chaining;
struct thread_ctx *ref_thread_ctx;
};
struct session_ctx *session_ctx_new();
void session_ctx_free(struct session_ctx *ctx);
/******************************************************************************
* Struct For SCE
/******************************************************************************
* Struct Session Ctx
******************************************************************************/
struct sce_ctx
{
struct session_ctx
{
uint64_t session_id;
char *session_addr;
struct addr_tuple4 inner_tuple4;
struct fixed_num_array policy_ids;
struct metadata *raw_meta_i2e;
struct metadata *raw_meta_e2i;
struct metadata *ctrl_meta;
struct selected_chainings chainings;
struct thread_ctx *ref_thread_ctx;
};
struct session_ctx *session_ctx_new();
void session_ctx_free(struct session_ctx *ctx);
/******************************************************************************
* Struct SCE Ctx
******************************************************************************/
struct sce_ctx
{
int enable_debug;
int enable_send_log;
int firewall_sids;
int nr_worker_threads;
int ts_update_interval_ms;
@@ -90,10 +105,10 @@ extern "C"
struct global_metrics *metrics;
struct policy_enforcer *enforcer;
struct thread_ctx work_threads[MAX_THREAD_NUM];
};
};
struct sce_ctx *sce_ctx_create(const char *profile);
void sce_ctx_destory(struct sce_ctx *ctx);
struct sce_ctx *sce_ctx_create(const char *profile);
void sce_ctx_destory(struct sce_ctx *ctx);
#ifdef __cpluscplus
}

349
platform/src/global_metrics.cpp
View File

@@ -8,49 +8,75 @@
enum SCE_STAT_FIELD
{
// dev endpoint
STAT_ENDPOINT_RX_PKT,
STAT_ENDPOINT_RX_B,
// device_metrics
STAT_DEVICE_NF_RX_PKT,
STAT_DEVICE_NF_RX_B,
STAT_ENDPOINT_TX_PKT,
STAT_ENDPOINT_TX_B,
STAT_DEVICE_NF_TX_PKT,
STAT_DEVICE_NF_TX_B,
STAT_ENDPOINT_ERR_DROP_PKT,
STAT_ENDPOINT_ERR_DROP_B,
STAT_DEVICE_ENDPOINT_RX_PKT,
STAT_DEVICE_ENDPOINT_RX_B,
// hit block policy
STAT_HIT_BLOCK_POLICY_PKT,
STAT_HIT_BLOCK_POLICY_B,
STAT_DEVICE_ENDPOINT_TX_PKT,
STAT_DEVICE_ENDPOINT_TX_B,
// dev nf interface
STAT_RAW_PKT_RX_PKT,
STAT_RAW_PKT_RX_B,
// keepalived_pkt_metrics
STAT_KEE_PKT_DOWN_RX_PKT,
STAT_KEE_PKT_DOWN_RX_B,
STAT_RAW_PKT_TX_PKT,
STAT_RAW_PKT_TX_B,
STAT_KEE_PKT_DOWN_TX_PKT,
STAT_KEE_PKT_DOWN_TX_B,
STAT_RAW_PKT_ERR_BYPASS_PKT,
STAT_RAW_PKT_ERR_BYPASS_B,
STAT_KEE_PKT_UP_RX_PKT,
STAT_KEE_PKT_UP_RX_B,
// hit bypass policy
STAT_HIT_BYPASS_POLICY_PKT,
STAT_HIT_BYPASS_POLICY_B,
STAT_KEE_PKT_UP_TX_DROP_PKT,
STAT_KEE_PKT_UP_TX_DROP_B,
// steering
STAT_STEERING_TX_PKT,
STAT_STEERING_TX_B,
STAT_STEERING_RX_PKT,
STAT_STEERING_RX_B,
// raw_pkt_metrics
STAT_RAW_PKT_MIRR_BYPASS_PKT,
STAT_RAW_PKT_MIRR_BYPASS_B,
// mirroring
STAT_MIRRORING_TX_PKT,
STAT_MIRRORING_TX_B,
STAT_MIRRORING_RX_DROP_PKT,
STAT_MIRRORING_RX_DROP_B,
STAT_RAW_PKT_MIRR_BLOCK_PKT,
STAT_RAW_PKT_MIRR_BLOCK_B,
// control packet
STAT_CONTROL_RX_PKT,
STAT_CONTROL_RX_B,
STAT_RAW_PKT_MIRR_RX_DROP_PKT,
STAT_RAW_PKT_MIRR_RX_DROP_B,
STAT_RAW_PKT_MIRR_TX_PKT,
STAT_RAW_PKT_MIRR_TX_B,
STAT_RAW_PKT_STEE_BYPASS_PKT,
STAT_RAW_PKT_STEE_BYPASS_B,
STAT_RAW_PKT_STEE_BLOCK_PKT,
STAT_RAW_PKT_STEE_BLOCK_B,
STAT_RAW_PKT_STEE_RX_PKT,
STAT_RAW_PKT_STEE_RX_B,
STAT_RAW_PKT_STEE_TX_PKT,
STAT_RAW_PKT_STEE_TX_B,
STAT_RAW_PKT_MISS_SESS_PKT,
STAT_RAW_PKT_MISS_SESS_B,
STAT_RAW_PKT_ERROR_BYPASS_PKT,
STAT_RAW_PKT_ERROR_BYPASS_B,
STAT_RAW_PKT_ERROR_BLOCK_PKT,
STAT_RAW_PKT_ERROR_BLOCK_B,
STAT_DEVICE_ENDPOINT_DROP_PKT,
STAT_DEVICE_ENDPOINT_DROP_B,
// ctrl_pkt_metrics
STAT_CTRL_PKT_RX_PKT,
STAT_CTRL_PKT_RX_B,
STAT_CTRL_PKT_TX_PKT,
STAT_CTRL_PKT_TX_B,
STAT_CTRL_PKT_OPENING,
STAT_CTRL_PKT_ACTIVE,
@@ -58,21 +84,13 @@ enum SCE_STAT_FIELD
STAT_CTRL_PKT_RESETALL,
STAT_CTRL_PKT_ERROR,
// current session number
STAT_CURRENT_SESSION_NUMS,
// sf_session_metrics
STAT_SF_SESSION_NUM,
STAT_SF_SESSION_LOG,
// keepalive packet
STAT_DOWNLINK_KEEPALIVE_RX_PKT,
STAT_DOWNLINK_KEEPALIVE_RX_B,
STAT_UPLINK_KEEPALIVE_RX_PKT,
STAT_UPLINK_KEEPALIVE_RX_B,
// health check
STAT_SF_ACTIVE_TIMES,
STAT_SF_INACTIVE_TIMES,
// send log
STAT_SEND_LOG,
// sf_status_metrics
STAT_SF_STATUS_ACTIVE,
STAT_SF_STATUS_INACTIVE,
// max
STAT_MAX,
@@ -80,75 +98,93 @@ enum SCE_STAT_FIELD
static const char *stat_map[] =
{
// dev endpoint
[STAT_ENDPOINT_RX_PKT] = "endp_rx_pkt",
[STAT_ENDPOINT_RX_B] = "endp_rx_B",
// device_metrics
[STAT_DEVICE_NF_RX_PKT] = "nf_rx_pkt",
[STAT_DEVICE_NF_RX_B] = "nf_rx_B",
[STAT_ENDPOINT_TX_PKT] = "endp_tx_pkt",
[STAT_ENDPOINT_TX_B] = "endp_tx_B",
[STAT_DEVICE_NF_TX_PKT] = "nf_tx_pkt",
[STAT_DEVICE_NF_TX_B] = "nf_tx_B",
[STAT_ENDPOINT_ERR_DROP_PKT] = "endp_edrop_pkt",
[STAT_ENDPOINT_ERR_DROP_B] = "endp_edrop_B",
[STAT_DEVICE_ENDPOINT_RX_PKT] = "endp_rx_pkt",
[STAT_DEVICE_ENDPOINT_RX_B] = "endp_rx_B",
// hit block policy
[STAT_HIT_BLOCK_POLICY_PKT] = "hit_block_pkt",
[STAT_HIT_BLOCK_POLICY_B] = "hit_block_B",
[STAT_DEVICE_ENDPOINT_TX_PKT] = "endp_tx_pkt",
[STAT_DEVICE_ENDPOINT_TX_B] = "endp_tx_B",
// dev nf interface
[STAT_RAW_PKT_RX_PKT] = "raw_rx_pkt",
[STAT_RAW_PKT_RX_B] = "raw_rx_B",
// keepalived_pkt_metrics
[STAT_KEE_PKT_DOWN_RX_PKT] = "kee_d_rx_pkt",
[STAT_KEE_PKT_DOWN_RX_B] = "kee_d_rx_B",
[STAT_RAW_PKT_TX_PKT] = "raw_tx_pkt",
[STAT_RAW_PKT_TX_B] = "raw_tx_B",
[STAT_KEE_PKT_DOWN_TX_PKT] = "kee_d_tx_pkt",
[STAT_KEE_PKT_DOWN_TX_B] = "kee_d_tx_B",
[STAT_RAW_PKT_ERR_BYPASS_PKT] = "raw_ebypass_pkt",
[STAT_RAW_PKT_ERR_BYPASS_B] = "raw_ebypass_B",
[STAT_KEE_PKT_UP_RX_PKT] = "kee_u_rx_pkt",
[STAT_KEE_PKT_UP_RX_B] = "kee_u_rx_B",
// hit bypass policy
[STAT_HIT_BYPASS_POLICY_PKT] = "hit_bypass_pkt",
[STAT_HIT_BYPASS_POLICY_B] = "hit_bypass_B",
[STAT_KEE_PKT_UP_TX_DROP_PKT] = "kee_u_rxdop_pkt",
[STAT_KEE_PKT_UP_TX_DROP_B] = "kee_u_rxdop_B",
// steering
[STAT_STEERING_TX_PKT] = "stee_tx_pkt",
[STAT_STEERING_TX_B] = "stee_tx_B",
[STAT_STEERING_RX_PKT] = "stee_rx_pkt",
[STAT_STEERING_RX_B] = "stee_rx_B",
// raw_pkt_metrics
[STAT_RAW_PKT_MIRR_BYPASS_PKT] = "mirr_bypass_pkt",
[STAT_RAW_PKT_MIRR_BYPASS_B] = "mirr_bypass_B",
// mirroring
[STAT_MIRRORING_TX_PKT] = "mirr_tx_pkt",
[STAT_MIRRORING_TX_B] = "mirr_tx_B",
[STAT_MIRRORING_RX_DROP_PKT] = "mirr_rx_dop_pkt",
[STAT_MIRRORING_RX_DROP_B] = "mirr_rx_dop_B",
[STAT_RAW_PKT_MIRR_BLOCK_PKT] = "mirr_block_pkt",
[STAT_RAW_PKT_MIRR_BLOCK_B] = "mirr_block_B",
// control packet
[STAT_CONTROL_RX_PKT] = "ctrl_rx_pkt",
[STAT_CONTROL_RX_B] = "ctrl_rx_B",
[STAT_RAW_PKT_MIRR_RX_DROP_PKT] = "mirr_rxdop_pkt",
[STAT_RAW_PKT_MIRR_RX_DROP_B] = "mirr_rxdop_B",
[STAT_CTRL_PKT_OPENING] = "ctrl_pkt_open",
[STAT_CTRL_PKT_ACTIVE] = "ctrl_pkt_avtive",
[STAT_CTRL_PKT_CLOSING] = "ctrl_pkt_close",
[STAT_CTRL_PKT_RESETALL] = "ctrl_pkt_reset",
[STAT_CTRL_PKT_ERROR] = "ctrl_pkt_error",
[STAT_RAW_PKT_MIRR_TX_PKT] = "mirro_tx_pkt",
[STAT_RAW_PKT_MIRR_TX_B] = "mirro_tx_B",
// current session number
[STAT_CURRENT_SESSION_NUMS] = "curr_sess_num",
[STAT_RAW_PKT_STEE_BYPASS_PKT] = "stee_bypass_pkt",
[STAT_RAW_PKT_STEE_BYPASS_B] = "stee_bypass_B",
// keepalive packet
[STAT_DOWNLINK_KEEPALIVE_RX_PKT] = "dlnk_kep_rx_pkt",
[STAT_DOWNLINK_KEEPALIVE_RX_B] = "dlnk_kep_rx_B",
[STAT_UPLINK_KEEPALIVE_RX_PKT] = "ulnk_kep_rx_pkt",
[STAT_UPLINK_KEEPALIVE_RX_B] = "ulnk_kep_rx_B",
[STAT_RAW_PKT_STEE_BLOCK_PKT] = "stee_block_pkt",
[STAT_RAW_PKT_STEE_BLOCK_B] = "stee_block_B",
// health check
[STAT_SF_ACTIVE_TIMES] = "sf_active",
[STAT_SF_INACTIVE_TIMES] = "sf_inactive",
[STAT_RAW_PKT_STEE_RX_PKT] = "stee_rx_pkt",
[STAT_RAW_PKT_STEE_RX_B] = "stee_rx_B",
// send log
[STAT_SEND_LOG] = "send_log",
[STAT_RAW_PKT_STEE_TX_PKT] = "stee_tx_pkt",
[STAT_RAW_PKT_STEE_TX_B] = "stee_tx_B",
[STAT_RAW_PKT_MISS_SESS_PKT] = "miss_sess_pkt",
[STAT_RAW_PKT_MISS_SESS_B] = "miss_sess_B",
[STAT_RAW_PKT_ERROR_BYPASS_PKT] = "err_bypass_pkt",
[STAT_RAW_PKT_ERROR_BYPASS_B] = "err_bypass_B",
[STAT_RAW_PKT_ERROR_BLOCK_PKT] = "err_block_pkt",
[STAT_RAW_PKT_ERROR_BLOCK_B] = "err_block_B",
[STAT_DEVICE_ENDPOINT_DROP_PKT] = "endp_drop_pkt",
[STAT_DEVICE_ENDPOINT_DROP_B] = "endp_drop_B",
// ctrl_pkt_metrics
[STAT_CTRL_PKT_RX_PKT] = "ctrl_rx_pkt",
[STAT_CTRL_PKT_RX_B] = "ctrl_rx_B",
[STAT_CTRL_PKT_TX_PKT] = "ctrl_tx_pkt",
[STAT_CTRL_PKT_TX_B] = "ctrl_tx_B",
[STAT_CTRL_PKT_OPENING] = "ctrl_opening",
[STAT_CTRL_PKT_ACTIVE] = "ctrl_active",
[STAT_CTRL_PKT_CLOSING] = "ctrl_closing",
[STAT_CTRL_PKT_RESETALL] = "ctrl_resetall",
[STAT_CTRL_PKT_ERROR] = "ctrl_error",
// sf_session_metrics
[STAT_SF_SESSION_NUM] = "session_num",
[STAT_SF_SESSION_LOG] = "session_logs",
// sf_status_metrics
[STAT_SF_STATUS_ACTIVE] = "sf_active",
[STAT_SF_STATUS_INACTIVE] = "sf_inactive",
[STAT_MAX] = NULL};
static void global_metrics_parse_config(const char *profile, struct global_metrics_config *config)
static void global_metrics_parse_config(const char *profile, struct metrics_config *config)
{
MESA_load_profile_string_def(profile, "STAT", "output_file", config->output_file, sizeof(config->output_file), "log/sce.fs2");
MESA_load_profile_string_def(profile, "STAT", "statsd_server", config->statsd_server, sizeof(config->statsd_server), "127.0.0.1");
@@ -231,73 +267,90 @@ void global_metrics_destory(struct global_metrics *metrics)
void global_metrics_dump(struct global_metrics *metrics)
{
// dev endpoint
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_rx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_TX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_tx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_TX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_tx.n_bytes), 0, __ATOMIC_RELAXED));
// device_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_NF_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.nf_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_NF_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.nf_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_ERR_DROP_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_err_drop.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_ENDPOINT_ERR_DROP_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->dev_endpoint_err_drop.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_NF_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.nf_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_NF_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.nf_tx.n_bytes)));
// dev nf interface
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_rx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_TX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_tx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_TX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_tx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_tx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERR_BYPASS_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_err_bypass.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERR_BYPASS_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->raw_pkt_err_bypass.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_DROP_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_drop.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DEVICE_ENDPOINT_DROP_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->device.endpoint_drop.n_bytes)));
// hit block policy
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_HIT_BLOCK_POLICY_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->hit_block_policy.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_HIT_BLOCK_POLICY_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->hit_block_policy.n_bytes), 0, __ATOMIC_RELAXED));
// raw_pkt_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_BYPASS_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_bypass.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_BYPASS_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_bypass.n_bytes)));
// hit bypass policy
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_HIT_BYPASS_POLICY_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->hit_bypass_policy.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_HIT_BYPASS_POLICY_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->hit_bypass_policy.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_BLOCK_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_block.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_BLOCK_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_block.n_bytes)));
// steering
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_STEERING_TX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->steering_tx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_STEERING_TX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->steering_tx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_RX_DROP_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_rx_drop.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_RX_DROP_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_rx_drop.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_STEERING_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->steering_rx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_STEERING_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->steering_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MIRR_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.mirr_tx.n_bytes)));
// mirroring
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_MIRRORING_TX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->mirroring_tx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_MIRRORING_TX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->mirroring_tx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_BYPASS_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_bypass.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_BYPASS_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_bypass.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_MIRRORING_RX_DROP_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->mirroring_rx_drop.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_MIRRORING_RX_DROP_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->mirroring_rx_drop.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_BLOCK_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_block.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_BLOCK_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_block.n_bytes)));
// keepalive packet
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DOWNLINK_KEEPALIVE_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->downlink_keepalive_pkt_rx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_DOWNLINK_KEEPALIVE_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->downlink_keepalive_pkt_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_UPLINK_KEEPALIVE_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->uplink_keepalive_pkt_rx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_UPLINK_KEEPALIVE_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->uplink_keepalive_pkt_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_rx.n_bytes)));
// control packet
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CONTROL_RX_PKT], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_rx.n_pkts), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CONTROL_RX_B], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_rx.n_bytes), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_STEE_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.stee_tx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_OPENING], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_opening_num), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_ACTIVE], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_active_num), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_CLOSING], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_closing_num), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_RESETALL], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_resetall_num), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_ERROR], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->ctrl_pkt_error_num), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MISS_SESS_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.miss_sess.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_MISS_SESS_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.miss_sess.n_bytes)));
// current session number
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CURRENT_SESSION_NUMS], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->session_nums), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERROR_BYPASS_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.error_bypass.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERROR_BYPASS_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.error_bypass.n_bytes)));
// health check
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_ACTIVE_TIMES], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->sf_active_times), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_INACTIVE_TIMES], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->sf_inactive_times), 0, __ATOMIC_RELAXED));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERROR_BLOCK_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.error_block.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_RAW_PKT_ERROR_BLOCK_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->raw_pkt.error_block.n_bytes)));
// send log
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SEND_LOG], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->send_log), 0, __ATOMIC_RELAXED));
// ctrl_pkt_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.tx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_OPENING], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.opening)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_ACTIVE], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.active)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_CLOSING], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.closing)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_RESETALL], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.resetall)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_CTRL_PKT_ERROR], 0, FS_OP_SET, ATOMIC_READ(&(metrics->ctrl_pkt.error)));
// keepalived_pkt_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_DOWN_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.downlink_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_DOWN_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.downlink_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_DOWN_TX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.downlink_tx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_DOWN_TX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.downlink_tx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_UP_RX_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.uplink_rx.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_UP_RX_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.uplink_rx.n_bytes)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_UP_TX_DROP_PKT], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.uplink_tx_drop.n_pkts)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_KEE_PKT_UP_TX_DROP_B], 0, FS_OP_SET, ATOMIC_READ(&(metrics->kee_pkt.uplink_tx_drop.n_bytes)));
// sf_status_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_STATUS_ACTIVE], 0, FS_OP_SET, ATOMIC_READ(&(metrics->sf_status.active)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_STATUS_INACTIVE], 0, FS_OP_SET, ATOMIC_READ(&(metrics->sf_status.inactive)));
// sf_session_metrics
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_SESSION_NUM], 0, FS_OP_SET, ATOMIC_READ(&(metrics->sf_session.num)));
FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_SESSION_LOG], 0, FS_OP_SET, ATOMIC_READ(&(metrics->sf_session.log)));
FS_passive_output(metrics->fs_handle);
}

25
platform/src/main.cpp
View File

@@ -37,21 +37,6 @@ static void sig_handler(int signo)
}
}
static int thread_set_affinity(int core_id)
{
int num_cores = sysconf(_SC_NPROCESSORS_ONLN);
if (core_id < 0 || core_id >= num_cores)
{
return EINVAL;
}
cpu_set_t cpuset;
CPU_ZERO(&cpuset);
CPU_SET(core_id, &cpuset);
return pthread_setaffinity_np(pthread_self(), sizeof(cpu_set_t), &cpuset);
}
static void *worker_thread_cycle(void *arg)
{
struct thread_ctx *thread_ctx = (struct thread_ctx *)arg;
@@ -78,8 +63,8 @@ static void *worker_thread_cycle(void *arg)
while (1)
{
n_pkt_recv_from_nf = packet_io_polling_nf_interface(handle, thread_ctx->thread_index, thread_ctx);
n_pkt_recv_from_endp = packet_io_polling_endpoint(handle, thread_ctx->thread_index, thread_ctx);
n_pkt_recv_from_nf = packet_io_thread_polling_nf(handle, thread_ctx);
n_pkt_recv_from_endp = packet_io_thread_polling_endpoint(handle, thread_ctx);
if (n_pkt_recv_from_nf == 0 && n_pkt_recv_from_endp == 0)
{
timeout_ms = sf_metrics_last_send_ts + sf_metrics_send_interval - timestamp_get_msec(ts);
@@ -91,10 +76,10 @@ static void *worker_thread_cycle(void *arg)
packet_io_thread_wait(handle, thread_ctx, timeout_ms);
}
if (__atomic_fetch_add(&thread_ctx->session_table_need_reset, 0, __ATOMIC_RELAXED) > 0)
if (ATOMIC_READ(&thread_ctx->session_table_need_reset) > 0)
{
session_table_reset(thread_ctx->session_table);
__atomic_fetch_and(&thread_ctx->session_table_need_reset, 0, __ATOMIC_RELAXED);
ATOMIC_ZERO(&thread_ctx->session_table_need_reset);
}
if (timestamp_get_msec(ts) - sf_metrics_last_send_ts >= sf_metrics_send_interval)
@@ -131,12 +116,12 @@ int main(int argc, char **argv)
return 0;
}
}
fprintf(stderr, "TSG Service Chaining Engine, Version: %s\n", __sce_version);
if (LOG_INIT("./conf/zlog.conf") == -1)
{
return -1;
}
LOG_ERROR("%s: TSG Service Chaining Engine, Version: %s Start ...", LOG_TAG_SCE, __sce_version);
if (signal(SIGHUP, sig_handler) == SIG_ERR)
{

2240
platform/src/packet_io.cpp
View File

File diff suppressed because it is too large Load Diff

510
platform/src/policy.cpp
View File

@@ -150,88 +150,14 @@ struct sf_param
* Private API
******************************************************************************/
static const char *traffic_type_to_string(enum traffic_type traffic_type)
static const char *admin_status_to_string(enum admin_status admin_status)
{
switch (traffic_type)
switch (admin_status)
{
case TRAFFIC_TYPE_NONE:
return "none";
case TRAFFIC_TYPE_RAW:
return "raw";
case TRAFFIC_TYPE_DECRYPTED:
return "decrypted";
default:
return "unknown";
}
}
static const char *forward_type_to_string(enum forward_type forward_type)
{
switch (forward_type)
{
case FORWARD_TYPE_NONE:
return "none";
case FORWARD_TYPE_STEERING:
return "steering";
case FORWARD_TYPE_MIRRORING:
return "mirroring";
default:
return "unknown";
}
}
static const char *session_action_to_string(enum session_action session_action)
{
switch (session_action)
{
case SESSION_ACTION_BYPASS:
return "bypass";
case SESSION_ACTION_FORWARD:
return "forward";
case SESSION_ACTION_BLOCK:
return "block";
default:
return "unknown";
}
}
const char *session_action_reason_to_string(enum session_action_reason session_action_reason)
{
switch (session_action_reason)
{
case ACTION_BYPASS_DUE_DEFAULT:
return "bypass_due_default";
case ACTION_BYPASS_DUE_HEALTH_SF_LIMIT:
return "bypass_due_health_sf_limit";
case ACTION_BYPASS_DUE_UNAVAILABLE_ACTION:
return "bypass_due_unavailable_action";
case ACTION_BYPASS_DUE_FAILURE_ACTION:
return "bypass_due_failure_action";
case ACTION_BYPASS_DUE_INVALID_POLICY:
return "bypass_due_invalid_policy";
case ACTION_BLOCK_DUE_UNAVAILABLE_ACTION:
return "block_due_unavailable_action";
case ACTION_BLOCK_DUE_FAILURE_ACTION:
return "block_due_failure_action";
case ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF:
return "forward_due_selected_available_sf";
default:
return "unknown";
}
}
static const char *package_method_to_string(enum package_method package_method)
{
switch (package_method)
{
case PACKAGE_METHOD_NONE:
return "none";
case PACKAGE_METHOD_LAYER2_SWITCH:
return "layer2_switch";
case PACKAGE_METHOD_LAYER3_SWITCH:
return "layer3_switch";
case PACKAGE_METHOD_VXLAN_G:
return "vxlan_g";
case ADMMIN_STATUS_ACTIVE:
return "active";
case ADMMIN_STATUS_INACTIVE:
return "inactive";
default:
return "unknown";
}
@@ -380,12 +306,10 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
}
if (strcasecmp(item->valuestring, "raw") == 0)
{
LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: raw", LOG_TAG_POLICY, param->policy_id);
param->traffic_type = TRAFFIC_TYPE_RAW;
}
else if (strcasecmp(item->valuestring, "decrypted") == 0)
{
LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: decrypted", LOG_TAG_POLICY, param->policy_id);
param->traffic_type = TRAFFIC_TYPE_DECRYPTED;
}
else
@@ -393,6 +317,7 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: %s", LOG_TAG_POLICY, param->policy_id, traffic_type_to_string(param->traffic_type));
// sff_profiles
item = cJSON_GetObjectItem(json, "sff_profiles");
@@ -525,16 +450,15 @@ static void sff_param_new_cb(int table_id, const char *key, const char *table_li
{
case 1:
param->sff_forward_type = FORWARD_TYPE_STEERING;
LOG_DEBUG("%s: parse sff profile: %d, type: steering", LOG_TAG_POLICY, param->sff_profile_id);
break;
case 2:
param->sff_forward_type = FORWARD_TYPE_MIRRORING;
LOG_DEBUG("%s: parse sff profile: %d, type: mirroring", LOG_TAG_POLICY, param->sff_profile_id);
break;
default:
LOG_ERROR("%s: unexpected sff profile: (invalid type param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
LOG_DEBUG("%s: parse sff profile: %d, type: %s", LOG_TAG_POLICY, param->sff_profile_id, forward_type_to_string(param->sff_forward_type));
// load_balance_method
if (0 == strcasecmp(load_balance_method, "hash-int-ip"))
@@ -762,16 +686,15 @@ static void sf_param_new_cb(int table_id, const char *key, const char *table_lin
{
case 1:
param->sf_admin_status = ADMMIN_STATUS_ACTIVE;
LOG_DEBUG("%s: parse sf profile: %d, admin_status: active", LOG_TAG_POLICY, param->sf_profile_id);
break;
case 0:
param->sf_admin_status = ADMMIN_STATUS_INACTIVE;
LOG_DEBUG("%s: parse sf profile: %d, admin_status: inactive", LOG_TAG_POLICY, param->sf_profile_id);
break;
default:
LOG_ERROR("%s: unexpected sf profile: (invalid admin_status param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
LOG_DEBUG("%s: parse sf profile: %d, admin_status: %s", LOG_TAG_POLICY, param->sf_profile_id, admin_status_to_string(param->sf_admin_status));
// connectivity
root1 = cJSON_Parse(connectivity);
@@ -804,7 +727,7 @@ static void sf_param_new_cb(int table_id, const char *key, const char *table_lin
LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->method param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, item->valuestring);
LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, package_method_to_string(param->sf_connectivity.method));
if (param->sf_connectivity.method == PACKAGE_METHOD_LAYER2_SWITCH || param->sf_connectivity.method == PACKAGE_METHOD_LAYER3_SWITCH)
{
@@ -979,7 +902,7 @@ static void sf_param_free(struct sf_param *param)
}
// After return must check array elem nums
static void select_sf_by_nearby_and_active(struct policy_enforcer *enforcer, struct sff_param *sff_param, struct fixed_num_array *array)
static void select_sf_by_nearby_and_adminstatus(struct policy_enforcer *enforcer, struct sff_param *sff_param, struct fixed_num_array *array)
{
char buffer[16];
struct sf_param *sf = NULL;
@@ -1019,14 +942,14 @@ static void select_sf_by_nearby_and_active(struct policy_enforcer *enforcer, str
// return : SESSION_ACTION_BYPASS, not care selected_sf_profile_id
// return : SESSION_ACTION_BLOCK, not care selected_sf_profile_id
// return : SESSION_ACTION_FORWARD, care selected_sf_profile_id
static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforcer *enforcer, struct sff_param *sff_param, struct fixed_num_array *array, int *selected_sf_profile_id, enum session_action_reason *sf_action_reason, char *sf_dst_mac, struct session_ctx *s_ctx)
static enum session_action select_sf_by_ldbc(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct sff_param *sff_param, struct selected_sf *sf, struct fixed_num_array *array, uint64_t hash)
{
struct thread_ctx *thread = (struct thread_ctx *)s_ctx->ref_thread_ctx;
struct global_metrics *g_metrics = thread->ref_metrics;
struct sf_param *sf = NULL;
struct sf_param *sf_param = NULL;
char buffer[16];
*selected_sf_profile_id = -1;
sf->sf_profile_id = -1;
int sf_profile_id = 0;
int sf_profile_index = 0;
int sf_profile_num = 0;
@@ -1041,28 +964,28 @@ static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforc
memset(&buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%u", sf_profile_id);
sf = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
if (sf == NULL)
sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
if (sf_param == NULL)
{
LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sf_profile_id);
fixed_num_array_del_elem(array, sf_profile_id);
continue;
}
health_check_session_id = sf->health_check_session_id;
sf_param_free(sf);
health_check_session_id = sf_param->health_check_session_id;
sf_param_free(sf_param);
memset(sf_dst_mac, 0, 32);
if (health_check_session_get_mac(health_check_session_id, sf_dst_mac) == 0)
memset(sf->sf_dst_mac, 0, 32);
if (health_check_session_get_mac(health_check_session_id, sf->sf_dst_mac) == 0)
{
__atomic_fetch_add(&g_metrics->sf_active_times, 1, __ATOMIC_RELAXED);
ATOMIC_INC(&(g_metrics->sf_status.active));
*selected_sf_profile_id = sf_profile_id;
*sf_action_reason = ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF;
sf->sf_profile_id = sf_profile_id;
sf->sf_action_reason = ACTION_FORWAED_DUE_SELECTED_SF;
return SESSION_ACTION_FORWARD;
}
else
{
__atomic_fetch_add(&g_metrics->sf_inactive_times, 1, __ATOMIC_RELAXED);
ATOMIC_INC(&(g_metrics->sf_status.inactive));
if (sff_param->sff_exception.fail_action == FAILURE_ACTION_RE_DISPATCH)
{
@@ -1071,7 +994,7 @@ static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforc
if (sff_param->sff_exception.health_service_func_lt > 0 && sf_profile_num < sff_param->sff_exception.health_service_func_lt)
{
*sf_action_reason = ACTION_BYPASS_DUE_HEALTH_SF_LIMIT;
sf->sf_action_reason = ACTION_BYPASS_DUE_HEALTH_SF_LIMIT;
return SESSION_ACTION_BYPASS;
}
else
@@ -1080,12 +1003,12 @@ static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforc
{
if (sff_param->sff_exception.unavail_action == UNAVAILABLE_ACTION_BYPASSS)
{
*sf_action_reason = ACTION_BYPASS_DUE_UNAVAILABLE_ACTION;
sf->sf_action_reason = ACTION_BYPASS_DUE_UNAVAILABLE_ACTION;
return SESSION_ACTION_BYPASS;
}
else
{
*sf_action_reason = ACTION_BLOCK_DUE_UNAVAILABLE_ACTION;
sf->sf_action_reason = ACTION_BLOCK_DUE_UNAVAILABLE_ACTION;
return SESSION_ACTION_BLOCK;
}
}
@@ -1097,20 +1020,20 @@ static enum session_action select_sf_by_ldbc(uint64_t hash, struct policy_enforc
}
else if (sff_param->sff_exception.fail_action == FAILURE_ACTION_BYPASS)
{
*selected_sf_profile_id = sf_profile_id;
*sf_action_reason = ACTION_BYPASS_DUE_FAILURE_ACTION;
sf->sf_profile_id = sf_profile_id;
sf->sf_action_reason = ACTION_BYPASS_DUE_FAILURE_ACTION;
return SESSION_ACTION_BYPASS;
}
else if (sff_param->sff_exception.fail_action == FAILURE_ACTION_BLOCK)
{
*selected_sf_profile_id = sf_profile_id;
*sf_action_reason = ACTION_BLOCK_DUE_FAILURE_ACTION;
sf->sf_profile_id = sf_profile_id;
sf->sf_action_reason = ACTION_BLOCK_DUE_FAILURE_ACTION;
return SESSION_ACTION_BLOCK;
}
}
};
*sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY;
sf->sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY;
return SESSION_ACTION_BYPASS;
}
@@ -1130,10 +1053,228 @@ static void selected_sf_init(struct selected_sf *item)
}
}
static void connectivity_copy(struct connectivity *dst, struct connectivity *src)
{
if (dst && src)
{
dst->method = src->method;
dst->int_vlan_tag = src->int_vlan_tag;
dst->ext_vlan_tag = src->ext_vlan_tag;
memcpy(dst->dest_ip, src->dest_ip, sizeof(dst->dest_ip));
}
}
/******************************************************************************
* Public API
******************************************************************************/
const char *traffic_type_to_string(enum traffic_type traffic_type)
{
switch (traffic_type)
{
case TRAFFIC_TYPE_NONE:
return "none";
case TRAFFIC_TYPE_RAW:
return "raw";
case TRAFFIC_TYPE_DECRYPTED:
return "decrypted";
default:
return "unknown";
}
}
const char *forward_type_to_string(enum forward_type forward_type)
{
switch (forward_type)
{
case FORWARD_TYPE_NONE:
return "none";
case FORWARD_TYPE_STEERING:
return "steering";
case FORWARD_TYPE_MIRRORING:
return "mirroring";
default:
return "unknown";
}
}
const char *session_action_to_string(enum session_action session_action)
{
switch (session_action)
{
case SESSION_ACTION_BYPASS:
return "bypass";
case SESSION_ACTION_FORWARD:
return "forward";
case SESSION_ACTION_BLOCK:
return "block";
default:
return "unknown";
}
}
const char *action_reason_to_string(enum action_reason action_reason)
{
switch (action_reason)
{
case ACTION_BYPASS_DUE_DEFAULT:
return "bypass_due_default";
case ACTION_BYPASS_DUE_HEALTH_SF_LIMIT:
return "bypass_due_health_sf_limit";
case ACTION_BYPASS_DUE_UNAVAILABLE_ACTION:
return "bypass_due_unavailable_action";
case ACTION_BYPASS_DUE_FAILURE_ACTION:
return "bypass_due_failure_action";
case ACTION_BYPASS_DUE_INVALID_POLICY:
return "bypass_due_invalid_policy";
case ACTION_BLOCK_DUE_UNAVAILABLE_ACTION:
return "block_due_unavailable_action";
case ACTION_BLOCK_DUE_FAILURE_ACTION:
return "block_due_failure_action";
case ACTION_FORWAED_DUE_SELECTED_SF:
return "forward_due_selected_sf";
default:
return "unknown";
}
}
const char *package_method_to_string(enum package_method package_method)
{
switch (package_method)
{
case PACKAGE_METHOD_NONE:
return "none";
case PACKAGE_METHOD_LAYER2_SWITCH:
return "layer2_switch";
case PACKAGE_METHOD_LAYER3_SWITCH:
return "layer3_switch";
case PACKAGE_METHOD_VXLAN_G:
return "vxlan_g";
default:
return "unknown";
}
}
// return NULL : error
// return !NULL : success
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr)
{
struct selected_chaining *chaining = (struct selected_chaining *)calloc(1, sizeof(struct selected_chaining));
assert(chaining);
chaining->chaining_used = 0;
chaining->chaining_size = chaining_size;
chaining->chaining = (struct selected_sf *)calloc(chaining->chaining_size, sizeof(struct selected_sf));
assert(chaining->chaining);
for (int i = 0; i < chaining->chaining_size; i++)
{
struct selected_sf *item = &(chaining->chaining[i]);
selected_sf_init(item);
}
chaining->session_id = session_id;
chaining->session_addr = session_addr;
return chaining;
}
void selected_chaining_destory(struct selected_chaining *chaining)
{
if (chaining)
{
if (chaining->chaining)
{
free(chaining->chaining);
chaining->chaining = NULL;
}
free(chaining);
chaining = NULL;
}
}
void selected_chaining_dump(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
LOG_DEBUG("%s: selected_chaining: NULL", LOG_TAG_POLICY);
return;
}
LOG_DEBUG("%s: session %lu %s selected_chaining->chaining_size : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, chaining->chaining_size);
LOG_DEBUG("%s: session %lu %s selected_chaining->chaining_used : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, chaining->chaining_used);
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->policy_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->policy_id);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_to_string(node->traffic_type));
// sff
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, forward_type_to_string(node->sff_forward_type));
// sf
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_profile_id);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_need_skip : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_need_skip);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, session_action_to_string(node->sf_action));
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action_reason : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, action_reason_to_string(node->sf_action_reason));
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->package_method : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, package_method_to_string(node->sf_connectivity.method));
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->int_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.int_vlan_tag);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->ext_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.ext_vlan_tag);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->dest_ip : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.dest_ip);
}
}
void selected_chaining_bref(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
return;
}
char buff[4096] = {0};
int buff_used = 0;
int buff_size = sizeof(buff);
buff_used += snprintf(buff + buff_used, buff_size - buff_used, "chaining_size:%d, chaining_used:%d, {", chaining->chaining_size, chaining->chaining_used);
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
if (buff_size - buff_used > 0)
{
if (i != 0)
{
buff_used += snprintf(buff + buff_used, buff_size - buff_used, ",");
}
buff_used += snprintf(buff + buff_used, buff_size - buff_used,
"\"node[%d]\":{\"skip\":%d,\"policy_id\":%d,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"traffic_type\":\"%s\",\"sff_forward_type\":\"%s\",\"sf_action\":\"%s\",\"reason\":\"%s\"}",
i, node->sf_need_skip, node->policy_id, node->sff_profile_id, node->sf_profile_id,
traffic_type_to_string(node->traffic_type), forward_type_to_string(node->sff_forward_type), session_action_to_string(node->sf_action), action_reason_to_string(node->sf_action_reason));
}
}
LOG_INFO("%s: session %lu %s selected_chaining_bref: %s}", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, buff);
}
void selected_chaining_uniq(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
return;
}
// Selected Service Chaining Before Unique : [1,2,3,1,2]
// Selected Service Chaining After Unique : [1,2,3]
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node_i = &(chaining->chaining[i]);
for (int j = 0; j < i; j++)
{
struct selected_sf *node_j = &(chaining->chaining[j]);
if (node_i->sf_profile_id == node_j->sf_profile_id)
{
node_i->sf_need_skip = 1;
break;
}
}
}
}
// return NULL : error
// return !NULL : success
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger)
@@ -1261,15 +1402,11 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer)
}
}
int policy_enforce_max_chaining_size(struct policy_enforcer *enforcer)
{
return enforcer->config.max_chaining_size;
}
// return 0 : success
// return -1 : error
int policy_enforcer_register(struct policy_enforcer *enforcer)
{
LOG_INFO("%s: register policy callback ...", LOG_TAG_POLICY);
enforcer->compile_table_id = Maat_table_register(enforcer->maat, "SERVICE_CHAINING_COMPILE");
if (enforcer->compile_table_id < 0)
{
@@ -1320,117 +1457,43 @@ int policy_enforcer_register(struct policy_enforcer *enforcer)
LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY);
return -1;
}
LOG_INFO("%s: register policy callback success", LOG_TAG_POLICY);
return 0;
}
// return NULL : error
// return !NULL : success
struct selected_chaining *selected_chaining_create(int chaining_size)
int policy_enforce_chaining_size(struct policy_enforcer *enforcer)
{
struct selected_chaining *chaining = (struct selected_chaining *)calloc(1, sizeof(struct selected_chaining));
assert(chaining);
chaining->chaining_used = 0;
chaining->chaining_size = chaining_size;
chaining->chaining = (struct selected_sf *)calloc(chaining->chaining_size, sizeof(struct selected_sf));
assert(chaining->chaining);
for (int i = 0; i < chaining->chaining_size; i++)
{
struct selected_sf *item = &(chaining->chaining[i]);
selected_sf_init(item);
}
return chaining;
return enforcer->config.max_chaining_size;
}
void selected_chaining_destory(struct selected_chaining *chaining)
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e)
{
if (chaining)
{
if (chaining->chaining)
{
free(chaining->chaining);
chaining->chaining = NULL;
}
free(chaining);
chaining = NULL;
}
}
void selected_chaining_dump(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
LOG_DEBUG("%s: selected_chaining: NULL", LOG_TAG_POLICY);
return;
}
LOG_DEBUG("%s: selected_chaining->chaining_size : %d", LOG_TAG_POLICY, chaining->chaining_size);
LOG_DEBUG("%s: selected_chaining->chaining_used : %d", LOG_TAG_POLICY, chaining->chaining_used);
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_DEBUG("%s: selected_chaining->node[%d]->policy_id : %d", LOG_TAG_POLICY, i, node->policy_id);
LOG_DEBUG("%s: selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, i, traffic_type_to_string(node->traffic_type));
// sff
LOG_DEBUG("%s: selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, i, node->sff_profile_id);
LOG_DEBUG("%s: selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, i, forward_type_to_string(node->sff_forward_type));
// sf
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_profile_id : %d", LOG_TAG_POLICY, i, node->sf_profile_id);
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_need_skip : %d", LOG_TAG_POLICY, i, node->sf_need_skip);
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_action : %s", LOG_TAG_POLICY, i, session_action_to_string(node->sf_action));
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_action_reason : %s", LOG_TAG_POLICY, i, session_action_reason_to_string(node->sf_action_reason));
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_connectivity->package_method : %s", LOG_TAG_POLICY, i, package_method_to_string(node->sf_connectivity.method));
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_connectivity->int_vlan_tag : %d", LOG_TAG_POLICY, i, node->sf_connectivity.int_vlan_tag);
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_connectivity->ext_vlan_tag : %d", LOG_TAG_POLICY, i, node->sf_connectivity.ext_vlan_tag);
LOG_DEBUG("%s: selected_chaining->node[%d]->sf_connectivity->dest_ip : %s", LOG_TAG_POLICY, i, node->sf_connectivity.dest_ip);
}
}
void selected_chaining_bref(struct selected_chaining *chaining)
{
if (chaining == NULL)
{
return;
}
char buff[4096] = {0};
int buff_used = 0;
int buff_size = sizeof(buff);
buff_used += snprintf(buff + buff_used, buff_size - buff_used, "chaining_size:%d, chaining_used:%d, {", chaining->chaining_size, chaining->chaining_used);
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
if (buff_size - buff_used > 0)
{
buff_used += snprintf(buff + buff_used, buff_size - buff_used, "\"node[%d]\":{\"skip\":%d,\"reason\":\"%s\",\"policy_id\":%d,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"sff_forward_type\":\"%s\"}, ", i, node->sf_need_skip, session_action_reason_to_string(node->sf_action_reason), node->policy_id, node->sff_profile_id, node->sf_profile_id, forward_type_to_string(node->sff_forward_type));
}
}
LOG_DEBUG("%s: selected_chaining_bref: %s}", LOG_TAG_POLICY, buff);
}
void policy_enforce_select_chaining(struct selected_chaining *chaining, struct policy_enforcer *enforcer, struct raw_pkt_parser *parser, int policy_id, int dir_is_internal, struct session_ctx *s_ctx)
{
struct thread_ctx *thread = (struct thread_ctx *)s_ctx->ref_thread_ctx;
struct global_metrics *g_metrics = thread->ref_metrics;
uint64_t hash_value = 0;
char buffer[16] = {0};
struct sf_param *sf_param = NULL;
struct sff_param *sff_param = NULL;
struct fixed_num_array array = {0};
struct chaining_param *chaining_param = NULL;
struct selected_chaining *chaining = NULL;
snprintf(buffer, sizeof(buffer), "%d", policy_id);
chaining_param = (struct chaining_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->compile_table_id, buffer);
if (chaining_param == NULL)
{
LOG_ERROR("%s: failed to get chaining parameter of policy %d", LOG_TAG_POLICY, policy_id);
LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %d", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, policy_id);
return;
}
LOG_DEBUG("%s: enforce chaining policy %d", LOG_TAG_POLICY, policy_id);
if (chaining_param->traffic_type == TRAFFIC_TYPE_RAW)
{
chaining = chainings->chaining_raw;
}
else
{
chaining = chainings->chaining_decrypted;
}
LOG_INFO("%s: session %lu %s enforce %s chaining policy %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), policy_id);
for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++)
{
@@ -1447,19 +1510,18 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
sff_param = (struct sff_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sff_table_id, buffer);
if (sff_param == NULL)
{
LOG_ERROR("%s: failed to get sff parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, item->sff_profile_id);
LOG_ERROR("%s: session %lu %s failed to get sff parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sff_profile_id);
item->sf_action = SESSION_ACTION_BYPASS;
item->sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY;
chaining->chaining_used++;
continue;
}
item->sff_forward_type = sff_param->sff_forward_type;
LOG_DEBUG("%s: chaining policy %d -> sff_profile %d sf_profile_ids_num %d (before filter nearby and active)", LOG_TAG_POLICY, policy_id, item->sff_profile_id, sff_param->sf_profile_ids_num);
memset(&array, 0, sizeof(array));
fixed_num_array_init(&array);
select_sf_by_nearby_and_active(enforcer, sff_param, &array);
LOG_DEBUG("%s: chaining policy %d -> sff_profile %d sf_profile_ids_num %d (after filter nearby and active)", LOG_TAG_POLICY, policy_id, item->sff_profile_id, fixed_num_array_count_elem(&array));
select_sf_by_nearby_and_adminstatus(enforcer, sff_param, &array);
LOG_DEBUG("%s: session %lu %s select sf from chaining policy %d sff_profile %d, sf_profile_num (before filter: %d -> filter nearby/admin_status: %d)", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, sff_param->sf_profile_ids_num, fixed_num_array_count_elem(&array));
if (fixed_num_array_count_elem(&array) == 0)
{
switch (sff_param->sff_exception.fail_action)
@@ -1485,15 +1547,14 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
}
break;
}
LOG_DEBUG("%s: chaining policy %d -> sff_profile %d, no sf available after filtering by 'nearby & active', %s", LOG_TAG_POLICY, policy_id, item->sff_profile_id, session_action_reason_to_string(item->sf_action_reason));
LOG_DEBUG("%s: session %lu %s select sf frome chaining policy %d sff_profile %d, no sf available after filtering by 'nearby & admin_status', %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, action_reason_to_string(item->sf_action_reason));
chaining->chaining_used++;
sff_param_free(sff_param);
continue;
}
hash_value = raw_packet_parser_get_hash_value(parser, sff_param->sff_ldbc.method, dir_is_internal);
item->sf_action = select_sf_by_ldbc(hash_value, enforcer, sff_param, &array, &(item->sf_profile_id), &(item->sf_action_reason), item->sf_dst_mac, s_ctx);
LOG_DEBUG("%s: chaining policy %d -> sff_profile %d sf_profile_ids_num %d (after filter ldbc)", LOG_TAG_POLICY, policy_id, item->sff_profile_id, fixed_num_array_count_elem(&array));
hash_value = raw_packet_parser_get_hash_value(parser, sff_param->sff_ldbc.method, dir_is_i2e);
item->sf_action = select_sf_by_ldbc(enforcer, s_ctx, sff_param, item, &array, hash_value);
if (item->sf_action != SESSION_ACTION_FORWARD)
{
chaining->chaining_used++;
@@ -1506,7 +1567,7 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
if (sf_param == NULL)
{
LOG_ERROR("%s: failed to get sf parameter of selected profile %d, bypass current sff !!!", LOG_TAG_POLICY, item->sf_profile_id);
LOG_ERROR("%s: session %lu %s failed to get sf parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sf_profile_id);
item->sf_action = SESSION_ACTION_BYPASS;
item->sf_action_reason = ACTION_BYPASS_DUE_INVALID_POLICY;
chaining->chaining_used++;
@@ -1514,33 +1575,14 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
continue;
}
item->sf_connectivity.method = sf_param->sf_connectivity.method;
item->sf_connectivity.int_vlan_tag = sf_param->sf_connectivity.int_vlan_tag;
item->sf_connectivity.ext_vlan_tag = sf_param->sf_connectivity.ext_vlan_tag;
memcpy(item->sf_connectivity.dest_ip, sf_param->sf_connectivity.dest_ip, strlen(sf_param->sf_connectivity.dest_ip));
connectivity_copy(&item->sf_connectivity, &sf_param->sf_connectivity);
memcpy(item->sf_dst_ip, sf_param->sf_connectivity.dest_ip, strlen(sf_param->sf_connectivity.dest_ip));
chaining->chaining_used++;
sf_param_free(sf_param);
sff_param_free(sff_param);
}
// Selected Service Chaining Before Unique : [1,2,3,1,2]
// Selected Service Chaining After Unique : [1,2,3]
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node_i = &(chaining->chaining[i]);
for (int j = 0; j < i; j++)
{
struct selected_sf *node_j = &(chaining->chaining[j]);
if (node_i->sf_profile_id == node_j->sf_profile_id)
{
node_i->sf_need_skip = 1;
break;
}
}
}
selected_chaining_uniq(chaining);
chaining_param_free(chaining_param);
}

197
platform/src/sce.cpp
View File

@@ -6,107 +6,194 @@
#include "global_metrics.h"
/******************************************************************************
* session_ctx
* Struct Metadata
******************************************************************************/
struct session_ctx *session_ctx_new()
struct metadata *metadata_new()
{
struct session_ctx *ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
assert(ctx != NULL);
return ctx;
struct metadata *meta = (struct metadata *)calloc(1, sizeof(struct metadata));
return meta;
}
void session_ctx_free(struct session_ctx *ctx)
int metadata_is_empty(struct metadata *meta)
{
if (ctx)
if (meta->write_ref == 0)
{
if (ctx->first_ctrl_pkt.addr_string)
return 1;
}
else
{
free(ctx->first_ctrl_pkt.addr_string);
ctx->first_ctrl_pkt.addr_string = NULL;
return 0;
}
}
void metadata_deep_copy(struct metadata *dst, struct metadata *src)
{
dst->write_ref++;
dst->session_id = src->session_id;
dst->raw_data = strndup(src->raw_data, src->raw_len);
dst->raw_len = src->raw_len;
dst->l7offset = src->l7offset;
dst->is_e2i_dir = src->is_e2i_dir;
dst->is_ctrl_pkt = src->is_ctrl_pkt;
dst->is_decrypted = src->is_decrypted;
sids_copy(&dst->sids, &src->sids);
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
}
void metadata_shadow_copy(struct metadata *dst, struct metadata *src)
{
dst->write_ref++;
dst->session_id = src->session_id;
dst->raw_data = src->raw_data;
dst->raw_len = src->raw_len;
dst->l7offset = src->l7offset;
dst->is_e2i_dir = src->is_e2i_dir;
dst->is_ctrl_pkt = src->is_ctrl_pkt;
dst->is_decrypted = src->is_decrypted;
sids_copy(&dst->sids, &src->sids);
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
}
void metadata_free(struct metadata *meta)
{
if (meta)
{
if (meta->raw_data)
{
free(meta->raw_data);
meta->raw_data = NULL;
}
if (ctx->first_ctrl_pkt.header_data)
{
free(ctx->first_ctrl_pkt.header_data);
ctx->first_ctrl_pkt.header_data = NULL;
}
if (ctx->chaining)
{
selected_chaining_destory(ctx->chaining);
ctx->chaining = NULL;
}
free(ctx);
ctx = 0;
free(meta);
meta = NULL;
}
}
/******************************************************************************
* sce_ctx
* Struct Session Ctx
******************************************************************************/
struct session_ctx *session_ctx_new()
{
struct session_ctx *session_ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
assert(session_ctx != NULL);
fixed_num_array_init(&session_ctx->policy_ids);
session_ctx->raw_meta_i2e = metadata_new();
session_ctx->raw_meta_e2i = metadata_new();
session_ctx->ctrl_meta = metadata_new();
return session_ctx;
}
void session_ctx_free(struct session_ctx *session_ctx)
{
if (session_ctx)
{
if (session_ctx->raw_meta_i2e)
{
metadata_free(session_ctx->raw_meta_i2e);
session_ctx->raw_meta_i2e = NULL;
}
if (session_ctx->raw_meta_e2i)
{
metadata_free(session_ctx->raw_meta_e2i);
session_ctx->raw_meta_e2i = NULL;
}
if (session_ctx->ctrl_meta)
{
metadata_free(session_ctx->ctrl_meta);
session_ctx->ctrl_meta = NULL;
}
if (session_ctx->chainings.chaining_raw)
{
selected_chaining_destory(session_ctx->chainings.chaining_raw);
session_ctx->chainings.chaining_raw = NULL;
}
if (session_ctx->chainings.chaining_decrypted)
{
selected_chaining_destory(session_ctx->chainings.chaining_decrypted);
session_ctx->chainings.chaining_decrypted = NULL;
}
free(session_ctx);
session_ctx = 0;
}
}
/******************************************************************************
* Struct SCE Ctx
******************************************************************************/
struct sce_ctx *sce_ctx_create(const char *profile)
{
struct sce_ctx *ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx));
struct sce_ctx *sce_ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx));
MESA_load_profile_int_def(profile, "system", "enable_debug", (int *)&(ctx->enable_debug), 0);
MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(ctx->firewall_sids), 1001);
MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(ctx->nr_worker_threads), 8);
MESA_load_profile_uint_range(profile, "system", "cpu_affinity_mask", MAX_THREAD_NUM, (unsigned int *)ctx->cpu_affinity_mask);
MESA_load_profile_int_def(profile, "system", "ts_update_interval_ms", (int *)&(ctx->ts_update_interval_ms), 1);
ctx->nr_worker_threads = MIN(ctx->nr_worker_threads, MAX_THREAD_NUM);
MESA_load_profile_int_def(profile, "system", "enable_debug", (int *)&(sce_ctx->enable_debug), 0);
MESA_load_profile_int_def(profile, "system", "enable_send_log", (int *)&(sce_ctx->enable_send_log), 0);
MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(sce_ctx->firewall_sids), 1001);
MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(sce_ctx->nr_worker_threads), 8);
MESA_load_profile_uint_range(profile, "system", "cpu_affinity_mask", MAX_THREAD_NUM, (unsigned int *)sce_ctx->cpu_affinity_mask);
MESA_load_profile_int_def(profile, "system", "ts_update_interval_ms", (int *)&(sce_ctx->ts_update_interval_ms), 1);
CPU_ZERO(&ctx->coremask);
for (int i = 0; i < ctx->nr_worker_threads; i++)
sce_ctx->nr_worker_threads = MIN(sce_ctx->nr_worker_threads, MAX_THREAD_NUM);
CPU_ZERO(&sce_ctx->coremask);
for (int i = 0; i < sce_ctx->nr_worker_threads; i++)
{
int cpu_id = ctx->cpu_affinity_mask[i];
CPU_SET(cpu_id, &ctx->coremask);
int cpu_id = sce_ctx->cpu_affinity_mask[i];
CPU_SET(cpu_id, &sce_ctx->coremask);
}
ctx->ts = timestamp_new(ctx->ts_update_interval_ms);
ctx->io = packet_io_create(profile, ctx->nr_worker_threads, &ctx->coremask);
if (ctx->io == NULL)
sce_ctx->ts = timestamp_new(sce_ctx->ts_update_interval_ms);
sce_ctx->metrics = global_metrics_create(profile);
if (sce_ctx->metrics == NULL)
{
goto error_out;
}
ctx->metrics = global_metrics_create(profile);
if (ctx->metrics == NULL)
sce_ctx->enforcer = policy_enforcer_create("SCE", profile, sce_ctx->nr_worker_threads, NULL);
if (sce_ctx->enforcer == NULL)
{
goto error_out;
}
ctx->enforcer = policy_enforcer_create("SCE", profile, ctx->nr_worker_threads, NULL);
if (ctx->enforcer == NULL)
if (policy_enforcer_register(sce_ctx->enforcer) == -1)
{
goto error_out;
}
if (policy_enforcer_register(ctx->enforcer) == -1)
sce_ctx->io = packet_io_create(profile, sce_ctx->nr_worker_threads, &sce_ctx->coremask);
if (sce_ctx->io == NULL)
{
goto error_out;
}
return ctx;
return sce_ctx;
error_out:
sce_ctx_destory(ctx);
sce_ctx_destory(sce_ctx);
return NULL;
}
void sce_ctx_destory(struct sce_ctx *ctx)
void sce_ctx_destory(struct sce_ctx *sce_ctx)
{
if (ctx)
if (sce_ctx)
{
policy_enforcer_destory(ctx->enforcer);
global_metrics_destory(ctx->metrics);
packet_io_destory(ctx->io);
timestamp_free(ctx->ts);
packet_io_destory(sce_ctx->io);
policy_enforcer_destory(sce_ctx->enforcer);
global_metrics_destory(sce_ctx->metrics);
timestamp_free(sce_ctx->ts);
free(ctx);
ctx = NULL;
free(sce_ctx);
sce_ctx = NULL;
}
}

15
platform/src/sf_status.cpp
View File

@@ -104,7 +104,7 @@ struct sf_status *sf_status_create(const char *profile)
void sf_status_reset(struct sf_status *handle)
{
if (handle->config.enable == 0)
if (handle == NULL || handle->config.enable == 0)
{
return;
}
@@ -125,7 +125,7 @@ void sf_status_reset(struct sf_status *handle)
void sf_status_delete(struct sf_status *handle, int sf_profile_id)
{
if (handle->config.enable == 0)
if (handle == NULL || handle->config.enable == 0)
{
return;
}
@@ -146,7 +146,7 @@ void sf_status_delete(struct sf_status *handle, int sf_profile_id)
void sf_status_update(struct sf_status *handle, int sf_profile_id, int sf_status, int sf_latency)
{
if (handle->config.enable == 0)
if (handle == NULL || handle->config.enable == 0)
{
return;
}
@@ -185,7 +185,7 @@ void sf_status_send(struct sf_status *handle)
struct node *temp = NULL;
struct node *node = NULL;
if (handle->config.enable == 0)
if (handle == NULL || handle->config.enable == 0)
{
return;
}
@@ -203,5 +203,12 @@ void sf_status_send(struct sf_status *handle)
int sf_status_get_interval(struct sf_status *handle)
{
if (handle == NULL)
{
return 0;
}
else
{
return handle->config.interval_s;
}
}

28
platform/test/gtest_policy.cpp
View File

@@ -18,7 +18,7 @@ TEST(POLICY, SELECTED_CHAINING_LIFE_CYCLE)
{
struct selected_chaining *chaining = NULL;
chaining = selected_chaining_create(128);
chaining = selected_chaining_create(128, 0, NULL);
EXPECT_TRUE(chaining != nullptr);
selected_chaining_destory(chaining);
@@ -45,16 +45,22 @@ TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_internal = 1;
struct selected_chaining *chaining = selected_chaining_create(64);
EXPECT_TRUE(chaining != nullptr);
policy_enforce_select_chaining(chaining, enforcer, &handler, 1, dir_is_internal, &s_ctx);
policy_enforce_select_chaining(chaining, enforcer, &handler, 2, dir_is_internal, &s_ctx);
policy_enforce_select_chaining(chaining, enforcer, &handler, 11, dir_is_internal, &s_ctx);
policy_enforce_select_chaining(chaining, enforcer, &handler, 12, dir_is_internal, &s_ctx);
selected_chaining_dump(chaining);
selected_chaining_bref(chaining);
selected_chaining_destory(chaining);
int dir_is_i2e = 1;
struct selected_chainings chainings;
chainings.chaining_raw = selected_chaining_create(64, 0, NULL);
chainings.chaining_decrypted = selected_chaining_create(64, 0, NULL);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
selected_chaining_dump(chainings.chaining_raw);
selected_chaining_bref(chainings.chaining_raw);
selected_chaining_destory(chainings.chaining_raw);
selected_chaining_dump(chainings.chaining_decrypted);
selected_chaining_bref(chainings.chaining_decrypted);
selected_chaining_destory(chainings.chaining_decrypted);
printf("Before Sleep\n");
sleep(15);