TSG-13500 tsg-service-chaining-engine扫描策略

2023-02-06 10:34:23 +08:00
parent 72ba473aa5
commit 450d9ab0f2
23 changed files with 2253 additions and 11 deletions
--- a/platform/CMakeLists.txt
+++ b/platform/CMakeLists.txt
@@ -1,11 +1,14 @@
-add_executable(sce src/main.cpp src/policy.cpp)
+add_library(platform src/policy.cpp src/health_check.cpp)
+target_link_libraries(platform PUBLIC common)
+target_link_libraries(platform PUBLIC pthread)
+target_link_libraries(platform PUBLIC MESA_handle_logger)
+target_link_libraries(platform PUBLIC MESA_prof_load)
+target_link_libraries(platform PUBLIC maatframe)
+target_link_libraries(platform PUBLIC cjson)
+target_include_directories(platform PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include/)

-target_include_directories(sce PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include/)
-target_link_libraries(sce PUBLIC common)
-target_link_libraries(sce PUBLIC pthread)
-target_link_libraries(sce PUBLIC MESA_handle_logger)
-target_link_libraries(sce PUBLIC MESA_prof_load)
-target_link_libraries(sce PUBLIC maatframe)
-target_link_libraries(sce PUBLIC cjson)
+add_executable(sce src/main.cpp)
+target_link_libraries(sce PUBLIC platform)
+install(TARGETS sce RUNTIME DESTINATION bin COMPONENT Program)

-install(TARGETS sce RUNTIME DESTINATION bin COMPONENT Program)
+add_subdirectory(test)
--- a/platform/include/health_check.h
+++ b/platform/include/health_check.h
@@ -0,0 +1,37 @@
+#ifndef _HEALTH_CHECK_H
+#define _HEALTH_CHECK_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include "policy.h"
+
+void health_check_session_init();
+
+// return  0 : success
+// return -1 : key exist
+// struct health_check *policy : need deep copy
+int health_check_session_add(int session_id, const struct health_check *policy);
+
+// return  0 : success
+// return -1 : key not exist
+int health_check_session_del(int session_id);
+
+// return  1 : active
+// return  0 : inactive
+// return -1 : key not exist
+int health_check_session_get_status(int session_id);
+
+// return  0 : success
+// return -1 : key not exist
+int health_check_session_set_status(int session_id, int is_active);
+
+void health_check_session_foreach();
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/platform/include/policy.h
+++ b/platform/include/policy.h
@@ -0,0 +1,125 @@
+#ifndef _POLICY_H
+#define _POLICY_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include "raw_packet.h"
+
+enum traffic_type
+{
+	TRAFFIC_TYPE_NONE = 0,
+	TRAFFIC_TYPE_RAW = 1,
+	TRAFFIC_TYPE_DECRYPTED = 2,
+};
+
+enum forward_type
+{
+	FORWARD_TYPE_NONE = 0,
+	FORWARD_TYPE_STEERING = 1,
+	FORWARD_TYPE_MIRRORING = 2,
+};
+
+enum session_action
+{
+	SESSION_ACTION_BYPASS = 0,
+	SESSION_ACTION_FORWARD = 1,
+	SESSION_ACTION_BLOCK = 2,
+};
+
+enum session_action_reason
+{
+	ACTION_BYPASS_DUE_DEFAULT = 0x00,
+
+	ACTION_BYPASS_DUE_NO_AVAILABLE_SF = 0x11,
+	ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x12,
+	ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x13,
+	ACTION_BYPASS_DUE_FAILURE_ACTION = 0x14,
+	ACTION_BYPASS_DUE_INVALID_POLICY = 0x15,
+
+	ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x21,
+	ACTION_BLOCK_DUE_FAILURE_ACTION = 0x22,
+
+	ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF = 0x31,
+};
+
+enum package_method
+{
+	PACKAGE_METHOD_NONE = 0,
+	PACKAGE_METHOD_LAYER2_SWITCH = 1,
+	PACKAGE_METHOD_LAYER3_SWITCH = 2,
+	PACKAGE_METHOD_VXLAN_G = 3,
+};
+
+enum health_check_method
+{
+	HEALTH_CHECK_METHOD_NONE = 0,
+	HEALTH_CHECK_METHOD_IN_BAND_BFD = 1,
+	HEALTH_CHECK_METHOD_BFD = 2,
+	HEALTH_CHECK_METHOD_HTTP = 3,
+};
+
+struct health_check
+{
+	enum health_check_method method;
+
+	char url[128];
+	char address[64];
+	int port;
+	int retires;
+	int interval_ms;
+};
+
+struct connectivity
+{
+	enum package_method method;
+	int int_vlan_tag;
+	int ext_vlan_tag;
+	char dest_ip[64];
+};
+
+struct selected_sf
+{
+	int sff_profile_id;
+	enum forward_type sff_forward_type;
+
+	int sf_profile_id;
+	enum session_action sf_action;
+	enum session_action_reason sf_action_reason;
+	struct connectivity sf_connectivity;
+};
+
+struct selected_chaining
+{
+	int policy_id;
+	enum traffic_type traffic_type;
+
+	struct selected_sf *chaining;
+	int chaining_size;
+	int chaining_index;
+};
+
+// return  NULL : error
+// return !NULL : success
+struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger);
+void policy_enforcer_destory(struct policy_enforcer *enforcer);
+
+// return  0 : success
+// return -1 : error
+int policy_enforcer_register(struct policy_enforcer *enforcer);
+
+struct selected_chaining *selected_chaining_create(int chaining_size);
+void selected_chaining_destory(struct selected_chaining *chaining);
+void selected_chaining_dump(struct selected_chaining *chaining);
+void selected_chaining_bref(struct selected_chaining *chaining);
+
+// return value need be free by selected_chaining_destory()
+struct selected_chaining *policy_enforce_select_chaining(struct policy_enforcer *enforcer, struct raw_pkt_parser *parser, int policy_id, int dir_is_internal);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif
--- a/platform/src/health_check.cpp
+++ b/platform/src/health_check.cpp
@@ -0,0 +1,65 @@
+#include <string.h>
+
+#include "health_check.h"
+
+struct session_table
+{
+    // rwlock ???;
+    // handler;
+};
+
+static struct session_table g_handle;
+
+struct session_iterm
+{
+    int session_id; // key
+
+    struct health_check policy; // value1: deep copy
+    int is_active;                     // value2
+};
+
+void health_check_session_init()
+{
+    memset(&g_handle, 0, sizeof(g_handle));
+
+    // TODO
+}
+
+// return  0 : success
+// return -1 : key exist
+// struct health_check *policy : need deep copy
+int health_check_session_add(int session_id, const struct health_check *policy)
+{
+    // TODO
+    return 0;
+}
+
+// return  0 : success
+// return -1 : key not exist
+int health_check_session_del(int session_id)
+{
+    // TODO
+    return 0;
+}
+
+// return  1 : active
+// return  0 : inactive
+// return -1 : key not exist
+int health_check_session_get_status(int session_id)
+{
+    // TODO
+    return 1;
+}
+
+// return  0 : success
+// return -1 : key not exist
+int health_check_session_set_status(int session_id, int is_active)
+{
+    // TODO
+    return 0;
+}
+
+void health_check_session_foreach()
+{
+    // TODO
+}
--- a/platform/src/policy.cpp
+++ b/platform/src/policy.cpp
--- a/platform/test/CMakeLists.txt
+++ b/platform/test/CMakeLists.txt
@@ -0,0 +1,17 @@
+###############################################################################
+# gtest_policy
+###############################################################################
+
+add_executable(gtest_policy gtest_policy.cpp)
+target_include_directories(gtest_policy PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
+target_include_directories(gtest_policy PUBLIC ${CMAKE_SOURCE_DIR}/platform/include)
+target_link_libraries(gtest_policy common platform gtest)
+
+###############################################################################
+# gtest_discover_tests
+###############################################################################
+
+include(GoogleTest)
+gtest_discover_tests(gtest_policy)
+
+file(COPY ./test_resource/ DESTINATION ./test_resource/)
--- a/platform/test/gtest_policy.cpp
+++ b/platform/test/gtest_policy.cpp
@@ -0,0 +1,54 @@
+#include <gtest/gtest.h>
+
+#include "policy.h"
+#include "raw_packet.h"
+
+unsigned char data1[] = {
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xa4, 0xc6, 0x4f, 0x3b, 0xb3, 0x9a, 0x81, 0x00, 0x66, 0x58, 0x81, 0x00, 0x61, 0xf9, 0x08, 0x00, 0x45, 0xb8, 0x00, 0x94,
+	0xe8, 0x58, 0x00, 0x00, 0xff, 0x04, 0x11, 0x48, 0x45, 0x43, 0x23, 0x92, 0x29, 0xca, 0x2e, 0x6e, 0x45, 0xb8, 0x00, 0x80, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x11,
+	0xde, 0x84, 0x0a, 0x0a, 0x64, 0x19, 0x0a, 0x0a, 0x65, 0x02, 0xf3, 0x9f, 0x42, 0x68, 0x00, 0x6c, 0x4b, 0x9a, 0x00, 0x02, 0x00, 0x00, 0x04, 0x73, 0x6c, 0x10,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+	0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+	0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+	0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd};
+
+TEST(POLICY, SELECTED_CHAINING_LIFE_CYCLE)
+{
+	struct selected_chaining *chaining = NULL;
+
+	chaining = selected_chaining_create(128);
+	EXPECT_TRUE(chaining != nullptr);
+
+	selected_chaining_destory(chaining);
+}
+
+TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
+{
+	struct raw_pkt_parser *parser = raw_packet_parser_create(LAYER_TYPE_ALL, 8);
+	EXPECT_TRUE(parser != nullptr);
+	const void *payload = raw_packet_parser_parse(parser, (const void *)data1, sizeof(data1));
+	EXPECT_TRUE(payload != nullptr);
+	EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
+
+	const char *profile = "./test_resource/sce.conf";
+	struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
+	EXPECT_TRUE(enforcer != nullptr);
+	EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
+
+	int policy_id = 2;
+	int dir_is_internal = 1;
+	struct selected_chaining *chaining = policy_enforce_select_chaining(enforcer, parser, policy_id, dir_is_internal);
+	EXPECT_TRUE(chaining != nullptr);
+	selected_chaining_dump(chaining);
+	selected_chaining_bref(chaining);
+
+	selected_chaining_destory(chaining);
+	policy_enforcer_destory(enforcer);
+	raw_packet_parser_destory(parser);
+}
+
+int main(int argc, char **argv)
+{
+	::testing::InitGoogleTest(&argc, argv);
+	return RUN_ALL_TESTS();
+}
--- a/platform/test/test_resource/sce.conf
+++ b/platform/test/test_resource/sce.conf
@@ -0,0 +1,21 @@
+[system]
+nr_worker_threads=8
+
+[maat]
+# 0:json 1:redis 2:iris
+input_mode=0
+stat_switch=1
+perf_switch=1
+scan_detail=0
+deferred_load=0
+effect_interval_ms=1000
+stat_file=./sce.fs2
+table_info=test_resource/table_info.conf
+accept_path=/opt/tsg/etc/tsg_device_tag.json
+inc_cfg_dir=test_resource/inc/
+ful_cfg_dir=test_resource/ful/
+json_cfg_file=test_resource/sce.json
+foreign_cont_dir=test_resource/foreign_files
+redis_db_idx=0
+redis_server=127.0.0.1
+redis_port_range=6379
--- a/platform/test/test_resource/sce.json
+++ b/platform/test/test_resource/sce.json
@@ -0,0 +1,41 @@
+{
+    "plugin_table": [
+        {
+            "table_name": "SERVICE_FUNCTION_PROFILE",
+            "table_content": [
+                "1\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"none\"}\t1",
+                "2\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"bfd\",\"address\":\"1.2.3.4\",\"port\":\"10000\",\"interval_ms\":100,\"retires\":5}\t1",
+                "3\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"in_band_bfd\",\"address\":\"1.2.3.4\",\"port\":\"10000\",\"interval_ms\":100,\"retires\":5}\t1",
+                "4\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"http\",\"url\":\"http://192.168.100.1:8080/health_check.index\",\"interval_ms\":100,\"retires\":5}\t1",
+                "5\tdevice_group_a\t1\t{\"method\":\"layer2_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
+                "6\tdevice_group_a\t1\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
+                "7\tdevice_group_a\t0\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
+                "8\tdevice_group_b\t0\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1"
+            ]
+        },
+        {
+            "table_name": "SERVICE_FUNCTION_FORWARDER_PROFILE",
+            "table_content": [
+                "1\t1\thash-int-ip\tnearby\tbypass\tnull\t[1]\t1",
+                "2\t1\thash-int-ip\tnearby\tbypass\tnull\t[1,2,3,4,5,6,7,8]\t1",
+                "3\t1\thash-int-ip\tnearby\tblock\tnull\t[1]\t1",
+                "4\t1\thash-int-ip\tnearby\tre-dispatch\t{\"action\":\"bypass\",\"health_service_func_lt\":2}\t[1,2,3]\t1",
+                "5\t1\thash-int-ip\tnearby\tre-dispatch\t{\"action\":\"block\"}\t[1,2,3]\t1",
+                "6\t1\thash-int-ip\tglobal\tblock\tnull\t[1]\t1",
+                "7\t1\thash-ext-ip\tglobal\tblock\tnull\t[1]\t1",
+                "8\t1\thash-int-ip-and-ext-ip\tglobal\tblock\tnull\t[1]\t1",
+                "9\t1\thash-innermost-int-ip\tglobal\tblock\tnull\t[1]\t1",
+                "10\t2\thash-innermost-int-ip\tglobal\tblock\tnull\t[1]\t1"
+            ]
+        },
+        {
+            "table_name": "SERVICE_CHAINING_COMPILE",
+            "table_content": [
+                "1\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"raw\",\"sff_profiles\":[1]}\t1\t2",
+                "2\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"raw\",\"sff_profiles\":[1,2,3,4,5,6,7,8,9,10]}\t1\t2",
+                "11\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"decrypted\",\"sff_profiles\":[1]}\t1\t2",
+                "12\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"decrypted\",\"sff_profiles\":[1,2,3,4,5,6,7,8,9,10]}\t1\t2"
+            ]
+        }
+    ]
+}
--- a/platform/test/test_resource/table_info.conf
+++ b/platform/test/test_resource/table_info.conf
@@ -0,0 +1,3 @@
+0	SERVICE_CHAINING_COMPILE	plugin	{"key":1,"valid":8}
+1	SERVICE_FUNCTION_FORWARDER_PROFILE	plugin	{"key":1,"valid":8}
+2	SERVICE_FUNCTION_PROFILE	plugin	{"key":1,"valid":6}