gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

当两个流session id冲突时执行bypass

Browse Source
This commit is contained in:
luwenpeng
2023-03-09 21:00:59 +08:00
parent f380261916
commit 4bdad6f429
4 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
conf/sce.conf
View File

@@ -3,6 +3,7 @@ nr_worker_threads=8
enable_cpu_affinity=1 enable_cpu_affinity=1
cpu_affinity_mask=2,3,4-9 cpu_affinity_mask=2,3,4-9
firewall_sids=1001 firewall_sids=1001
enable_debug=0
# Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally # Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally
disable_coredump=0 disable_coredump=0

1
platform/include/sce.h
View File

@@ -74,6 +74,7 @@ void session_ctx_free(struct session_ctx *ctx);
struct sce_ctx struct sce_ctx
{ {
int enable_debug;
int firewall_sids; int firewall_sids;
int nr_worker_threads; int nr_worker_threads;
int enable_cpu_affinity; int enable_cpu_affinity;

31
platform/src/packet_io.cpp
View File

@@ -631,6 +631,7 @@ static int handle_control_packet(struct packet_io *handle, marsio_buff_t *rx_buf
{ {
struct thread_ctx *thread = (struct thread_ctx *)ctx; struct thread_ctx *thread = (struct thread_ctx *)ctx;
struct global_metrics *g_metrics = thread->ref_metrics; struct global_metrics *g_metrics = thread->ref_metrics;
struct sce_ctx *sce_ctx = thread->ref_sce_ctx;
struct metadata meta; struct metadata meta;
if (packet_io_get_metadata(rx_buff, &meta) == -1) if (packet_io_get_metadata(rx_buff, &meta) == -1)
@@ -657,7 +658,10 @@ static int handle_control_packet(struct packet_io *handle, marsio_buff_t *rx_buf
return -1; return -1;
} }
LOG_INFO("%s: recv control packet, session %lu %s", LOG_TAG_PKTIO, ctrl_parser.session_id, session_state_to_string(ctrl_parser.state)); if (sce_ctx->enable_debug)
{
LOG_INFO("%s: recv control packet, session %lu %s", LOG_TAG_PKTIO, ctrl_parser.session_id, session_state_to_string(ctrl_parser.state));
}
switch (ctrl_parser.state) switch (ctrl_parser.state)
{ {
@@ -691,6 +695,7 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
int nsend = 0; int nsend = 0;
struct thread_ctx *thread = (struct thread_ctx *)ctx; struct thread_ctx *thread = (struct thread_ctx *)ctx;
struct global_metrics *g_metrics = thread->ref_metrics; struct global_metrics *g_metrics = thread->ref_metrics;
struct sce_ctx *sce_ctx = thread->ref_sce_ctx;
int raw_len = marsio_buff_datalen(rx_buff); int raw_len = marsio_buff_datalen(rx_buff);
*action_bytes = 0; *action_bytes = 0;
@@ -713,9 +718,31 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
*action_bytes = raw_len; *action_bytes = raw_len;
return RAW_PKT_ERR_BYPASS; return RAW_PKT_ERR_BYPASS;
} }
struct session_ctx *s_ctx = (struct session_ctx *)node->val_data;
if (sce_ctx->enable_debug)
{
struct addr_tuple4 inner_addr;
struct addr_tuple4 reverse_addr;
struct raw_pkt_parser raw_parser;
memset(&inner_addr, 0, sizeof(struct addr_tuple4));
memset(&reverse_addr, 0, sizeof(struct addr_tuple4));
raw_packet_parser_init(&raw_parser, 0, LAYER_TYPE_ALL, 8);
raw_packet_parser_parse(&raw_parser, (const void *)meta.raw_data, meta.raw_len);
raw_packet_parser_get_most_inner_tuple4(&raw_parser, &inner_addr);
addr_tuple4_reverse(&inner_addr, &reverse_addr);
if (memcmp(&s_ctx->first_ctrl_pkt.tuple4, &inner_addr, sizeof(struct addr_tuple4)) != 0 && memcmp(&s_ctx->first_ctrl_pkt.tuple4, &reverse_addr, sizeof(struct addr_tuple4)) != 0)
{
char *addr_str = addr_tuple4_to_str(&inner_addr);
LOG_ERROR("%s: unexpected raw packet, session %lu expected address tuple4 to be %s, but now the packet's tuple4 is %s, bypass !!!", LOG_TAG_PKTIO, meta.session_id, s_ctx->first_ctrl_pkt.addr_string, addr_str);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
*action_bytes = raw_len;
free(addr_str);
return RAW_PKT_ERR_BYPASS;
}
}
// update sids // update sids
struct session_ctx *s_ctx = (struct session_ctx *)node->val_data;
if (meta.dir_is_e2i) if (meta.dir_is_e2i)
{ {
sids_write_once(&(s_ctx->raw_pkt_e2i_sids), &(meta.sids)); sids_write_once(&(s_ctx->raw_pkt_e2i_sids), &(meta.sids));

1
platform/src/sce.cpp
View File

@@ -51,6 +51,7 @@ struct sce_ctx *sce_ctx_create(const char *profile)
{ {
struct sce_ctx *ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx)); struct sce_ctx *ctx = (struct sce_ctx *)calloc(1, sizeof(struct sce_ctx));
MESA_load_profile_int_def(profile, "system", "enable_debug", (int *)&(ctx->enable_debug), 0);
MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(ctx->firewall_sids), 1001); MESA_load_profile_int_def(profile, "system", "firewall_sids", (int *)&(ctx->firewall_sids), 1001);
MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(ctx->nr_worker_threads), 8); MESA_load_profile_int_def(profile, "system", "nr_worker_threads", (int *)&(ctx->nr_worker_threads), 8);
MESA_load_profile_int_def(profile, "system", "enable_cpu_affinity", (int *)&ctx->enable_cpu_affinity, 0); MESA_load_profile_int_def(profile, "system", "enable_cpu_affinity", (int *)&ctx->enable_cpu_affinity, 0);