TSG-14568 tsg-service-chaining-engine支持MAAT4
This commit is contained in:
luwenpeng
@@ -35,12 +35,10 @@ env | sort
|
||||
# Install dependency from YUM
|
||||
yum install -y libasan
|
||||
yum install -y mrzcpd
|
||||
yum install -y libmaatframe-devel
|
||||
yum install -y libmaat4-devel
|
||||
yum install -y libMESA_handle_logger-devel
|
||||
yum install -y libMESA_prof_load-devel
|
||||
yum install -y libMESA_field_stat2-devel
|
||||
yum install -y librulescan-devel
|
||||
yum install -y sapp-devel # Maat_rule require MESA/stream.h
|
||||
yum install -y numactl-libs # required by mrzcpd
|
||||
yum install -y libibverbs # required by mrzcpd
|
||||
yum install -y libbreakpad_mini-devel
|
||||
|
||||
@@ -22,8 +22,8 @@ struct ctrl_pkt_parser
|
||||
uint64_t session_id;
|
||||
enum session_state state;
|
||||
char method[32];
|
||||
int policy_ids[32];
|
||||
int policy_id_num;
|
||||
uint64_t rule_ids[32];
|
||||
int rule_id_num;
|
||||
};
|
||||
|
||||
const char *session_state_to_string(enum session_state state);
|
||||
|
||||
@@ -31,26 +31,29 @@ extern "C"
|
||||
* fixed_num_array
|
||||
******************************************************************************/
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
struct fixed_num_array
|
||||
{
|
||||
int elems[128];
|
||||
uint64_t elems[128];
|
||||
int num;
|
||||
int size;
|
||||
};
|
||||
|
||||
void fixed_num_array_init(struct fixed_num_array *array);
|
||||
void fixed_num_array_add_elem(struct fixed_num_array *array, int elem);
|
||||
void fixed_num_array_del_elem(struct fixed_num_array *array, int elem);
|
||||
void fixed_num_array_add_elem(struct fixed_num_array *array, uint64_t elem);
|
||||
void fixed_num_array_del_elem(struct fixed_num_array *array, uint64_t elem);
|
||||
int fixed_num_array_is_full(struct fixed_num_array *array);
|
||||
int fixed_num_array_count_elem(struct fixed_num_array *array);
|
||||
int fixed_num_array_exist_elem(struct fixed_num_array *array, int elem);
|
||||
int fixed_num_array_exist_elem(struct fixed_num_array *array, uint64_t elem);
|
||||
int fixed_num_array_index_elem(struct fixed_num_array *array, int index);
|
||||
|
||||
/******************************************************************************
|
||||
* sids
|
||||
******************************************************************************/
|
||||
|
||||
#include <marsio.h>
|
||||
typedef uint16_t sid_t;
|
||||
#define MR_SID_LIST_MAXLEN 8
|
||||
|
||||
struct sids
|
||||
{
|
||||
|
||||
@@ -126,7 +126,7 @@ int ctrl_packet_parser_parse(struct ctrl_pkt_parser *handler, const char *data,
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
handler->policy_id_num = MIN(cJSON_GetArraySize(item), (int)(sizeof(handler->policy_ids) / sizeof(handler->policy_ids[0])));
|
||||
handler->rule_id_num = MIN(cJSON_GetArraySize(item), (int)(sizeof(handler->rule_ids) / sizeof(handler->rule_ids[0])));
|
||||
cJSON_ArrayForEach(elem, item)
|
||||
{
|
||||
if (!cJSON_IsNumber(elem))
|
||||
@@ -134,10 +134,10 @@ int ctrl_packet_parser_parse(struct ctrl_pkt_parser *handler, const char *data,
|
||||
LOG_ERROR("%s: unexpected control packet: (invalid service_chaining value) %s", LOG_TAG_POLICY, data);
|
||||
continue;
|
||||
}
|
||||
handler->policy_ids[iter] = elem->valueint;
|
||||
handler->rule_ids[iter] = elem->valueint;
|
||||
iter++;
|
||||
|
||||
if (iter == handler->policy_id_num)
|
||||
if (iter == handler->rule_id_num)
|
||||
{
|
||||
break;
|
||||
}
|
||||
@@ -160,11 +160,11 @@ void ctrl_packet_parser_dump(struct ctrl_pkt_parser *handler)
|
||||
LOG_INFO("%s: session_id : %lu", LOG_TAG_POLICY, handler->session_id);
|
||||
LOG_INFO("%s: state : %s", LOG_TAG_POLICY, session_state_to_string(handler->state));
|
||||
LOG_INFO("%s: method : %s", LOG_TAG_POLICY, handler->method);
|
||||
LOG_INFO("%s: policy_id_num : %d", LOG_TAG_POLICY, handler->policy_id_num);
|
||||
LOG_INFO("%s: rule_id_num : %d", LOG_TAG_POLICY, handler->rule_id_num);
|
||||
|
||||
for (int i = 0; i < handler->policy_id_num; i++)
|
||||
for (int i = 0; i < handler->rule_id_num; i++)
|
||||
{
|
||||
LOG_INFO("%s: policy_ids[%03d] : %i", LOG_TAG_POLICY, i, handler->policy_ids[i]);
|
||||
LOG_INFO("%s: rule_ids[%03d] : %lu", LOG_TAG_POLICY, i, handler->rule_ids[i]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ void fixed_num_array_init(struct fixed_num_array *array)
|
||||
array->size = sizeof(array->elems) / sizeof(array->elems[0]);
|
||||
}
|
||||
|
||||
void fixed_num_array_add_elem(struct fixed_num_array *array, int elem)
|
||||
void fixed_num_array_add_elem(struct fixed_num_array *array, uint64_t elem)
|
||||
{
|
||||
if (array->num < array->size)
|
||||
{
|
||||
@@ -35,7 +35,7 @@ void fixed_num_array_add_elem(struct fixed_num_array *array, int elem)
|
||||
}
|
||||
}
|
||||
|
||||
void fixed_num_array_del_elem(struct fixed_num_array *array, int elem)
|
||||
void fixed_num_array_del_elem(struct fixed_num_array *array, uint64_t elem)
|
||||
{
|
||||
for (int i = 0; i < array->num; i++)
|
||||
{
|
||||
@@ -75,7 +75,7 @@ int fixed_num_array_count_elem(struct fixed_num_array *array)
|
||||
}
|
||||
}
|
||||
|
||||
int fixed_num_array_exist_elem(struct fixed_num_array *array, int elem)
|
||||
int fixed_num_array_exist_elem(struct fixed_num_array *array, uint64_t elem)
|
||||
{
|
||||
for (int i = 0; i < array->num; i++)
|
||||
{
|
||||
|
||||
@@ -16,10 +16,10 @@ TEST(CTRL_PACKET, PARSE)
|
||||
EXPECT_TRUE(parser.session_id == 123456789);
|
||||
EXPECT_TRUE(parser.state == SESSION_STATE_ACTIVE);
|
||||
EXPECT_STREQ(parser.method, "policy_update");
|
||||
EXPECT_TRUE(parser.policy_id_num == 3);
|
||||
EXPECT_TRUE(parser.policy_ids[0] == 1);
|
||||
EXPECT_TRUE(parser.policy_ids[1] == 2);
|
||||
EXPECT_TRUE(parser.policy_ids[2] == 3);
|
||||
EXPECT_TRUE(parser.rule_id_num == 3);
|
||||
EXPECT_TRUE(parser.rule_ids[0] == 1);
|
||||
EXPECT_TRUE(parser.rule_ids[1] == 2);
|
||||
EXPECT_TRUE(parser.rule_ids[2] == 3);
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
|
||||
@@ -18,6 +18,9 @@ breakpad_upload_tools=/opt/tsg/framework/bin/minidump_upload
|
||||
[maat]
|
||||
# 0:json 1:redis 2:iris
|
||||
input_mode=1
|
||||
# LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO = 2;
|
||||
# LOG_LEVEL_WARN = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
|
||||
log_level=5
|
||||
stat_switch=1
|
||||
perf_switch=1
|
||||
scan_detail=0
|
||||
|
||||
@@ -6,6 +6,8 @@ extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
#include <marsio.h>
|
||||
|
||||
// only for gtest
|
||||
int mbuff_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta);
|
||||
int mbuff_set_metadata(marsio_buff_t *tx_buff, struct metadata *meta);
|
||||
|
||||
@@ -80,7 +80,7 @@ struct connectivity
|
||||
|
||||
struct selected_sf
|
||||
{
|
||||
int policy_id;
|
||||
uint64_t rule_id;
|
||||
enum traffic_type traffic_type;
|
||||
|
||||
int sff_profile_id;
|
||||
@@ -137,7 +137,7 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer);
|
||||
// return -1 : error
|
||||
int policy_enforcer_register(struct policy_enforcer *enforcer);
|
||||
int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
|
||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e);
|
||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, uint64_t rule_id, int dir_is_i2e);
|
||||
|
||||
#ifdef __cpluscplus
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ struct session_ctx
|
||||
char *session_addr;
|
||||
|
||||
struct addr_tuple4 inner_tuple4;
|
||||
struct fixed_num_array policy_ids;
|
||||
struct fixed_num_array rule_ids;
|
||||
|
||||
struct metadata *raw_meta_i2e;
|
||||
struct metadata *raw_meta_e2i;
|
||||
|
||||
@@ -13,7 +13,7 @@ struct sf_metrics *sf_metrics_create(const char *profile);
|
||||
void sf_metrics_destory(struct sf_metrics *handle);
|
||||
void sf_metrics_reset(struct sf_metrics *handle);
|
||||
|
||||
void sf_metrics_inc(struct sf_metrics *handle, int rule_id, int sff_profile_id, int sf_profile_id, uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes);
|
||||
void sf_metrics_inc(struct sf_metrics *handle, uint64_t rule_id, int sff_profile_id, int sf_profile_id, uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes);
|
||||
void sf_metrics_send(struct sf_metrics *handle);
|
||||
int sf_metrics_get_interval(struct sf_metrics *handle);
|
||||
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/ether.h>
|
||||
|
||||
#include <marsio.h>
|
||||
#include <cjson/cJSON.h>
|
||||
#include <MESA/MESA_prof_load.h>
|
||||
|
||||
@@ -11,6 +10,7 @@
|
||||
#include "sce.h"
|
||||
#include "utils.h"
|
||||
#include "g_vxlan.h"
|
||||
#include "packet_io.h"
|
||||
#include "sf_metrics.h"
|
||||
#include "ctrl_packet.h"
|
||||
#include "global_metrics.h"
|
||||
@@ -436,7 +436,7 @@ static void action_mirr_forward(marsio_buff_t *rx_buff, struct metadata *meta, s
|
||||
throughput_metrics_inc(&(g_metrics->device.endpoint_tx), 1, nsend);
|
||||
throughput_metrics_inc(&(g_metrics->raw_pkt.mirr_tx), 1, raw_len);
|
||||
throughput_metrics_inc(&sf->tx, 1, nsend);
|
||||
sf_metrics_inc(thread_ctx->sf_metrics, sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, 0, 0, 1, nsend);
|
||||
sf_metrics_inc(thread_ctx->sf_metrics, sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, 0, 0, 1, nsend);
|
||||
}
|
||||
|
||||
static void action_stee_bypass(marsio_buff_t *rx_buff, struct metadata *meta, struct selected_sf *sf, struct thread_ctx *thread_ctx)
|
||||
@@ -467,7 +467,7 @@ static void action_stee_forward(marsio_buff_t *rx_buff, struct metadata *meta, s
|
||||
throughput_metrics_inc(&(g_metrics->device.endpoint_tx), 1, nsend);
|
||||
throughput_metrics_inc(&(g_metrics->raw_pkt.stee_tx), 1, raw_len);
|
||||
throughput_metrics_inc(&sf->tx, 1, nsend);
|
||||
sf_metrics_inc(thread_ctx->sf_metrics, sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, 0, 0, 1, nsend);
|
||||
sf_metrics_inc(thread_ctx->sf_metrics, sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, 0, 0, 1, nsend);
|
||||
}
|
||||
|
||||
static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx *session_ctx, struct selected_chaining *chaining, marsio_buff_t *rx_buff, struct metadata *meta, int next_sf_index)
|
||||
@@ -476,9 +476,9 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx
|
||||
for (sf_index = next_sf_index; sf_index < chaining->chaining_used; sf_index++)
|
||||
{
|
||||
struct selected_sf *sf = &(chaining->chaining[sf_index]);
|
||||
LOG_INFO("%s: session: %lu %s execute chaining [%d/%d] policy_id: %d, sff_profile_id: %d, sf_profile_id: %d, sf_need_skip: %d, sf_action_reason: %s, is_e2i: %d, is_decrypted: %d",
|
||||
LOG_INFO("%s: session: %lu %s execute chaining [%d/%d] rule_id: %lu, sff_profile_id: %d, sf_profile_id: %d, sf_need_skip: %d, sf_action_reason: %s, is_e2i: %d, is_decrypted: %d",
|
||||
LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr, sf_index, chaining->chaining_used,
|
||||
sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, sf->sf_need_skip, action_reason_to_string(sf->sf_action_reason),
|
||||
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, sf->sf_need_skip, action_reason_to_string(sf->sf_action_reason),
|
||||
meta->is_e2i_dir, meta->is_decrypted);
|
||||
|
||||
if (sf->sf_need_skip)
|
||||
@@ -607,8 +607,8 @@ static void dump_event_log(struct session_ctx *session_ctx, struct selected_chai
|
||||
for (int i = 0; i < chaining->chaining_used; i++)
|
||||
{
|
||||
struct selected_sf *sf = &(chaining->chaining[i]);
|
||||
LOG_INFO("%s: session %lu %s %s metrics log: policy %d sff_profile_id %d sf_profile_id %d sf_need_skip %d sf_action_reason %s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
|
||||
LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr, tag, sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, sf->sf_need_skip, action_reason_to_string(sf->sf_action_reason), sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
|
||||
LOG_INFO("%s: session %lu %s %s metrics log: rule_id %lu sff_profile_id %d sf_profile_id %d sf_need_skip %d sf_action_reason %s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
|
||||
LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr, tag, sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, sf->sf_need_skip, action_reason_to_string(sf->sf_action_reason), sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -620,21 +620,21 @@ static void session_value_free_cb(void *ctx)
|
||||
|
||||
static void handle_policy_mutil_hits(struct policy_enforcer *enforcer, struct session_ctx *session_ctx, struct ctrl_pkt_parser *ctrl_parser, raw_pkt_parser *raw_parser, int is_e2i_dir)
|
||||
{
|
||||
for (int i = 0; i < ctrl_parser->policy_id_num; i++)
|
||||
for (int i = 0; i < ctrl_parser->rule_id_num; i++)
|
||||
{
|
||||
int policy_id = ctrl_parser->policy_ids[i];
|
||||
if (fixed_num_array_exist_elem(&session_ctx->policy_ids, policy_id))
|
||||
uint64_t rule_id = ctrl_parser->rule_ids[i];
|
||||
if (fixed_num_array_exist_elem(&session_ctx->rule_ids, rule_id))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
policy_enforce_select_chainings(enforcer, &session_ctx->chainings, session_ctx, raw_parser, policy_id, is_e2i_dir);
|
||||
policy_enforce_select_chainings(enforcer, &session_ctx->chainings, session_ctx, raw_parser, rule_id, is_e2i_dir);
|
||||
|
||||
selected_chaining_bref(session_ctx->chainings.chaining_raw);
|
||||
selected_chaining_bref(session_ctx->chainings.chaining_decrypted);
|
||||
|
||||
fixed_num_array_add_elem(&session_ctx->policy_ids, policy_id);
|
||||
fixed_num_array_add_elem(&session_ctx->rule_ids, rule_id);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -951,7 +951,7 @@ static void handle_inject_packet(marsio_buff_t *rx_buff, struct thread_ctx *thre
|
||||
struct selected_sf *sf = &(chaining->chaining[sf_index]);
|
||||
throughput_metrics_inc(&sf->rx, 1, raw_len);
|
||||
throughput_metrics_inc(&(g_metrics->raw_pkt.stee_rx), 1, meta.raw_len);
|
||||
sf_metrics_inc(thread_ctx->sf_metrics, sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, 1, raw_len, 0, 0);
|
||||
sf_metrics_inc(thread_ctx->sf_metrics, sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, 1, raw_len, 0, 0);
|
||||
}
|
||||
|
||||
marsio_buff_adj(rx_buff, raw_len - meta.raw_len);
|
||||
|
||||
@@ -1,8 +1,7 @@
|
||||
#include <time.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include <cjson/cJSON.h>
|
||||
#include <MESA/Maat_rule.h>
|
||||
#include <MESA/maat.h>
|
||||
#include <MESA/MESA_prof_load.h>
|
||||
|
||||
#include "global_metrics.h"
|
||||
@@ -28,6 +27,7 @@ struct policy_config
|
||||
{
|
||||
enum input_mode input_mode;
|
||||
|
||||
int log_level;
|
||||
int stat_switch;
|
||||
int perf_switch;
|
||||
int scan_detail;
|
||||
@@ -53,7 +53,7 @@ struct policy_config
|
||||
struct policy_enforcer
|
||||
{
|
||||
struct policy_config config;
|
||||
Maat_feather_t maat;
|
||||
struct maat *maat;
|
||||
|
||||
int compile_table_id; // SERVICE_CHAINING_COMPILE table id
|
||||
int sff_table_id; // SERVICE_FUNCTION_FORWARDER_PROFILE table id
|
||||
@@ -66,7 +66,7 @@ struct policy_enforcer
|
||||
|
||||
struct chaining_param
|
||||
{
|
||||
int policy_id;
|
||||
uint64_t rule_id;
|
||||
int ref_cnt;
|
||||
|
||||
enum traffic_type traffic_type;
|
||||
@@ -220,6 +220,9 @@ error_out:
|
||||
static void policy_enforcer_config(const char *profile, struct policy_config *config)
|
||||
{
|
||||
MESA_load_profile_int_def(profile, "MAAT", "input_mode", (int *)&(config->input_mode), MAAT_INPUT_REDIS);
|
||||
// LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO = 2;
|
||||
// LOG_LEVEL_WARN = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
|
||||
MESA_load_profile_int_def(profile, "MAAT", "log_level", &(config->log_level), 5);
|
||||
MESA_load_profile_int_def(profile, "MAAT", "stat_switch", &(config->stat_switch), 1);
|
||||
MESA_load_profile_int_def(profile, "MAAT", "perf_switch", &(config->perf_switch), 1);
|
||||
MESA_load_profile_int_def(profile, "MAAT", "scan_detail", &(config->scan_detail), 0);
|
||||
@@ -246,6 +249,7 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co
|
||||
}
|
||||
|
||||
LOG_DEBUG("%s: MAAT->input_mode : %s", LOG_TAG_POLICY, (config->input_mode == MAAT_INPUT_REDIS ? "redis" : (config->input_mode == MAAT_INPUT_JSON ? "json" : (config->input_mode == MAAT_INPUT_FILE ? "file" : "unknown"))));
|
||||
LOG_DEBUG("%s: MAAT->log_level : %d", LOG_TAG_POLICY, config->log_level);
|
||||
LOG_DEBUG("%s: MAAT->stat_switch : %d", LOG_TAG_POLICY, config->stat_switch);
|
||||
LOG_DEBUG("%s: MAAT->perf_switch : %d", LOG_TAG_POLICY, config->perf_switch);
|
||||
LOG_DEBUG("%s: MAAT->scan_detail : %d", LOG_TAG_POLICY, config->scan_detail);
|
||||
@@ -268,7 +272,7 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co
|
||||
LOG_DEBUG("%s: MAAT->max_chaining_size : %d", LOG_TAG_POLICY, config->max_chaining_size);
|
||||
}
|
||||
|
||||
static void chaining_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
|
||||
static void chaining_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
|
||||
{
|
||||
int iter = 0;
|
||||
cJSON *json = NULL;
|
||||
@@ -278,9 +282,9 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
|
||||
size_t user_region_len = 0;
|
||||
struct chaining_param *param = NULL;
|
||||
|
||||
if (Maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len) < 0)
|
||||
if (maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len) < 0)
|
||||
{
|
||||
LOG_ERROR("%s: unexpected chaining policy: (invalid user region) %s", LOG_TAG_POLICY, table_line);
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid user region) %s", LOG_TAG_POLICY, table_line);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -289,19 +293,19 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
|
||||
json = cJSON_Parse(json_str);
|
||||
if (json == NULL)
|
||||
{
|
||||
LOG_ERROR("%s: unexpected chaining policy: (invalid json format) %s", LOG_TAG_POLICY, table_line);
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid json format) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
param = (struct chaining_param *)calloc(1, sizeof(struct chaining_param));
|
||||
param->policy_id = atoi(key);
|
||||
param->rule_id = atoll(key);
|
||||
param->ref_cnt = 1;
|
||||
|
||||
// targeted_traffic
|
||||
item = cJSON_GetObjectItem(json, "targeted_traffic");
|
||||
if (!item || !cJSON_IsString(item))
|
||||
{
|
||||
LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
if (strcasecmp(item->valuestring, "raw") == 0)
|
||||
@@ -314,16 +318,16 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
|
||||
}
|
||||
else
|
||||
{
|
||||
LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: %s", LOG_TAG_POLICY, param->policy_id, traffic_type_to_string(param->traffic_type));
|
||||
LOG_DEBUG("%s: parse chaining rule: %lu, targeted_traffic: %s", LOG_TAG_POLICY, param->rule_id, traffic_type_to_string(param->traffic_type));
|
||||
|
||||
// sff_profiles
|
||||
item = cJSON_GetObjectItem(json, "sff_profiles");
|
||||
if (!item || !cJSON_IsArray(item) || !cJSON_GetArraySize(item))
|
||||
{
|
||||
LOG_ERROR("%s: unexpected chaining policy: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
param->sff_profile_ids_num = cJSON_GetArraySize(item);
|
||||
@@ -332,17 +336,17 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
|
||||
{
|
||||
if (!cJSON_IsNumber(element))
|
||||
{
|
||||
LOG_ERROR("%s: unexpected chaining policy: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
|
||||
continue;
|
||||
}
|
||||
|
||||
LOG_DEBUG("%s: parse chaining policy: %d, sff_profiles[%d/%d]: %d", LOG_TAG_POLICY, param->policy_id, iter, param->sff_profile_ids_num, element->valueint);
|
||||
LOG_DEBUG("%s: parse chaining rule: %lu, sff_profiles[%d/%d]: %d", LOG_TAG_POLICY, param->rule_id, iter, param->sff_profile_ids_num, element->valueint);
|
||||
param->sff_profile_ids[iter] = element->valueint;
|
||||
iter++;
|
||||
}
|
||||
|
||||
*ad = param;
|
||||
LOG_INFO("%s: Add chaining policy: %d", LOG_TAG_POLICY, param->policy_id);
|
||||
LOG_INFO("%s: Add chaining rule: %lu", LOG_TAG_POLICY, param->rule_id);
|
||||
|
||||
cJSON_Delete(json);
|
||||
free(json_str);
|
||||
@@ -373,7 +377,7 @@ error_out:
|
||||
}
|
||||
}
|
||||
|
||||
static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
|
||||
static void chaining_param_free_cb(int table_id, void **ad, long argl, void *argp)
|
||||
{
|
||||
struct chaining_param *param = (struct chaining_param *)*ad;
|
||||
if (param == NULL)
|
||||
@@ -383,7 +387,7 @@ static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long a
|
||||
|
||||
if ((__sync_sub_and_fetch(¶m->ref_cnt, 1) == 0))
|
||||
{
|
||||
LOG_INFO("%s: Del chaining policy: %d", LOG_TAG_POLICY, param->policy_id);
|
||||
LOG_INFO("%s: Del chaining rule: %lu", LOG_TAG_POLICY, param->rule_id);
|
||||
if (param->sff_profile_ids)
|
||||
{
|
||||
free(param->sff_profile_ids);
|
||||
@@ -396,7 +400,7 @@ static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long a
|
||||
}
|
||||
}
|
||||
|
||||
static void chaining_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
|
||||
static void chaining_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
|
||||
{
|
||||
struct chaining_param *param = (struct chaining_param *)*from;
|
||||
if (param)
|
||||
@@ -415,7 +419,7 @@ static void chaining_param_free(struct chaining_param *param)
|
||||
chaining_param_free_cb(0, (void **)¶m, 0, NULL);
|
||||
}
|
||||
|
||||
static void sff_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
|
||||
static void sff_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
|
||||
{
|
||||
int iter = 0;
|
||||
struct sff_param *param = NULL;
|
||||
@@ -533,7 +537,7 @@ static void sff_param_new_cb(int table_id, const char *key, const char *table_li
|
||||
item = cJSON_GetObjectItem(root1, "action");
|
||||
if (!item || !cJSON_IsString(item))
|
||||
{
|
||||
LOG_ERROR("%s: unexpected chaining policy: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
if (0 == strcasecmp(item->valuestring, "bypass"))
|
||||
@@ -546,7 +550,7 @@ static void sff_param_new_cb(int table_id, const char *key, const char *table_li
|
||||
}
|
||||
else
|
||||
{
|
||||
LOG_ERROR("%s: unexpected chaining policy: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
LOG_DEBUG("%s: parse sff profile: %d, unavailability_action->action: %s", LOG_TAG_POLICY, param->sff_profile_id, item->valuestring);
|
||||
@@ -612,7 +616,7 @@ error_out:
|
||||
}
|
||||
}
|
||||
|
||||
static void sff_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
|
||||
static void sff_param_free_cb(int table_id, void **ad, long argl, void *argp)
|
||||
{
|
||||
struct sff_param *param = (struct sff_param *)*ad;
|
||||
if (param == NULL)
|
||||
@@ -635,7 +639,7 @@ static void sff_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl,
|
||||
}
|
||||
}
|
||||
|
||||
static void sff_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
|
||||
static void sff_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
|
||||
{
|
||||
struct sff_param *param = (struct sff_param *)*from;
|
||||
if (param)
|
||||
@@ -654,7 +658,7 @@ static void sff_param_free(struct sff_param *param)
|
||||
sff_param_free_cb(0, (void **)¶m, 0, NULL);
|
||||
}
|
||||
|
||||
static void sf_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
|
||||
static void sf_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
|
||||
{
|
||||
struct sf_param *param = NULL;
|
||||
cJSON *root1 = NULL;
|
||||
@@ -863,7 +867,7 @@ error_out:
|
||||
}
|
||||
}
|
||||
|
||||
static void sf_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
|
||||
static void sf_param_free_cb(int table_id, void **ad, long argl, void *argp)
|
||||
{
|
||||
struct sf_param *param = (struct sf_param *)*ad;
|
||||
if (param == NULL)
|
||||
@@ -882,7 +886,7 @@ static void sf_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, v
|
||||
}
|
||||
}
|
||||
|
||||
static void sf_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
|
||||
static void sf_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
|
||||
{
|
||||
struct sf_param *param = (struct sf_param *)*from;
|
||||
if (param)
|
||||
@@ -911,7 +915,7 @@ static void select_sf_by_nearby_and_adminstatus(struct policy_enforcer *enforcer
|
||||
{
|
||||
memset(&buffer, 0, sizeof(buffer));
|
||||
snprintf(buffer, sizeof(buffer), "%u", sff_param->sf_profile_ids[i]);
|
||||
sf = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
|
||||
sf = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
|
||||
if (sf == NULL)
|
||||
{
|
||||
LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sff_param->sf_profile_ids[i]);
|
||||
@@ -964,7 +968,7 @@ static enum session_action select_sf_by_ldbc(struct policy_enforcer *enforcer, s
|
||||
|
||||
memset(&buffer, 0, sizeof(buffer));
|
||||
snprintf(buffer, sizeof(buffer), "%u", sf_profile_id);
|
||||
sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
|
||||
sf_param = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
|
||||
if (sf_param == NULL)
|
||||
{
|
||||
LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sf_profile_id);
|
||||
@@ -1042,7 +1046,7 @@ static void selected_sf_init(struct selected_sf *item)
|
||||
if (item)
|
||||
{
|
||||
memset(item, 0, sizeof(struct selected_sf));
|
||||
item->policy_id = -1;
|
||||
item->rule_id = 0;
|
||||
item->traffic_type = TRAFFIC_TYPE_NONE;
|
||||
item->sff_profile_id = -1;
|
||||
item->sff_forward_type = FORWARD_TYPE_NONE;
|
||||
@@ -1205,7 +1209,7 @@ void selected_chaining_dump(struct selected_chaining *chaining)
|
||||
for (int i = 0; i < chaining->chaining_used; i++)
|
||||
{
|
||||
struct selected_sf *node = &(chaining->chaining[i]);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->policy_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->policy_id);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->rule_id : %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->rule_id);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_to_string(node->traffic_type));
|
||||
// sff
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id);
|
||||
@@ -1243,8 +1247,8 @@ void selected_chaining_bref(struct selected_chaining *chaining)
|
||||
buff_used += snprintf(buff + buff_used, buff_size - buff_used, ",");
|
||||
}
|
||||
buff_used += snprintf(buff + buff_used, buff_size - buff_used,
|
||||
"\"node[%d]\":{\"skip\":%d,\"policy_id\":%d,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"traffic_type\":\"%s\",\"sff_forward_type\":\"%s\",\"sf_action\":\"%s\",\"reason\":\"%s\"}",
|
||||
i, node->sf_need_skip, node->policy_id, node->sff_profile_id, node->sf_profile_id,
|
||||
"\"node[%d]\":{\"skip\":%d,\"rule_id\":%lu,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"traffic_type\":\"%s\",\"sff_forward_type\":\"%s\",\"sf_action\":\"%s\",\"reason\":\"%s\"}",
|
||||
i, node->sf_need_skip, node->rule_id, node->sff_profile_id, node->sf_profile_id,
|
||||
traffic_type_to_string(node->traffic_type), forward_type_to_string(node->sff_forward_type), session_action_to_string(node->sf_action), action_reason_to_string(node->sf_action_reason));
|
||||
}
|
||||
}
|
||||
@@ -1288,17 +1292,20 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
|
||||
assert(enforcer);
|
||||
policy_enforcer_config(profile, &(enforcer->config));
|
||||
|
||||
enforcer->maat = Maat_feather(thread_num, enforcer->config.table_info, logger);
|
||||
if (enforcer->maat == NULL)
|
||||
struct maat_options *opts = maat_options_new();
|
||||
if (opts == NULL)
|
||||
{
|
||||
LOG_ERROR("%s: unable create maat feather", LOG_TAG_POLICY);
|
||||
LOG_ERROR("%s: unable create maat opts", LOG_TAG_POLICY);
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_INSTANCE_NAME, instance, strlen(instance));
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_FOREIGN_CONT_DIR, enforcer->config.foreign_cont_dir, strlen(enforcer->config.foreign_cont_dir));
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_SCAN_DETAIL, &(enforcer->config.scan_detail), sizeof(enforcer->config.scan_detail));
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_EFFECT_INVERVAL_MS, &(enforcer->config.effect_interval_ms), sizeof(enforcer->config.effect_interval_ms));
|
||||
maat_options_set_logger(opts, "log/maat.log", (enum log_level)enforcer->config.log_level);
|
||||
maat_options_set_instance_name(opts, instance);
|
||||
maat_options_set_caller_thread_number(opts, thread_num);
|
||||
maat_options_set_foreign_cont_dir(opts, enforcer->config.foreign_cont_dir);
|
||||
maat_options_set_rule_effect_interval_ms(opts, enforcer->config.effect_interval_ms);
|
||||
// TODO set enforcer->config.scan_detail
|
||||
// Maat4 is not supported temporarily
|
||||
|
||||
switch (enforcer->config.input_mode)
|
||||
{
|
||||
@@ -1308,7 +1315,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
|
||||
LOG_ERROR("%s: invalid json_cfg_file", LOG_TAG_POLICY);
|
||||
goto error_out;
|
||||
}
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_JSON_FILE_PATH, enforcer->config.json_cfg_file, strlen(enforcer->config.json_cfg_file));
|
||||
maat_options_set_json_file(opts, enforcer->config.json_cfg_file);
|
||||
break;
|
||||
case MAAT_INPUT_REDIS:
|
||||
if (!strlen(enforcer->config.redis_server))
|
||||
@@ -1331,9 +1338,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
|
||||
LOG_ERROR("%s: invalid redis_port_range", LOG_TAG_POLICY);
|
||||
goto error_out;
|
||||
}
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_PORT, &redis_port_select, sizeof(redis_port_select));
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_IP, enforcer->config.redis_server, strlen(enforcer->config.redis_server));
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_INDEX, &(enforcer->config.redis_db_idx), sizeof(enforcer->config.redis_db_idx));
|
||||
maat_options_set_redis(opts, enforcer->config.redis_server, redis_port_select, enforcer->config.redis_db_idx);
|
||||
break;
|
||||
case MAAT_INPUT_FILE:
|
||||
if (!strlen(enforcer->config.ful_cfg_dir))
|
||||
@@ -1346,8 +1351,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
|
||||
LOG_ERROR("%s: invalid inc_cfg_dir", LOG_TAG_POLICY);
|
||||
goto error_out;
|
||||
}
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_FULL_CFG_DIR, enforcer->config.ful_cfg_dir, strlen(enforcer->config.ful_cfg_dir));
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_INC_CFG_DIR, enforcer->config.inc_cfg_dir, strlen(enforcer->config.inc_cfg_dir));
|
||||
maat_options_set_iris(opts, enforcer->config.ful_cfg_dir, enforcer->config.inc_cfg_dir);
|
||||
break;
|
||||
default:
|
||||
LOG_ERROR("%s: invalid input_mode %d", LOG_TAG_POLICY, enforcer->config.input_mode);
|
||||
@@ -1356,33 +1360,42 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
|
||||
|
||||
if (enforcer->config.stat_switch)
|
||||
{
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_STAT_FILE_PATH, enforcer->config.stat_file, strlen(enforcer->config.stat_file));
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_STAT_ON, NULL, 0);
|
||||
// TODO enforcer->config.stat_file
|
||||
// Maat4 is not supported temporarily
|
||||
maat_options_set_stat_on(opts);
|
||||
if (enforcer->config.perf_switch)
|
||||
{
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_PERF_ON, NULL, 0);
|
||||
maat_options_set_perf_on(opts);
|
||||
}
|
||||
}
|
||||
|
||||
if (enforcer->config.deferred_load)
|
||||
{
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_DEFERRED_LOAD, NULL, 0);
|
||||
maat_options_set_deferred_load_on(opts);
|
||||
}
|
||||
|
||||
if (strlen(enforcer->config.accept_tags))
|
||||
{
|
||||
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_ACCEPT_TAGS, &(enforcer->config.accept_tags), sizeof(enforcer->config.accept_tags));
|
||||
maat_options_set_accept_tags(opts, enforcer->config.accept_tags);
|
||||
}
|
||||
|
||||
if (Maat_initiate_feather(enforcer->maat) < 0)
|
||||
enforcer->maat = maat_new(opts, enforcer->config.table_info);
|
||||
if (enforcer->maat == NULL)
|
||||
{
|
||||
LOG_ERROR("%s: maat init feather failed", LOG_TAG_POLICY);
|
||||
LOG_ERROR("%s: unable create maat", LOG_TAG_POLICY);
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
maat_options_free(opts);
|
||||
opts = NULL;
|
||||
return enforcer;
|
||||
|
||||
error_out:
|
||||
if (opts)
|
||||
{
|
||||
maat_options_free(opts);
|
||||
opts = NULL;
|
||||
}
|
||||
policy_enforcer_destory(enforcer);
|
||||
return NULL;
|
||||
}
|
||||
@@ -1393,7 +1406,7 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer)
|
||||
{
|
||||
if (enforcer->maat)
|
||||
{
|
||||
Maat_burn_feather(enforcer->maat);
|
||||
maat_free(enforcer->maat);
|
||||
enforcer->maat = NULL;
|
||||
}
|
||||
|
||||
@@ -1407,52 +1420,52 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer)
|
||||
int policy_enforcer_register(struct policy_enforcer *enforcer)
|
||||
{
|
||||
LOG_INFO("%s: register policy callback ...", LOG_TAG_POLICY);
|
||||
enforcer->compile_table_id = Maat_table_register(enforcer->maat, "SERVICE_CHAINING_COMPILE");
|
||||
enforcer->compile_table_id = maat_get_table_id(enforcer->maat, "SERVICE_CHAINING_COMPILE");
|
||||
if (enforcer->compile_table_id < 0)
|
||||
{
|
||||
LOG_ERROR("%s: register SERVICE_CHAINING_COMPILE table failed", LOG_TAG_POLICY);
|
||||
return -1;
|
||||
}
|
||||
|
||||
enforcer->sff_table_id = Maat_table_register(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE");
|
||||
enforcer->sff_table_id = maat_get_table_id(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE");
|
||||
if (enforcer->sff_table_id < 0)
|
||||
{
|
||||
LOG_ERROR("%s: register SERVICE_FUNCTION_FORWARDER_PROFILE table ailed", LOG_TAG_POLICY);
|
||||
return -1;
|
||||
}
|
||||
|
||||
enforcer->sf_table_id = Maat_table_register(enforcer->maat, "SERVICE_FUNCTION_PROFILE");
|
||||
enforcer->sf_table_id = maat_get_table_id(enforcer->maat, "SERVICE_FUNCTION_PROFILE");
|
||||
if (enforcer->sf_table_id < 0)
|
||||
{
|
||||
LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE table failed", LOG_TAG_POLICY);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (Maat_plugin_EX_register(enforcer->maat, enforcer->compile_table_id,
|
||||
chaining_param_new_cb,
|
||||
chaining_param_free_cb,
|
||||
chaining_param_dup_cb,
|
||||
NULL, 0, enforcer) != 0)
|
||||
if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_CHAINING_COMPILE",
|
||||
chaining_param_new_cb,
|
||||
chaining_param_free_cb,
|
||||
chaining_param_dup_cb,
|
||||
0, enforcer) != 0)
|
||||
{
|
||||
LOG_ERROR("%s: register SERVICE_CHAINING_COMPILE plugin extension callbacks failed", LOG_TAG_POLICY);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (Maat_plugin_EX_register(enforcer->maat, enforcer->sff_table_id,
|
||||
sff_param_new_cb,
|
||||
sff_param_free_cb,
|
||||
sff_param_dup_cb,
|
||||
NULL, 0, enforcer) != 0)
|
||||
if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE",
|
||||
sff_param_new_cb,
|
||||
sff_param_free_cb,
|
||||
sff_param_dup_cb,
|
||||
0, enforcer) != 0)
|
||||
{
|
||||
LOG_ERROR("%s: register SERVICE_FUNCTION_FORWARDER_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (Maat_plugin_EX_register(enforcer->maat, enforcer->sf_table_id,
|
||||
sf_param_new_cb,
|
||||
sf_param_free_cb,
|
||||
sf_param_dup_cb,
|
||||
NULL, 0, enforcer) != 0)
|
||||
if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_FUNCTION_PROFILE",
|
||||
sf_param_new_cb,
|
||||
sf_param_free_cb,
|
||||
sf_param_dup_cb,
|
||||
0, enforcer) != 0)
|
||||
{
|
||||
LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY);
|
||||
return -1;
|
||||
@@ -1467,7 +1480,7 @@ int policy_enforce_chaining_size(struct policy_enforcer *enforcer)
|
||||
return enforcer->config.max_chaining_size;
|
||||
}
|
||||
|
||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e)
|
||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, uint64_t rule_id, int dir_is_i2e)
|
||||
{
|
||||
uint64_t hash_value = 0;
|
||||
char buffer[16] = {0};
|
||||
@@ -1477,11 +1490,11 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
||||
struct chaining_param *chaining_param = NULL;
|
||||
struct selected_chaining *chaining = NULL;
|
||||
|
||||
snprintf(buffer, sizeof(buffer), "%d", policy_id);
|
||||
chaining_param = (struct chaining_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->compile_table_id, buffer);
|
||||
snprintf(buffer, sizeof(buffer), "%lu", rule_id);
|
||||
chaining_param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->compile_table_id, buffer);
|
||||
if (chaining_param == NULL)
|
||||
{
|
||||
LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %d", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, policy_id);
|
||||
LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %lu", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, rule_id);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1493,21 +1506,21 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
||||
{
|
||||
chaining = chainings->chaining_decrypted;
|
||||
}
|
||||
LOG_INFO("%s: session %lu %s enforce %s chaining policy %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), policy_id);
|
||||
LOG_INFO("%s: session %lu %s enforce %s chaining rule %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), rule_id);
|
||||
|
||||
for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++)
|
||||
{
|
||||
struct selected_sf *item = &(chaining->chaining[chaining->chaining_used]);
|
||||
selected_sf_init(item);
|
||||
|
||||
item->policy_id = policy_id;
|
||||
item->rule_id = rule_id;
|
||||
item->traffic_type = chaining_param->traffic_type;
|
||||
item->sff_profile_id = chaining_param->sff_profile_ids[i];
|
||||
item->sf_index = chaining->chaining_used;
|
||||
|
||||
memset(buffer, 0, sizeof(buffer));
|
||||
snprintf(buffer, sizeof(buffer), "%u", item->sff_profile_id);
|
||||
sff_param = (struct sff_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sff_table_id, buffer);
|
||||
sff_param = (struct sff_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sff_table_id, buffer);
|
||||
if (sff_param == NULL)
|
||||
{
|
||||
LOG_ERROR("%s: session %lu %s failed to get sff parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sff_profile_id);
|
||||
@@ -1521,7 +1534,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
||||
memset(&array, 0, sizeof(array));
|
||||
fixed_num_array_init(&array);
|
||||
select_sf_by_nearby_and_adminstatus(enforcer, sff_param, &array);
|
||||
LOG_DEBUG("%s: session %lu %s select sf from chaining policy %d sff_profile %d, sf_profile_num (before filter: %d -> filter nearby/admin_status: %d)", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, sff_param->sf_profile_ids_num, fixed_num_array_count_elem(&array));
|
||||
LOG_DEBUG("%s: session %lu %s select sf from chaining rule %lu sff_profile %d, sf_profile_num (before filter: %d -> filter nearby/admin_status: %d)", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, rule_id, item->sff_profile_id, sff_param->sf_profile_ids_num, fixed_num_array_count_elem(&array));
|
||||
if (fixed_num_array_count_elem(&array) == 0)
|
||||
{
|
||||
switch (sff_param->sff_exception.fail_action)
|
||||
@@ -1547,7 +1560,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
||||
}
|
||||
break;
|
||||
}
|
||||
LOG_DEBUG("%s: session %lu %s select sf frome chaining policy %d sff_profile %d, no sf available after filtering by 'nearby & admin_status', %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, action_reason_to_string(item->sf_action_reason));
|
||||
LOG_DEBUG("%s: session %lu %s rule_id %lu sff_profile_id %d, no sf available after filtering by 'nearby & admin_status', %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, rule_id, item->sff_profile_id, action_reason_to_string(item->sf_action_reason));
|
||||
chaining->chaining_used++;
|
||||
sff_param_free(sff_param);
|
||||
continue;
|
||||
@@ -1564,7 +1577,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
||||
|
||||
memset(&buffer, 0, sizeof(buffer));
|
||||
snprintf(buffer, sizeof(buffer), "%u", item->sf_profile_id);
|
||||
sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
|
||||
sf_param = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
|
||||
if (sf_param == NULL)
|
||||
{
|
||||
LOG_ERROR("%s: session %lu %s failed to get sf parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sf_profile_id);
|
||||
|
||||
@@ -82,7 +82,7 @@ struct session_ctx *session_ctx_new()
|
||||
struct session_ctx *session_ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
|
||||
assert(session_ctx != NULL);
|
||||
|
||||
fixed_num_array_init(&session_ctx->policy_ids);
|
||||
fixed_num_array_init(&session_ctx->rule_ids);
|
||||
|
||||
session_ctx->raw_meta_i2e = metadata_new();
|
||||
session_ctx->raw_meta_e2i = metadata_new();
|
||||
|
||||
@@ -10,11 +10,11 @@
|
||||
#include "utils.h"
|
||||
#include "sf_metrics.h"
|
||||
|
||||
#define SCE_SF_METRICS "SCE-SF-METRICS,rule_id=%d,sff_profile_id=%d,sf_profile_id=%d,type=service_chaining_metrics sent_pkts=%lu,sent_bytes=%lu,recv_pkts=%lu,recv_bytes=%lu"
|
||||
#define SCE_SF_METRICS "SCE-SF-METRICS,rule_id=%lu,sff_profile_id=%d,sf_profile_id=%d,type=service_chaining_metrics sent_pkts=%lu,sent_bytes=%lu,recv_pkts=%lu,recv_bytes=%lu"
|
||||
|
||||
struct key_tuple
|
||||
{
|
||||
int rule_id;
|
||||
uint64_t rule_id;
|
||||
int sff_profile_id;
|
||||
int sf_profile_id;
|
||||
};
|
||||
@@ -137,7 +137,7 @@ void sf_metrics_reset(struct sf_metrics *handle)
|
||||
}
|
||||
}
|
||||
|
||||
void sf_metrics_inc(struct sf_metrics *handle, int rule_id, int sff_profile_id, int sf_profile_id, uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes)
|
||||
void sf_metrics_inc(struct sf_metrics *handle, uint64_t rule_id, int sff_profile_id, int sf_profile_id, uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes)
|
||||
{
|
||||
if (handle->config.enable == 0)
|
||||
{
|
||||
|
||||
@@ -14,4 +14,5 @@ target_link_libraries(gtest_policy common platform gtest)
|
||||
include(GoogleTest)
|
||||
gtest_discover_tests(gtest_policy)
|
||||
|
||||
file(COPY ./test_resource/ DESTINATION ./test_resource/)
|
||||
file(COPY ./test_resource/ DESTINATION ./test_resource/)
|
||||
file(COPY ${CMAKE_SOURCE_DIR}/resource/table_info.conf DESTINATION ./test_resource/)
|
||||
@@ -18,7 +18,7 @@ TEST(POLICY, SELECTED_CHAINING_LIFE_CYCLE)
|
||||
{
|
||||
struct selected_chaining *chaining = NULL;
|
||||
|
||||
chaining = selected_chaining_create(128, 0, NULL);
|
||||
chaining = selected_chaining_create(128, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chaining != nullptr);
|
||||
|
||||
selected_chaining_destory(chaining);
|
||||
@@ -32,6 +32,8 @@ TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
|
||||
|
||||
t_ctx.ref_metrics = &g_metrics;
|
||||
s_ctx.ref_thread_ctx = &t_ctx;
|
||||
s_ctx.session_id = 1;
|
||||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||||
|
||||
struct raw_pkt_parser handler;
|
||||
raw_packet_parser_init(&handler, 0, LAYER_TYPE_ALL, 8);
|
||||
@@ -47,8 +49,8 @@ TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, 0, NULL);
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, 0, NULL);
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
||||
|
||||
@@ -4,6 +4,9 @@ nr_worker_threads=8
|
||||
[maat]
|
||||
# 0:json 1:redis 2:iris
|
||||
input_mode=0
|
||||
# LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO = 2;
|
||||
# LOG_LEVEL_WARN = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
|
||||
log_level=1
|
||||
stat_switch=1
|
||||
perf_switch=1
|
||||
scan_detail=0
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
0 SERVICE_CHAINING_COMPILE plugin {"key":1,"valid":8}
|
||||
1 SERVICE_FUNCTION_FORWARDER_PROFILE plugin {"key":1,"valid":8}
|
||||
2 SERVICE_FUNCTION_PROFILE plugin {"key":1,"valid":6}
|
||||
@@ -1,3 +1,32 @@
|
||||
0 SERVICE_CHAINING_COMPILE plugin {"key":1,"valid":8}
|
||||
1 SERVICE_FUNCTION_FORWARDER_PROFILE plugin {"key":1,"valid":8}
|
||||
2 SERVICE_FUNCTION_PROFILE plugin {"key":1,"valid":6}
|
||||
[
|
||||
{
|
||||
"table_id":0,
|
||||
"table_name":"SERVICE_CHAINING_COMPILE",
|
||||
"table_type":"plugin",
|
||||
"valid_column":8,
|
||||
"custom":{
|
||||
"key":1,
|
||||
"key_type":"pointer"
|
||||
}
|
||||
},
|
||||
{
|
||||
"table_id":1,
|
||||
"table_name":"SERVICE_FUNCTION_FORWARDER_PROFILE",
|
||||
"table_type":"plugin",
|
||||
"valid_column":8,
|
||||
"custom":{
|
||||
"key":1,
|
||||
"key_type":"pointer"
|
||||
}
|
||||
},
|
||||
{
|
||||
"table_id":2,
|
||||
"table_name":"SERVICE_FUNCTION_PROFILE",
|
||||
"table_type":"plugin",
|
||||
"valid_column":6,
|
||||
"custom":{
|
||||
"key":1,
|
||||
"key_type":"pointer"
|
||||
}
|
||||
}
|
||||
]
|
||||
@@ -81,4 +81,5 @@ gtest_discover_tests(gtest_raw_pkt_stee_forward)
|
||||
|
||||
file(COPY ./test_data/log/ DESTINATION ./log/)
|
||||
file(COPY ./test_data/conf/ DESTINATION ./conf/)
|
||||
file(COPY ./test_data/resource/ DESTINATION ./resource/)
|
||||
file(COPY ./test_data/resource/ DESTINATION ./resource/)
|
||||
file(COPY ${CMAKE_SOURCE_DIR}/resource/table_info.conf DESTINATION ./resource/)
|
||||
@@ -18,6 +18,9 @@ breakpad_upload_tools=/opt/tsg/framework/bin/minidump_upload
|
||||
[maat]
|
||||
# 0:json 1:redis 2:iris
|
||||
input_mode=0
|
||||
# LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO = 2;
|
||||
# LOG_LEVEL_WARN = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
|
||||
log_level=1
|
||||
stat_switch=1
|
||||
perf_switch=1
|
||||
scan_detail=0
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
0 SERVICE_CHAINING_COMPILE plugin {"key":1,"valid":8}
|
||||
1 SERVICE_FUNCTION_FORWARDER_PROFILE plugin {"key":1,"valid":8}
|
||||
2 SERVICE_FUNCTION_PROFILE plugin {"key":1,"valid":6}
|
||||
2
vendor/CMakeLists.txt
vendored
2
vendor/CMakeLists.txt
vendored
@@ -53,7 +53,7 @@ set_property(TARGET MESA_field_stat PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_
|
||||
set_property(TARGET MESA_field_stat PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
|
||||
|
||||
add_library(maatframe SHARED IMPORTED GLOBAL)
|
||||
set_property(TARGET maatframe PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libmaatframe.so)
|
||||
set_property(TARGET maatframe PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libmaat4.so)
|
||||
set_property(TARGET maatframe PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
|
||||
|
||||
set(MRZCPD_LIB_DIR /opt/mrzcpd/lib)
|
||||
|
||||
Reference in New Issue
Block a user