gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-14568 tsg-service-chaining-engine支持MAAT4

Browse Source
This commit is contained in:
luwenpeng
2023-04-07 14:09:20 +08:00
parent 0f45abedc8
commit 7215e0b545
24 changed files with 193 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
platform/src/policy.cpp
View File

@@ -1,8 +1,7 @@
#include <time.h>
#include <assert.h>
#include <cjson/cJSON.h>
#include <MESA/Maat_rule.h>
#include <MESA/maat.h>
#include <MESA/MESA_prof_load.h>
#include "global_metrics.h"
@@ -28,6 +27,7 @@ struct policy_config
{
enum input_mode input_mode;
int log_level;
int stat_switch;
int perf_switch;
int scan_detail;
@@ -53,7 +53,7 @@ struct policy_config
struct policy_enforcer
{
struct policy_config config;
Maat_feather_t maat;
struct maat *maat;
int compile_table_id; // SERVICE_CHAINING_COMPILE table id
int sff_table_id; // SERVICE_FUNCTION_FORWARDER_PROFILE table id
@@ -66,7 +66,7 @@ struct policy_enforcer
struct chaining_param
{
int policy_id;
uint64_t rule_id;
int ref_cnt;
enum traffic_type traffic_type;
@@ -220,6 +220,9 @@ error_out:
static void policy_enforcer_config(const char *profile, struct policy_config *config)
{
MESA_load_profile_int_def(profile, "MAAT", "input_mode", (int *)&(config->input_mode), MAAT_INPUT_REDIS);
// LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO = 2;
// LOG_LEVEL_WARN = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
MESA_load_profile_int_def(profile, "MAAT", "log_level", &(config->log_level), 5);
MESA_load_profile_int_def(profile, "MAAT", "stat_switch", &(config->stat_switch), 1);
MESA_load_profile_int_def(profile, "MAAT", "perf_switch", &(config->perf_switch), 1);
MESA_load_profile_int_def(profile, "MAAT", "scan_detail", &(config->scan_detail), 0);
@@ -246,6 +249,7 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co
}
LOG_DEBUG("%s: MAAT->input_mode : %s", LOG_TAG_POLICY, (config->input_mode == MAAT_INPUT_REDIS ? "redis" : (config->input_mode == MAAT_INPUT_JSON ? "json" : (config->input_mode == MAAT_INPUT_FILE ? "file" : "unknown"))));
LOG_DEBUG("%s: MAAT->log_level : %d", LOG_TAG_POLICY, config->log_level);
LOG_DEBUG("%s: MAAT->stat_switch : %d", LOG_TAG_POLICY, config->stat_switch);
LOG_DEBUG("%s: MAAT->perf_switch : %d", LOG_TAG_POLICY, config->perf_switch);
LOG_DEBUG("%s: MAAT->scan_detail : %d", LOG_TAG_POLICY, config->scan_detail);
@@ -268,7 +272,7 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co
LOG_DEBUG("%s: MAAT->max_chaining_size : %d", LOG_TAG_POLICY, config->max_chaining_size);
}
static void chaining_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
static void chaining_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
int iter = 0;
cJSON *json = NULL;
@@ -278,9 +282,9 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
size_t user_region_len = 0;
struct chaining_param *param = NULL;
if (Maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len) < 0)
if (maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len) < 0)
{
LOG_ERROR("%s: unexpected chaining policy: (invalid user region) %s", LOG_TAG_POLICY, table_line);
LOG_ERROR("%s: unexpected chaining rule: (invalid user region) %s", LOG_TAG_POLICY, table_line);
return;
}
@@ -289,19 +293,19 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
json = cJSON_Parse(json_str);
if (json == NULL)
{
LOG_ERROR("%s: unexpected chaining policy: (invalid json format) %s", LOG_TAG_POLICY, table_line);
LOG_ERROR("%s: unexpected chaining rule: (invalid json format) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
param = (struct chaining_param *)calloc(1, sizeof(struct chaining_param));
param->policy_id = atoi(key);
param->rule_id = atoll(key);
param->ref_cnt = 1;
// targeted_traffic
item = cJSON_GetObjectItem(json, "targeted_traffic");
if (!item || !cJSON_IsString(item))
{
LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
if (strcasecmp(item->valuestring, "raw") == 0)
@@ -314,16 +318,16 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
}
else
{
LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: %s", LOG_TAG_POLICY, param->policy_id, traffic_type_to_string(param->traffic_type));
LOG_DEBUG("%s: parse chaining rule: %lu, targeted_traffic: %s", LOG_TAG_POLICY, param->rule_id, traffic_type_to_string(param->traffic_type));
// sff_profiles
item = cJSON_GetObjectItem(json, "sff_profiles");
if (!item || !cJSON_IsArray(item) || !cJSON_GetArraySize(item))
{
LOG_ERROR("%s: unexpected chaining policy: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
LOG_ERROR("%s: unexpected chaining rule: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
param->sff_profile_ids_num = cJSON_GetArraySize(item);
@@ -332,17 +336,17 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
{
if (!cJSON_IsNumber(element))
{
LOG_ERROR("%s: unexpected chaining policy: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
LOG_ERROR("%s: unexpected chaining rule: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
continue;
}
LOG_DEBUG("%s: parse chaining policy: %d, sff_profiles[%d/%d]: %d", LOG_TAG_POLICY, param->policy_id, iter, param->sff_profile_ids_num, element->valueint);
LOG_DEBUG("%s: parse chaining rule: %lu, sff_profiles[%d/%d]: %d", LOG_TAG_POLICY, param->rule_id, iter, param->sff_profile_ids_num, element->valueint);
param->sff_profile_ids[iter] = element->valueint;
iter++;
}
*ad = param;
LOG_INFO("%s: Add chaining policy: %d", LOG_TAG_POLICY, param->policy_id);
LOG_INFO("%s: Add chaining rule: %lu", LOG_TAG_POLICY, param->rule_id);
cJSON_Delete(json);
free(json_str);
@@ -373,7 +377,7 @@ error_out:
}
}
static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
static void chaining_param_free_cb(int table_id, void **ad, long argl, void *argp)
{
struct chaining_param *param = (struct chaining_param *)*ad;
if (param == NULL)
@@ -383,7 +387,7 @@ static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long a
if ((__sync_sub_and_fetch(&param->ref_cnt, 1) == 0))
{
LOG_INFO("%s: Del chaining policy: %d", LOG_TAG_POLICY, param->policy_id);
LOG_INFO("%s: Del chaining rule: %lu", LOG_TAG_POLICY, param->rule_id);
if (param->sff_profile_ids)
{
free(param->sff_profile_ids);
@@ -396,7 +400,7 @@ static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long a
}
}
static void chaining_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
static void chaining_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
{
struct chaining_param *param = (struct chaining_param *)*from;
if (param)
@@ -415,7 +419,7 @@ static void chaining_param_free(struct chaining_param *param)
chaining_param_free_cb(0, (void **)&param, 0, NULL);
}
static void sff_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
static void sff_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
int iter = 0;
struct sff_param *param = NULL;
@@ -533,7 +537,7 @@ static void sff_param_new_cb(int table_id, const char *key, const char *table_li
item = cJSON_GetObjectItem(root1, "action");
if (!item || !cJSON_IsString(item))
{
LOG_ERROR("%s: unexpected chaining policy: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
LOG_ERROR("%s: unexpected chaining rule: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
if (0 == strcasecmp(item->valuestring, "bypass"))
@@ -546,7 +550,7 @@ static void sff_param_new_cb(int table_id, const char *key, const char *table_li
}
else
{
LOG_ERROR("%s: unexpected chaining policy: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
LOG_ERROR("%s: unexpected chaining rule: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
goto error_out;
}
LOG_DEBUG("%s: parse sff profile: %d, unavailability_action->action: %s", LOG_TAG_POLICY, param->sff_profile_id, item->valuestring);
@@ -612,7 +616,7 @@ error_out:
}
}
static void sff_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
static void sff_param_free_cb(int table_id, void **ad, long argl, void *argp)
{
struct sff_param *param = (struct sff_param *)*ad;
if (param == NULL)
@@ -635,7 +639,7 @@ static void sff_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl,
}
}
static void sff_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
static void sff_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
{
struct sff_param *param = (struct sff_param *)*from;
if (param)
@@ -654,7 +658,7 @@ static void sff_param_free(struct sff_param *param)
sff_param_free_cb(0, (void **)&param, 0, NULL);
}
static void sf_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
static void sf_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
struct sf_param *param = NULL;
cJSON *root1 = NULL;
@@ -863,7 +867,7 @@ error_out:
}
}
static void sf_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
static void sf_param_free_cb(int table_id, void **ad, long argl, void *argp)
{
struct sf_param *param = (struct sf_param *)*ad;
if (param == NULL)
@@ -882,7 +886,7 @@ static void sf_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, v
}
}
static void sf_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
static void sf_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
{
struct sf_param *param = (struct sf_param *)*from;
if (param)
@@ -911,7 +915,7 @@ static void select_sf_by_nearby_and_adminstatus(struct policy_enforcer *enforcer
{
memset(&buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%u", sff_param->sf_profile_ids[i]);
sf = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
sf = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
if (sf == NULL)
{
LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sff_param->sf_profile_ids[i]);
@@ -964,7 +968,7 @@ static enum session_action select_sf_by_ldbc(struct policy_enforcer *enforcer, s
memset(&buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%u", sf_profile_id);
sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
sf_param = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
if (sf_param == NULL)
{
LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sf_profile_id);
@@ -1042,7 +1046,7 @@ static void selected_sf_init(struct selected_sf *item)
if (item)
{
memset(item, 0, sizeof(struct selected_sf));
item->policy_id = -1;
item->rule_id = 0;
item->traffic_type = TRAFFIC_TYPE_NONE;
item->sff_profile_id = -1;
item->sff_forward_type = FORWARD_TYPE_NONE;
@@ -1205,7 +1209,7 @@ void selected_chaining_dump(struct selected_chaining *chaining)
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->policy_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->policy_id);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->rule_id : %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->rule_id);
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_to_string(node->traffic_type));
// sff
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id);
@@ -1243,8 +1247,8 @@ void selected_chaining_bref(struct selected_chaining *chaining)
buff_used += snprintf(buff + buff_used, buff_size - buff_used, ",");
}
buff_used += snprintf(buff + buff_used, buff_size - buff_used,
"\"node[%d]\":{\"skip\":%d,\"policy_id\":%d,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"traffic_type\":\"%s\",\"sff_forward_type\":\"%s\",\"sf_action\":\"%s\",\"reason\":\"%s\"}",
i, node->sf_need_skip, node->policy_id, node->sff_profile_id, node->sf_profile_id,
"\"node[%d]\":{\"skip\":%d,\"rule_id\":%lu,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"traffic_type\":\"%s\",\"sff_forward_type\":\"%s\",\"sf_action\":\"%s\",\"reason\":\"%s\"}",
i, node->sf_need_skip, node->rule_id, node->sff_profile_id, node->sf_profile_id,
traffic_type_to_string(node->traffic_type), forward_type_to_string(node->sff_forward_type), session_action_to_string(node->sf_action), action_reason_to_string(node->sf_action_reason));
}
}
@@ -1288,17 +1292,20 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
assert(enforcer);
policy_enforcer_config(profile, &(enforcer->config));
enforcer->maat = Maat_feather(thread_num, enforcer->config.table_info, logger);
if (enforcer->maat == NULL)
struct maat_options *opts = maat_options_new();
if (opts == NULL)
{
LOG_ERROR("%s: unable create maat feather", LOG_TAG_POLICY);
LOG_ERROR("%s: unable create maat opts", LOG_TAG_POLICY);
goto error_out;
}
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_INSTANCE_NAME, instance, strlen(instance));
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_FOREIGN_CONT_DIR, enforcer->config.foreign_cont_dir, strlen(enforcer->config.foreign_cont_dir));
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_SCAN_DETAIL, &(enforcer->config.scan_detail), sizeof(enforcer->config.scan_detail));
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_EFFECT_INVERVAL_MS, &(enforcer->config.effect_interval_ms), sizeof(enforcer->config.effect_interval_ms));
maat_options_set_logger(opts, "log/maat.log", (enum log_level)enforcer->config.log_level);
maat_options_set_instance_name(opts, instance);
maat_options_set_caller_thread_number(opts, thread_num);
maat_options_set_foreign_cont_dir(opts, enforcer->config.foreign_cont_dir);
maat_options_set_rule_effect_interval_ms(opts, enforcer->config.effect_interval_ms);
// TODO set enforcer->config.scan_detail
// Maat4 is not supported temporarily
switch (enforcer->config.input_mode)
{
@@ -1308,7 +1315,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
LOG_ERROR("%s: invalid json_cfg_file", LOG_TAG_POLICY);
goto error_out;
}
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_JSON_FILE_PATH, enforcer->config.json_cfg_file, strlen(enforcer->config.json_cfg_file));
maat_options_set_json_file(opts, enforcer->config.json_cfg_file);
break;
case MAAT_INPUT_REDIS:
if (!strlen(enforcer->config.redis_server))
@@ -1331,9 +1338,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
LOG_ERROR("%s: invalid redis_port_range", LOG_TAG_POLICY);
goto error_out;
}
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_PORT, &redis_port_select, sizeof(redis_port_select));
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_IP, enforcer->config.redis_server, strlen(enforcer->config.redis_server));
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_INDEX, &(enforcer->config.redis_db_idx), sizeof(enforcer->config.redis_db_idx));
maat_options_set_redis(opts, enforcer->config.redis_server, redis_port_select, enforcer->config.redis_db_idx);
break;
case MAAT_INPUT_FILE:
if (!strlen(enforcer->config.ful_cfg_dir))
@@ -1346,8 +1351,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
LOG_ERROR("%s: invalid inc_cfg_dir", LOG_TAG_POLICY);
goto error_out;
}
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_FULL_CFG_DIR, enforcer->config.ful_cfg_dir, strlen(enforcer->config.ful_cfg_dir));
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_INC_CFG_DIR, enforcer->config.inc_cfg_dir, strlen(enforcer->config.inc_cfg_dir));
maat_options_set_iris(opts, enforcer->config.ful_cfg_dir, enforcer->config.inc_cfg_dir);
break;
default:
LOG_ERROR("%s: invalid input_mode %d", LOG_TAG_POLICY, enforcer->config.input_mode);
@@ -1356,33 +1360,42 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
if (enforcer->config.stat_switch)
{
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_STAT_FILE_PATH, enforcer->config.stat_file, strlen(enforcer->config.stat_file));
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_STAT_ON, NULL, 0);
// TODO enforcer->config.stat_file
// Maat4 is not supported temporarily
maat_options_set_stat_on(opts);
if (enforcer->config.perf_switch)
{
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_PERF_ON, NULL, 0);
maat_options_set_perf_on(opts);
}
}
if (enforcer->config.deferred_load)
{
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_DEFERRED_LOAD, NULL, 0);
maat_options_set_deferred_load_on(opts);
}
if (strlen(enforcer->config.accept_tags))
{
Maat_set_feather_opt(enforcer->maat, MAAT_OPT_ACCEPT_TAGS, &(enforcer->config.accept_tags), sizeof(enforcer->config.accept_tags));
maat_options_set_accept_tags(opts, enforcer->config.accept_tags);
}
if (Maat_initiate_feather(enforcer->maat) < 0)
enforcer->maat = maat_new(opts, enforcer->config.table_info);
if (enforcer->maat == NULL)
{
LOG_ERROR("%s: maat init feather failed", LOG_TAG_POLICY);
LOG_ERROR("%s: unable create maat", LOG_TAG_POLICY);
goto error_out;
}
maat_options_free(opts);
opts = NULL;
return enforcer;
error_out:
if (opts)
{
maat_options_free(opts);
opts = NULL;
}
policy_enforcer_destory(enforcer);
return NULL;
}
@@ -1393,7 +1406,7 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer)
{
if (enforcer->maat)
{
Maat_burn_feather(enforcer->maat);
maat_free(enforcer->maat);
enforcer->maat = NULL;
}
@@ -1407,52 +1420,52 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer)
int policy_enforcer_register(struct policy_enforcer *enforcer)
{
LOG_INFO("%s: register policy callback ...", LOG_TAG_POLICY);
enforcer->compile_table_id = Maat_table_register(enforcer->maat, "SERVICE_CHAINING_COMPILE");
enforcer->compile_table_id = maat_get_table_id(enforcer->maat, "SERVICE_CHAINING_COMPILE");
if (enforcer->compile_table_id < 0)
{
LOG_ERROR("%s: register SERVICE_CHAINING_COMPILE table failed", LOG_TAG_POLICY);
return -1;
}
enforcer->sff_table_id = Maat_table_register(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE");
enforcer->sff_table_id = maat_get_table_id(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE");
if (enforcer->sff_table_id < 0)
{
LOG_ERROR("%s: register SERVICE_FUNCTION_FORWARDER_PROFILE table ailed", LOG_TAG_POLICY);
return -1;
}
enforcer->sf_table_id = Maat_table_register(enforcer->maat, "SERVICE_FUNCTION_PROFILE");
enforcer->sf_table_id = maat_get_table_id(enforcer->maat, "SERVICE_FUNCTION_PROFILE");
if (enforcer->sf_table_id < 0)
{
LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE table failed", LOG_TAG_POLICY);
return -1;
}
if (Maat_plugin_EX_register(enforcer->maat, enforcer->compile_table_id,
chaining_param_new_cb,
chaining_param_free_cb,
chaining_param_dup_cb,
NULL, 0, enforcer) != 0)
if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_CHAINING_COMPILE",
chaining_param_new_cb,
chaining_param_free_cb,
chaining_param_dup_cb,
0, enforcer) != 0)
{
LOG_ERROR("%s: register SERVICE_CHAINING_COMPILE plugin extension callbacks failed", LOG_TAG_POLICY);
return -1;
}
if (Maat_plugin_EX_register(enforcer->maat, enforcer->sff_table_id,
sff_param_new_cb,
sff_param_free_cb,
sff_param_dup_cb,
NULL, 0, enforcer) != 0)
if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE",
sff_param_new_cb,
sff_param_free_cb,
sff_param_dup_cb,
0, enforcer) != 0)
{
LOG_ERROR("%s: register SERVICE_FUNCTION_FORWARDER_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY);
return -1;
}
if (Maat_plugin_EX_register(enforcer->maat, enforcer->sf_table_id,
sf_param_new_cb,
sf_param_free_cb,
sf_param_dup_cb,
NULL, 0, enforcer) != 0)
if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_FUNCTION_PROFILE",
sf_param_new_cb,
sf_param_free_cb,
sf_param_dup_cb,
0, enforcer) != 0)
{
LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY);
return -1;
@@ -1467,7 +1480,7 @@ int policy_enforce_chaining_size(struct policy_enforcer *enforcer)
return enforcer->config.max_chaining_size;
}
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e)
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, uint64_t rule_id, int dir_is_i2e)
{
uint64_t hash_value = 0;
char buffer[16] = {0};
@@ -1477,11 +1490,11 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
struct chaining_param *chaining_param = NULL;
struct selected_chaining *chaining = NULL;
snprintf(buffer, sizeof(buffer), "%d", policy_id);
chaining_param = (struct chaining_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->compile_table_id, buffer);
snprintf(buffer, sizeof(buffer), "%lu", rule_id);
chaining_param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->compile_table_id, buffer);
if (chaining_param == NULL)
{
LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %d", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, policy_id);
LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %lu", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, rule_id);
return;
}
@@ -1493,21 +1506,21 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
{
chaining = chainings->chaining_decrypted;
}
LOG_INFO("%s: session %lu %s enforce %s chaining policy %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), policy_id);
LOG_INFO("%s: session %lu %s enforce %s chaining rule %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), rule_id);
for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++)
{
struct selected_sf *item = &(chaining->chaining[chaining->chaining_used]);
selected_sf_init(item);
item->policy_id = policy_id;
item->rule_id = rule_id;
item->traffic_type = chaining_param->traffic_type;
item->sff_profile_id = chaining_param->sff_profile_ids[i];
item->sf_index = chaining->chaining_used;
memset(buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%u", item->sff_profile_id);
sff_param = (struct sff_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sff_table_id, buffer);
sff_param = (struct sff_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sff_table_id, buffer);
if (sff_param == NULL)
{
LOG_ERROR("%s: session %lu %s failed to get sff parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sff_profile_id);
@@ -1521,7 +1534,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
memset(&array, 0, sizeof(array));
fixed_num_array_init(&array);
select_sf_by_nearby_and_adminstatus(enforcer, sff_param, &array);
LOG_DEBUG("%s: session %lu %s select sf from chaining policy %d sff_profile %d, sf_profile_num (before filter: %d -> filter nearby/admin_status: %d)", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, sff_param->sf_profile_ids_num, fixed_num_array_count_elem(&array));
LOG_DEBUG("%s: session %lu %s select sf from chaining rule %lu sff_profile %d, sf_profile_num (before filter: %d -> filter nearby/admin_status: %d)", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, rule_id, item->sff_profile_id, sff_param->sf_profile_ids_num, fixed_num_array_count_elem(&array));
if (fixed_num_array_count_elem(&array) == 0)
{
switch (sff_param->sff_exception.fail_action)
@@ -1547,7 +1560,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
}
break;
}
LOG_DEBUG("%s: session %lu %s select sf frome chaining policy %d sff_profile %d, no sf available after filtering by 'nearby & admin_status', %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, action_reason_to_string(item->sf_action_reason));
LOG_DEBUG("%s: session %lu %s rule_id %lu sff_profile_id %d, no sf available after filtering by 'nearby & admin_status', %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, rule_id, item->sff_profile_id, action_reason_to_string(item->sf_action_reason));
chaining->chaining_used++;
sff_param_free(sff_param);
continue;
@@ -1564,7 +1577,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
memset(&buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%u", item->sf_profile_id);
sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
sf_param = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
if (sf_param == NULL)
{
LOG_ERROR("%s: session %lu %s failed to get sf parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sf_profile_id);