gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-22348 feature: adapt maat support UUID

Browse Source
This commit is contained in:
luwenpeng
2024-09-23 16:50:09 +08:00
parent 7ef8e44bca
commit 5799de5299
60 changed files with 2504 additions and 1043 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
platform/src/health_check.cpp
View File

@@ -46,7 +46,7 @@ struct session_iterm
struct health_check policy; // value1: deep copy
int is_active; // value2
int profile_id; // value3
uuid_t sf_uuid; // value3
int vsys_id; // value4
UT_hash_handle hh1; /* handle for first hash table */
@@ -457,7 +457,7 @@ static uint64_t health_check_get_session_id()
// return >0 : session id
// return 0 : fail
// struct health_check *policy : need deep copy
uint64_t health_check_session_add(int profile_id, int vsys_id, const struct health_check *policy)
uint64_t health_check_session_add(uuid_t *sf_uuid, int vsys_id, const struct health_check *policy)
{
uint64_t session_id = 0;
uint8_t mac[ETH_ALEN] = {0};
@@ -481,7 +481,7 @@ uint64_t health_check_session_add(int profile_id, int vsys_id, const struct heal
tmp->vsys_id = vsys_id;
tmp->session_id = session_id;
tmp->profile_id = profile_id;
uuid_copy(tmp->sf_uuid, *sf_uuid);
memcpy(&tmp->policy, policy, sizeof(struct health_check));
HASH_ADD(hh1, g_handle.root_by_id, session_id, sizeof(tmp->session_id), tmp);
@@ -498,13 +498,15 @@ uint64_t health_check_session_add(int profile_id, int vsys_id, const struct heal
health_check_method_table_set_mac(&g_handle_none, tmp->policy.address, mac);
}
LOG_DEBUG("health check session table insert: profile id [%d] session id [%lu] address [%s] success", profile_id, session_id, policy->address);
char sf_uuid_str[UUID_STRING_SIZE] = {0};
uuid_unparse(*sf_uuid, sf_uuid_str);
LOG_DEBUG("health check session table insert: profile id [%s] session id [%lu] address [%s] success", sf_uuid_str, session_id, policy->address);
return session_id;
}
// return 0 : success
// return -1 : key not exist
int health_check_session_del(uint64_t session_id, int profile_id, int vsys_id)
int health_check_session_del(uint64_t session_id, uuid_t *sf_uuid, int vsys_id)
{
int ret = 0;
struct session_iterm *tmp = NULL;
@@ -536,13 +538,15 @@ end:
HASH_DELETE(hh1, g_handle.root_by_id, tmp);
struct sf_status_key key = {0};
key.vsys_id = vsys_id;
key.sf_profile_id = profile_id;
uuid_copy(key.sf_uuid, *sf_uuid);
sf_status_delete(g_sf_status, &key);
pthread_rwlock_unlock(&g_handle.rwlock);
free(tmp);
tmp = NULL;
LOG_DEBUG("health check session table delete: profile id [%d] session id [%lu] success", profile_id, session_id);
char sf_uuid_str[UUID_STRING_SIZE] = {0};
uuid_unparse(*sf_uuid, sf_uuid_str);
LOG_DEBUG("health check session table delete: profile id [%s] session id [%lu] success", sf_uuid_str, session_id);
return 0;
}
@@ -667,7 +671,7 @@ static void *_health_check_session_foreach(void *arg)
struct sf_status_key key = {0};
key.vsys_id = node->vsys_id;
key.sf_profile_id = node->profile_id;
uuid_copy(key.sf_uuid, node->sf_uuid);
sf_status_update(g_sf_status, &key, is_active, 0);
if (node->is_active != is_active) {
node->is_active = is_active;
@@ -743,6 +747,7 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[])
struct session_iterm *tmp = NULL;
uint8_t mac[ETH_ALEN] = {0};
uint8_t init_mac[ETH_ALEN] = {0};
char sf_uuid_str[UUID_STRING_SIZE] = {0};
if (enable == 0)
{
@@ -757,9 +762,10 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[])
return -1;
}
uuid_unparse(tmp->sf_uuid, sf_uuid_str);
str_method = health_check_method_str(tmp->policy.method);
if (tmp->policy.method == HEALTH_CHECK_METHOD_BFD && tmp->is_active == 0) {
LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] active is down", session_id, tmp->profile_id, str_method);
LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] active is down", session_id, sf_uuid_str, str_method);
pthread_rwlock_unlock(&g_handle.rwlock);
return -1;
}
@@ -773,20 +779,20 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[])
if (memcmp(mac, init_mac, ETH_ALEN) == 0) {
if (strlen(gateway_address) == 0) {
LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [null]", session_id, tmp->profile_id, str_method);
LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [null]", session_id, sf_uuid_str, str_method);
pthread_rwlock_unlock(&g_handle.rwlock);
return -1;
}
health_check_method_table_get_mac(&g_handle_none, gateway_address, mac);
if (memcmp(mac, init_mac, ETH_ALEN) == 0) {
LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [null]", session_id, tmp->profile_id, str_method);
LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [null]", session_id, sf_uuid_str, str_method);
pthread_rwlock_unlock(&g_handle.rwlock);
return -1;
}
}
memcpy(mac_buff, mac, ETH_ALEN);
LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [%02x:%02x:%02x:%02x:%02x:%02x]", session_id, tmp->profile_id, str_method, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [%02x:%02x:%02x:%02x:%02x:%02x]", session_id, sf_uuid_str, str_method, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
pthread_rwlock_unlock(&g_handle.rwlock);
return 0;
}

72
platform/src/packet_io.cpp
View File

@@ -668,9 +668,9 @@ static inline void action_mirr_forward(struct session_ctx *session_ctx, marsio_b
THROUGHPUT_METRICS_INC(&(thread_metrics->mirr_tx), 1, meta->raw_len);
THROUGHPUT_METRICS_INC(&sf->tx, 1, nsend);
struct sf_metrics_key key = {0};
key.rule_id = sf->rule_id;
key.sff_profile_id = sf->sff_profile_id;
key.sf_profile_id = sf->sf_profile_id;
uuid_copy(key.rule_uuid, sf->rule_uuid);
uuid_copy(key.sff_uuid, sf->sff_uuid);
uuid_copy(key.sf_uuid, sf->sf_uuid);
key.vsys_id = sf->rule_vsys_id;
sf_metrics_input(sf_metrics, thread_index, &key, 0, 0, 1, nsend);
}
@@ -703,23 +703,30 @@ static inline void action_stee_forward(struct session_ctx *session_ctx, marsio_b
THROUGHPUT_METRICS_INC(&(thread_metrics->stee_tx), 1, meta->raw_len);
THROUGHPUT_METRICS_INC(&sf->tx, 1, nsend);
struct sf_metrics_key key = {0};
key.rule_id = sf->rule_id;
key.sff_profile_id = sf->sff_profile_id;
key.sf_profile_id = sf->sf_profile_id;
uuid_copy(key.rule_uuid, sf->rule_uuid);
uuid_copy(key.sff_uuid, sf->sff_uuid);
uuid_copy(key.sf_uuid, sf->sf_uuid);
key.vsys_id = sf->rule_vsys_id;
sf_metrics_input(sf_metrics, thread_index, &key, 0, 0, 1, nsend);
}
static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx *session_ctx, struct selected_chaining *chaining, marsio_buff_t *rx_buff, struct metadata *meta, int next_sf_index)
{
char rule_uuid_str[UUID_STRING_SIZE];
char sff_uuid_str[UUID_STRING_SIZE];
char sf_uuid_str[UUID_STRING_SIZE];
int sf_index;
for (sf_index = next_sf_index; sf_index < chaining->chaining_used; sf_index++)
{
struct selected_sf *sf = &(chaining->chaining[sf_index]);
LOG_DEBUG("%s: session: %lu %s execute chaining [%d/%d]: policy %lu->%d->%d, action %s->%s->%s->%s",
uuid_unparse(sf->rule_uuid, rule_uuid_str);
uuid_unparse(sf->sff_uuid, sff_uuid_str);
uuid_unparse(sf->sf_uuid, sf_uuid_str);
LOG_DEBUG("%s: session: %lu %s execute chaining [%d/%d]: policy %s->%s->%s, action %s->%s->%s->%s",
LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr,
sf_index, chaining->chaining_used,
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
rule_uuid_str, sff_uuid_str, sf_uuid_str,
(meta->is_decrypted ? "decrypted" : "raw"), (meta->direction ? "E2I" : "I2E"), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc));
PACKET_TRACE_ON_CHAIN(thread_ctx->ref_io->instance, rx_buff, sf, meta);
@@ -786,10 +793,11 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *
{
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
struct packet_io *packet_io = thread_ctx->ref_io;
struct mutable_array *rule_ids = &session_ctx->rule_ids;
struct uuid_array *rule_uuid_array = &session_ctx->rule_uuid_array;
struct selected_chaining *chaining_raw = session_ctx->chaining_raw;
struct selected_chaining *chaining_decrypted = session_ctx->chaining_decrypted;
int thread_index = thread_ctx->thread_index;
int num = uuid_array_get_count(rule_uuid_array);
char *data;
size_t size;
@@ -828,9 +836,9 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *
{
mpack_write_cstr(&writer, "sc_rule_list");
mpack_build_array(&writer); // sc_rule_list begin
for (int i = 0; i < rule_ids->num; i++)
for (int i = 0; i < num; i++)
{
mpack_write_u64(&writer, mutable_array_index_elem(rule_ids, i));
mpack_write_bin(&writer, (const char *)uuid_array_get_at(rule_uuid_array, i), sizeof(uuid_t));
}
mpack_complete_array(&writer); // sc_rule_list end
}
@@ -843,7 +851,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *
struct selected_sf *sf = &(chaining_raw->chaining[i]);
if (sf->sf_action == SESSION_ACTION_FORWARD)
{
mpack_write_u64(&writer, sf->sf_profile_id);
mpack_write_bin(&writer, (const char *)&sf->sf_uuid, sizeof(uuid_t));
}
if (sf->sf_action == SESSION_ACTION_BLOCK && sf->sff_forward_type == FORWARD_TYPE_STEERING)
{
@@ -861,7 +869,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *
struct selected_sf *sf = &(chaining_decrypted->chaining[i]);
if (sf->sf_action == SESSION_ACTION_FORWARD)
{
mpack_write_u64(&writer, sf->sf_profile_id);
mpack_write_bin(&writer, (const char *)&sf->sf_uuid, sizeof(uuid_t));
}
if (sf->sf_action == SESSION_ACTION_BLOCK && sf->sff_forward_type == FORWARD_TYPE_STEERING)
{
@@ -942,12 +950,19 @@ static void dump_sf_metrics(struct session_ctx *session_ctx, struct selected_cha
return;
}
char rule_uuid_str[UUID_STRING_SIZE];
char sff_uuid_str[UUID_STRING_SIZE];
char sf_uuid_str[UUID_STRING_SIZE];
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *sf = &(chaining->chaining[i]);
LOG_INFO("%s: session %lu %s metrics: policy %lu->%d->%d action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
uuid_unparse(sf->rule_uuid, rule_uuid_str);
uuid_unparse(sf->sff_uuid, sff_uuid_str);
uuid_unparse(sf->sf_uuid, sf_uuid_str);
LOG_INFO("%s: session %lu %s metrics: policy %s->%s->%s action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr,
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
rule_uuid_str, sff_uuid_str, sf_uuid_str,
traffic_type_tostring(sf->traffic_type), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc),
sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
}
@@ -964,24 +979,23 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
for (int i = 0; i < ctrl_pkt->rule_id_num; i++)
int num = uuid_array_get_count(&ctrl_pkt->rule_uuid_array);
for (int i = 0; i < num; i++)
{
uint64_t rule_id = ctrl_pkt->rule_ids[i];
if (mutable_array_exist_elem(&session_ctx->rule_ids, rule_id))
uuid_t *rule_uuid_ptr = uuid_array_get_at(&ctrl_pkt->rule_uuid_array, i);
if (uuid_array_contains(&session_ctx->rule_uuid_array, *rule_uuid_ptr))
{
continue;
}
else
{
policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_id, direction);
policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_uuid_ptr, direction);
if (sce_ctx->enable_debug)
{
selected_chaining_bref(session_ctx->chaining_raw);
selected_chaining_bref(session_ctx->chaining_decrypted);
}
mutable_array_add_elem(&session_ctx->rule_ids, rule_id);
}
}
}
@@ -1213,8 +1227,8 @@ static void handle_data_packet(marsio_buff_t *rx_buff, struct thread_ctx *thread
{
THROUGHPUT_METRICS_INC(&(thread_metrics->raw_rx), 1, meta.raw_len);
}
PACKET_TRACE_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_ids, chaining);
PACKET_TELEMETRY_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_ids, chaining);
PACKET_TRACE_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_uuid_array, chaining);
PACKET_TELEMETRY_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_uuid_array, chaining);
action_sf_chaining(thread_ctx, session_ctx, chaining, rx_buff, &meta, 0);
return;
@@ -1243,6 +1257,7 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
struct vxlan_hdr *vxlan_hdr = NULL;
struct session_ctx *session_ctx = NULL;
struct selected_chaining *chaining = NULL;
char sf_uuid_str[UUID_STRING_SIZE];
memset(&meta, 0, sizeof(struct metadata));
int sf_index = 0;
@@ -1300,8 +1315,9 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
if (chaining->chaining[sf_index].sff_forward_type == FORWARD_TYPE_MIRRORING)
{
LOG_DEBUG("%s: unexpected inject packet, session %lu %s with sf_profile_id %d executes mirror and does not require reflow, drop !!!",
LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr, chaining->chaining[sf_index].sf_profile_id);
uuid_unparse(chaining->chaining[sf_index].sf_uuid, sf_uuid_str);
LOG_DEBUG("%s: unexpected inject packet, session %lu %s with sf_uuid %s executes mirror and does not require reflow, drop !!!",
LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr, sf_uuid_str);
THROUGHPUT_METRICS_INC(&(thread_metrics->mirr_rx_drop), 1, meta.raw_len);
goto error_block;
}
@@ -1311,9 +1327,9 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
THROUGHPUT_METRICS_INC(&sf->rx, 1, raw_len);
THROUGHPUT_METRICS_INC(&(thread_metrics->stee_rx), 1, meta.raw_len);
struct sf_metrics_key key = {0};
key.rule_id = sf->rule_id;
key.sff_profile_id = sf->sff_profile_id;
key.sf_profile_id = sf->sf_profile_id;
uuid_copy(key.rule_uuid, sf->rule_uuid);
uuid_copy(key.sff_uuid, sf->sff_uuid);
uuid_copy(key.sf_uuid, sf->sf_uuid);
key.vsys_id = sf->rule_vsys_id;
sf_metrics_input(sf_metrics, thread_index, &key, 1, raw_len, 0, 0);
}

587
platform/src/policy.cpp
View File

File diff suppressed because it is too large Load Diff

2
platform/src/sce.cpp
View File

@@ -26,7 +26,7 @@ struct session_ctx *session_ctx_new()
struct session_ctx *session_ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
assert(session_ctx != NULL);
mutable_array_init(&session_ctx->rule_ids);
uuid_array_init(&session_ctx->rule_uuid_array);
return session_ctx;
}

18
platform/src/sf_metrics.cpp
View File

@@ -226,9 +226,9 @@ void sf_metrics_input(struct sf_metrics *handle, uint16_t thr_idx, struct sf_met
{
node = (struct metric *)calloc(1, sizeof(struct metric));
node->key.vsys_id = key->vsys_id;
node->key.rule_id = key->rule_id;
node->key.sff_profile_id = key->sff_profile_id;
node->key.sf_profile_id = key->sf_profile_id;
uuid_copy(node->key.rule_uuid, key->rule_uuid);
uuid_copy(node->key.sff_uuid, key->sff_uuid);
uuid_copy(node->key.sf_uuid, key->sf_uuid);
node->recv_pkts = rx_pkts;
node->recv_bytes = rx_bytes;
@@ -254,6 +254,9 @@ void sf_metrics_output(struct sf_metrics *handle, uint16_t thr_idx)
struct metric *temp = NULL;
struct metric *node = NULL;
char rule_uuid_str[UUID_STRING_SIZE] = {0};
char sff_uuid_str[UUID_STRING_SIZE] = {0};
char sf_uuid_str[UUID_STRING_SIZE] = {0};
HASH_ITER(hh, handle->root[thr_idx], node, temp)
{
if (node->sent_pkts == 0 && node->recv_pkts == 0 &&
@@ -262,11 +265,14 @@ void sf_metrics_output(struct sf_metrics *handle, uint16_t thr_idx)
continue;
}
uuid_unparse(node->key.rule_uuid, rule_uuid_str);
uuid_unparse(node->key.sff_uuid, sff_uuid_str);
uuid_unparse(node->key.sf_uuid, sf_uuid_str);
const struct field tags[] = {
{"vsys_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.vsys_id}},
{"rule_id", FIELD_VALUE_INTEGER, {.value_longlong = (long long)node->key.rule_id}},
{"sff_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sff_profile_id}},
{"sf_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sf_profile_id}},
{"rule_uuid", FIELD_VALUE_CSTRING, {.value_str = rule_uuid_str}},
{"sff_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sff_uuid_str}},
{"sf_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sf_uuid_str}},
};
fieldstat_easy_counter_incrby(handle->fs, thr_idx, handle->sent_pkts_idx, tags, sizeof(tags) / sizeof(tags[0]), node->sent_pkts);

6
platform/src/sf_status.cpp
View File

@@ -140,7 +140,7 @@ void sf_status_update(struct sf_status *handle, const struct sf_status_key *key,
{
temp = (struct metric *)calloc(1, sizeof(struct metric));
temp->key.vsys_id = key->vsys_id;
temp->key.sf_profile_id = key->sf_profile_id;
uuid_copy(temp->key.sf_uuid, key->sf_uuid);
temp->sf_status = sf_status;
temp->sf_latency = sf_latency;
HASH_ADD(hh, handle->htable, key, sizeof(struct sf_status_key), temp);
@@ -154,13 +154,15 @@ void sf_status_output(struct sf_status *handle)
return;
}
char sf_uuid_str[UUID_STRING_SIZE] = {0};
struct metric *temp = NULL;
struct metric *node = NULL;
HASH_ITER(hh, handle->htable, node, temp)
{
uuid_unparse(node->key.sf_uuid, sf_uuid_str);
const struct field tags[] = {
{"vsys_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.vsys_id}},
{"sf_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sf_profile_id}},
{"sf_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sf_uuid_str}},
};
fieldstat_easy_counter_set(handle->fs, 0, handle->sf_status_idx, tags, sizeof(tags) / sizeof(tags[0]), node->sf_status);