gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13878 tsg-service-chaining-engine支持fieldstat2

Browse Source
This commit is contained in:
luwenpeng
2023-02-21 09:58:31 +08:00
parent b1abe96b06
commit 823490bcd1
20 changed files with 555 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

253
platform/src/packet_io.cpp
View File

@@ -11,10 +11,11 @@
#include "utils.h"
#include "g_vxlan.h"
#include "ctrl_packet.h"
#include "global_metrics.h"
/*
* add: vxlan_hdr
* del: marsio_buff_reset()
* del: marsio_buff_ctrlzone_reset()
* +----+ NF2SF +----+
* | |--------------------------->| |
* | | | |
@@ -89,7 +90,7 @@ struct metadata
int dir_is_e2i;
int is_ctrl_pkt;
int l7_offset; // only control packet set l7_offset
uint16_t l7_offset; // only control packet set l7_offset
int traffic_is_decrypted; // only raw packet set traffic_is_decrypted
struct sids sids;
@@ -106,6 +107,8 @@ void packet_io_destory(struct packet_io *handle);
int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, void *ctx);
int packet_io_polling_endpoint(struct packet_io *handle, int thread_seq, void *ctx);
// return 0 : success
// return -1 : error
static int packet_io_config(const char *profile, struct config *config);
// return 0 : success
@@ -114,6 +117,7 @@ static int packet_io_get_metadata(marsio_buff_t *tx_buff, struct metadata *meta)
// return 0 : success
// return -1 : error
static int packet_io_set_metadata(marsio_buff_t *tx_buff, struct metadata *meta);
static void packet_io_dump_metadata(marsio_buff_t *tx_buff, struct metadata *meta);
// return 0 : success
// return -1 : error
@@ -122,21 +126,25 @@ static int handle_control_packet(struct packet_io *handle, marsio_buff_t *rx_buf
// return : RAW_PKT_HIT_BYPASS
// return : RAW_PKT_HIT_BLOCK
// reutrn : RAW_PKT_HIT_FORWARD
static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx);
static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx, int *action_bytes);
// return : INJT_PKT_ERR_DROP
// return : INJT_PKT_HIT_BLOCK
// return : INJT_PKT_HIT_FWD2SF
// return : INJT_PKT_HIT_FWD2NF
static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx);
static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx, int *action_bytes);
// return 0 : success
// return + : send n bytes
// return -1 : error
static int forward_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, struct selected_sf *sf, int thread_seq, void *ctx);
// return 0 : success
// return + : send n bytes
// return -1 : error
static int forward_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, int thread_seq, void *ct);
static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct selected_sf *sf, int thread_seq, void *ctx);
static void forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx);
// return + : send n bytes
// return -1 : error bypass
static int forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct selected_sf *sf, int thread_seq, void *ctx);
// return + : send n bytes
// return -1 : error drop
static int forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx);
// return 0 : success
// return -1 : error
@@ -282,7 +290,7 @@ int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, voi
{
for (int j = 0; j < nr_recv; j++)
{
if (marsio_buff_is_ctrlbuf(rx_buffs[j]))
if (!marsio_buff_is_ctrlbuf(rx_buffs[j]))
{
int raw_len = marsio_buff_datalen(rx_buffs[j]);
throughput_metrics_inc(&g_metrics->dev_nf_interface_rx, 1, raw_len);
@@ -304,8 +312,18 @@ int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, voi
marsio_buff_t *rx_buff = rx_buffs[j];
int raw_len = marsio_buff_datalen(rx_buff);
throughput_metrics_inc(&g_metrics->dev_nf_interface_rx, 1, raw_len);
throughput_metrics_inc(&g_metrics->dev_endpoint_tx, 1, raw_len);
forward_all_nf_packet_to_sf(handle, rx_buff, &sf, thread_seq, ctx);
// return + : send n bytes
// return -1 : error bypass
int nsend = forward_all_nf_packet_to_sf(handle, rx_buff, &sf, thread_seq, ctx);
if (nsend > 0)
{
throughput_metrics_inc(&g_metrics->dev_endpoint_tx, 1, nsend);
}
else
{
throughput_metrics_inc(&g_metrics->dev_nf_interface_err_bypass, 1, raw_len);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
}
}
return nr_recv;
}
@@ -313,29 +331,33 @@ int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, voi
for (int j = 0; j < nr_recv; j++)
{
marsio_buff_t *rx_buff = rx_buffs[j];
int raw_len = marsio_buff_datalen(rx_buff);
if (marsio_buff_is_ctrlbuf(rx_buff))
{
handle_control_packet(handle, rx_buff, thread_seq, ctx);
throughput_metrics_inc(&g_metrics->control_packet_rx, 1, raw_len);
// all control packet need bypass
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
}
else
{
int raw_len = marsio_buff_datalen(rx_buff);
throughput_metrics_inc(&g_metrics->dev_nf_interface_rx, 1, raw_len);
enum raw_pkt_action action = handle_raw_packet(handle, rx_buff, thread_seq, ctx);
int action_bytes = 0;
enum raw_pkt_action action = handle_raw_packet(handle, rx_buff, thread_seq, ctx, &action_bytes);
assert(action_bytes > 0);
switch (action)
{
case RAW_PKT_ERR_BYPASS:
throughput_metrics_inc(&g_metrics->dev_nf_interface_err_bypass, 1, raw_len);
throughput_metrics_inc(&g_metrics->dev_nf_interface_err_bypass, 1, action_bytes);
break;
case RAW_PKT_HIT_BYPASS:
throughput_metrics_inc(&g_metrics->hit_bypass_policy, 1, raw_len);
throughput_metrics_inc(&g_metrics->hit_bypass_policy, 1, action_bytes);
break;
case RAW_PKT_HIT_BLOCK:
throughput_metrics_inc(&g_metrics->hit_block_policy, 1, raw_len);
throughput_metrics_inc(&g_metrics->hit_block_policy, 1, action_bytes);
break;
case RAW_PKT_HIT_FORWARD:
throughput_metrics_inc(&g_metrics->dev_endpoint_tx, 1, action_bytes);
break;
}
}
@@ -377,8 +399,17 @@ int packet_io_polling_endpoint(struct packet_io *handle, int thread_seq, void *c
marsio_buff_t *rx_buff = rx_buffs[j];
int raw_len = marsio_buff_datalen(rx_buff);
throughput_metrics_inc(&g_metrics->dev_endpoint_rx, 1, raw_len);
throughput_metrics_inc(&g_metrics->dev_nf_interface_tx, 1, raw_len);
forward_all_sf_packet_to_nf(handle, rx_buff, thread_seq, ctx);
// return + : send n bytes
// return -1 : error drop
int nsend = forward_all_sf_packet_to_nf(handle, rx_buff, thread_seq, ctx);
if (nsend > 0)
{
throughput_metrics_inc(&g_metrics->dev_nf_interface_tx, 1, nsend);
}
else
{
throughput_metrics_inc(&g_metrics->dev_endpoint_err_drop, 1, raw_len);
}
}
return nr_recv;
}
@@ -389,20 +420,22 @@ int packet_io_polling_endpoint(struct packet_io *handle, int thread_seq, void *c
int data_len = marsio_buff_datalen(rx_buff);
throughput_metrics_inc(&g_metrics->dev_endpoint_rx, 1, data_len);
enum inject_pkt_action action = handle_inject_packet(handle, rx_buff, thread_seq, ctx);
int action_bytes = 0;
enum inject_pkt_action action = handle_inject_packet(handle, rx_buff, thread_seq, ctx, &action_bytes);
assert(action_bytes > 0);
switch (action)
{
case INJT_PKT_ERR_DROP:
throughput_metrics_inc(&g_metrics->dev_endpoint_err_drop, 1, data_len);
throughput_metrics_inc(&g_metrics->dev_endpoint_err_drop, 1, action_bytes);
break;
case INJT_PKT_HIT_BLOCK:
throughput_metrics_inc(&g_metrics->hit_block_policy, 1, data_len);
throughput_metrics_inc(&g_metrics->hit_block_policy, 1, action_bytes);
break;
case INJT_PKT_HIT_FWD2SF: // forward to next service function
throughput_metrics_inc(&g_metrics->dev_endpoint_tx, 1, data_len);
throughput_metrics_inc(&g_metrics->dev_endpoint_tx, 1, action_bytes);
break;
case INJT_PKT_HIT_FWD2NF: // forward to network function
throughput_metrics_inc(&g_metrics->dev_nf_interface_tx, 1, data_len);
throughput_metrics_inc(&g_metrics->dev_nf_interface_tx, 1, action_bytes);
break;
}
}
@@ -410,8 +443,8 @@ int packet_io_polling_endpoint(struct packet_io *handle, int thread_seq, void *c
return nr_recv;
}
// return -1 : error
// return 0 : success
// return -1 : error
static int packet_io_config(const char *profile, struct config *config)
{
MESA_load_profile_int_def(profile, "PACKET_IO", "bypass_all_traffic", (int *)&(config->bypass_all_traffic), 0);
@@ -468,7 +501,7 @@ static int packet_io_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
{
memset(meta, 0, sizeof(struct metadata));
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_SESSION_ID, &(meta->session_id), sizeof(meta->session_id)) != 0)
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_SESSION_ID, &(meta->session_id), sizeof(meta->session_id)) <= 0)
{
LOG_ERROR("%s: unable to get session_id from metadata", LOG_TAG_PKTIO);
return -1;
@@ -484,7 +517,7 @@ static int packet_io_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
// 1: E2I
// 0: I2E
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_DIR, &(meta->dir_is_e2i), sizeof(meta->dir_is_e2i)) != 0)
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_DIR, &(meta->dir_is_e2i), sizeof(meta->dir_is_e2i)) <= 0)
{
LOG_ERROR("%s: unable to get buff_dir from metadata", LOG_TAG_PKTIO);
return -1;
@@ -493,15 +526,12 @@ static int packet_io_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
if (marsio_buff_is_ctrlbuf(rx_buff))
{
meta->is_ctrl_pkt = 1;
// only control packet set MR_L7_OFFSET
// TODO
#if 0
if (marsio_buff_get_metadata(rx_buff, MR_L7_OFFSET, &(meta->l7_offset), sizeof(meta->l7_offset)) != 0)
// only control packet set MR_BUFF_PAYLOAD_OFFSET
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_PAYLOAD_OFFSET, &(meta->l7_offset), sizeof(meta->l7_offset)) <= 0)
{
LOG_ERROR("%s: unable to get l7_offset from metadata", LOG_TAG_PKTIO);
return -1;
}
#endif
}
else
{
@@ -509,7 +539,7 @@ static int packet_io_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
// only raw packet set MR_IS_DECRYPTED
// TODO
#if 0
if (marsio_buff_get_metadata(rx_buff, MR_IS_DECRYPTED, &(meta->traffic_is_decrypted), sizeof(meta->traffic_is_decrypted)) != 0)
if (marsio_buff_get_metadata(rx_buff, MR_IS_DECRYPTED, &(meta->traffic_is_decrypted), sizeof(meta->traffic_is_decrypted)) <= 0)
{
LOG_ERROR("%s: unable to get traffic_is_decrypted from metadata", LOG_TAG_PKTIO);
return -1;
@@ -517,7 +547,7 @@ static int packet_io_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
#endif
}
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_ROUTE_CTX, meta->route_ctx, sizeof(meta->route_ctx)) != 0)
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_ROUTE_CTX, meta->route_ctx, sizeof(meta->route_ctx)) <= 0)
{
LOG_ERROR("%s: unable to get route_ctx from metadata", LOG_TAG_PKTIO);
return -1;
@@ -548,22 +578,22 @@ static int packet_io_set_metadata(marsio_buff_t *tx_buff, struct metadata *meta)
// 1: E2I
// 0: I2E
#if 0
// use MR_BUFF_ROUTE_CTX instead
if (marsio_buff_set_metadata(tx_buff, MR_BUFF_DIR, &(meta->dir_is_e2i), sizeof(meta->dir_is_e2i)) != 0)
{
LOG_ERROR("%s: unable to set buff_dir for metadata", LOG_TAG_PKTIO);
return -1;
}
#endif
if (meta->is_ctrl_pkt)
{
// TODO
#if 0
if (marsio_buff_set_metadata(tx_buff, MR_L7_OFFSET, &(meta->l7_offset), sizeof(meta->l7_offset)) != 0)
if (marsio_buff_set_metadata(tx_buff, MR_BUFF_PAYLOAD_OFFSET, &(meta->l7_offset), sizeof(meta->l7_offset)) != 0)
{
LOG_ERROR("%s: unable to set l7_offset for metadata", LOG_TAG_PKTIO);
return -1;
}
#endif
}
else
{
@@ -598,6 +628,11 @@ static int packet_io_set_metadata(marsio_buff_t *tx_buff, struct metadata *meta)
return 0;
}
static void packet_io_dump_metadata(marsio_buff_t *tx_buff, struct metadata *meta)
{
LOG_DEBUG("%s: META={session_id: %lu, raw_len: %d, dir_is_e2i: %d, is_ctrl_pkt: %d, l7_offset: %d, traffic_is_decrypted: %d, sids_num: %d}", LOG_TAG_PKTIO, meta->session_id, meta->raw_len, meta->dir_is_e2i, meta->is_ctrl_pkt, meta->l7_offset, meta->traffic_is_decrypted, meta->sids.num);
}
// return 0 : success
// return -1 : error
static int handle_control_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx)
@@ -606,6 +641,7 @@ static int handle_control_packet(struct packet_io *handle, marsio_buff_t *rx_buf
if (packet_io_get_metadata(rx_buff, &meta) == -1)
{
LOG_ERROR("%s: unexpected control packet, unable to get metadata", LOG_TAG_PKTIO);
packet_io_dump_metadata(rx_buff, &meta);
return -1;
}
@@ -644,15 +680,20 @@ static int handle_control_packet(struct packet_io *handle, marsio_buff_t *rx_buf
// return : RAW_PKT_HIT_BYPASS
// return : RAW_PKT_HIT_BLOCK
// reutrn : RAW_PKT_HIT_FORWARD
static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx)
static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx, int *action_bytes)
{
int nsend = 0;
struct thread_ctx *thread = (struct thread_ctx *)ctx;
int raw_len = marsio_buff_datalen(rx_buff);
*action_bytes = 0;
struct metadata meta;
if (packet_io_get_metadata(rx_buff, &meta) == -1)
{
LOG_ERROR("%s: unexpected raw packet, unable to get metadata, bypass !!!", LOG_TAG_PKTIO);
packet_io_dump_metadata(rx_buff, &meta);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
*action_bytes = raw_len;
return RAW_PKT_ERR_BYPASS;
}
@@ -661,6 +702,7 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
{
LOG_ERROR("%s: unexpected raw packet, unable to find session %lu from session table, bypass !!!", LOG_TAG_PKTIO, meta.session_id);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
*action_bytes = raw_len;
return RAW_PKT_ERR_BYPASS;
}
@@ -689,14 +731,15 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
{
LOG_ERROR("%s: unexpected raw packet, session %lu %s misses policy, bypass !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
*action_bytes = raw_len;
return RAW_PKT_ERR_BYPASS;
}
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_INFO("%s: session %lu %s execute policy: %d -> sff_profile_id %d -> sf_profile_id %d -> sf_need_skip %d sf_action_reason : %d",
LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string, node->policy_id, node->sff_profile_id, node->sf_profile_id, node->sf_need_skip, node->sf_action_reason);
LOG_INFO("%s: session %lu %s execute policy: %d -> sff_profile_id %d -> sf_profile_id %d -> sf_need_skip %d sf_action_reason : %s",
LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string, node->policy_id, node->sff_profile_id, node->sf_profile_id, node->sf_need_skip, session_action_reason_to_string(node->sf_action_reason));
if (node->sf_need_skip)
{
@@ -711,25 +754,29 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
case SESSION_ACTION_BLOCK:
// BLOCK ALL SF
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return RAW_PKT_HIT_BLOCK;
case SESSION_ACTION_FORWARD:
if (node->sf_connectivity.method != PACKAGE_METHOD_VXLAN_G)
{
LOG_ERROR("%s: processing raw packets, session %lu %s requires encapsulation format not supported, bypass !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
*action_bytes = raw_len;
return RAW_PKT_ERR_BYPASS;
}
if (forward_packet_to_sf(handle, rx_buff, &meta, node, thread_seq, ctx) == 0)
nsend = forward_packet_to_sf(handle, rx_buff, &meta, node, thread_seq, ctx);
if (nsend > 0)
{
throughput_metrics_inc(&node->tx, 1, meta.raw_len);
throughput_metrics_inc(&node->tx, 1, nsend);
*action_bytes = nsend;
return RAW_PKT_HIT_FORWARD;
}
else
{
LOG_ERROR("%s: processing raw packet, session %lu %s forwarding packet to service function failed, bypass !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
// TODO
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
*action_bytes = raw_len;
return RAW_PKT_ERR_BYPASS;
}
default:
@@ -740,6 +787,7 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
// BYPASS ALL SF
LOG_INFO("%s: session %lu %s bypass all service function", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
*action_bytes = raw_len;
return RAW_PKT_HIT_BYPASS;
}
@@ -747,17 +795,20 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
// return : INJT_PKT_HIT_BLOCK
// return : INJT_PKT_HIT_FWD2SF
// return : INJT_PKT_HIT_FWD2NF
static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx)
static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx, int *action_bytes)
{
int nsend = 0;
struct thread_ctx *thread = (struct thread_ctx *)ctx;
struct g_vxlan *g_vxlan_hdr = NULL;
int raw_len = marsio_buff_datalen(rx_buff);
char *raw_data = marsio_buff_mtod(rx_buff);
*action_bytes = 0;
if (g_vxlan_decode(&g_vxlan_hdr, raw_data, raw_len) == -1)
{
LOG_ERROR("%s: unexpected inject packet, not a vxlan-encapsulated packet, drop !!!", LOG_TAG_PKTIO);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return INJT_PKT_ERR_DROP;
}
@@ -771,7 +822,7 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
meta.l7_offset = 0;
// meta.session_id set later
// meta.sids set later
int next_sf_index = g_vxlan_get_next_sf_index(g_vxlan_hdr);
int sf_index = g_vxlan_get_sf_index(g_vxlan_hdr);
struct addr_tuple4 inner_addr;
struct raw_pkt_parser raw_parser;
@@ -787,6 +838,7 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
LOG_ERROR("%s: unexpected inject packet, unable to find session %s from session table, drop !!!", LOG_TAG_PKTIO, addr_string);
free(addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return INJT_PKT_ERR_DROP;
}
@@ -802,22 +854,25 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
sids_copy(&meta.sids, &s_ctx->raw_pkt_i2e_sids);
memcpy(meta.route_ctx, s_ctx->raw_pkt_i2e_route_ctx, sizeof(s_ctx->raw_pkt_i2e_route_ctx));
}
LOG_DEBUG("%s: session %lu get metadata from inject packet, META={raw_len: %d, dir_is_e2i: %d, traffic_is_decrypted: %d, sf_index: %d}", LOG_TAG_PKTIO, meta.session_id, meta.raw_len, meta.dir_is_e2i, meta.traffic_is_decrypted, sf_index);
struct selected_chaining *chaining = s_ctx->chaining;
if (chaining == NULL || next_sf_index < 1 || next_sf_index > chaining->chaining_used)
if (chaining == NULL || sf_index < 0 || sf_index >= chaining->chaining_used)
{
LOG_ERROR("%s: unexpected inject packet, session %lu %s misses chaining index, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return INJT_PKT_ERR_DROP;
}
throughput_metrics_inc(&chaining->chaining[next_sf_index - 1].rx, 1, meta.raw_len);
throughput_metrics_inc(&chaining->chaining[sf_index].rx, 1, meta.raw_len);
for (int i = next_sf_index; i < chaining->chaining_used; i++)
int next_sf_index;
for (next_sf_index = sf_index + 1; next_sf_index < chaining->chaining_used; next_sf_index++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_INFO("%s: session %lu %s execute policy: %d -> sff_profile_id %d -> sf_profile_id %d -> sf_need_skip %d sf_action_reason : %d",
LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string, node->policy_id, node->sff_profile_id, node->sf_profile_id, node->sf_need_skip, node->sf_action_reason);
struct selected_sf *node = &(chaining->chaining[next_sf_index]);
LOG_INFO("%s: session %lu %s execute policy: %d -> sff_profile_id %d -> sf_profile_id %d -> sf_need_skip %d sf_action_reason : %s",
LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string, node->policy_id, node->sff_profile_id, node->sf_profile_id, node->sf_need_skip, session_action_reason_to_string(node->sf_action_reason));
if (node->sf_need_skip)
{
@@ -832,77 +887,93 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
case SESSION_ACTION_BLOCK:
// BLOCK ALL SF
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return INJT_PKT_HIT_BLOCK;
case SESSION_ACTION_FORWARD:
if (node->sf_connectivity.method != PACKAGE_METHOD_VXLAN_G)
{
LOG_ERROR("%s: processing inject packets, session %lu %s requires encapsulation format not supported, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return INJT_PKT_ERR_DROP;
}
if (forward_packet_to_sf(handle, rx_buff, &meta, node, thread_seq, ctx) == 0)
nsend = forward_packet_to_sf(handle, rx_buff, &meta, node, thread_seq, ctx);
if (nsend > 0)
{
throughput_metrics_inc(&node->tx, 1, meta.raw_len);
throughput_metrics_inc(&node->tx, 1, nsend);
*action_bytes = nsend;
return INJT_PKT_HIT_FWD2SF;
}
else
{
LOG_ERROR("%s: processing inject packet, session %lu %s forwarding packet to service function failed, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return INJT_PKT_ERR_DROP;
}
default:
assert(0);
continue;
}
}
// the last sf need bypass or need skip
if (next_sf_index != chaining->chaining_used)
{
LOG_ERROR("%s: unexpected inject packet, session %lu %s using invalid chaining index, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
return INJT_PKT_ERR_DROP;
}
if (forward_packet_to_nf(handle, rx_buff, &meta, thread_seq, ctx) == -1)
{
LOG_ERROR("%s: processing inject packet, session %lu %s forwarding packet to network function failed, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return INJT_PKT_ERR_DROP;
}
else
{
return INJT_PKT_HIT_FWD2NF;
int nsend = forward_packet_to_nf(handle, rx_buff, &meta, thread_seq, ctx);
if (nsend > 0)
{
*action_bytes = nsend;
return INJT_PKT_HIT_FWD2NF;
}
else
{
LOG_ERROR("%s: processing inject packet, session %lu %s forwarding packet to network function failed, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
*action_bytes = raw_len;
return INJT_PKT_ERR_DROP;
}
}
}
// return 0 : success
// return + : send n bytes
// return -1 : error
static int forward_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, struct selected_sf *sf, int thread_seq, void *ctx)
{
marsio_buff_reset(rx_buff);
marsio_buff_ctrlzone_reset(rx_buff);
struct ethhdr *eth_hdr = (struct ethhdr *)marsio_buff_prepend(rx_buff, sizeof(struct ethhdr) + sizeof(struct ip) + sizeof(struct udp_hdr) + sizeof(struct g_vxlan));
struct ip *ip_hdr = (struct ip *)((char *)eth_hdr + sizeof(struct ethhdr));
struct udp_hdr *udp_hdr = (struct udp_hdr *)((char *)ip_hdr + sizeof(struct ip));
struct g_vxlan *g_vxlan_hdr = (struct g_vxlan *)((char *)udp_hdr + sizeof(struct udp_hdr));
LOG_DEBUG("%s: session %lu set metadata to inject packet, META={raw_len: %d, dir_is_e2i: %d, traffic_is_decrypted: %d, sf_index: %d}", LOG_TAG_PKTIO, meta->session_id, meta->raw_len, meta->dir_is_e2i, meta->traffic_is_decrypted, sf->sf_index);
memset(g_vxlan_hdr, 0, sizeof(struct g_vxlan));
g_vxlan_set_packet_dir(g_vxlan_hdr, meta->dir_is_e2i);
g_vxlan_set_next_sf_index(g_vxlan_hdr, sf->sf_index + 1);
g_vxlan_set_sf_index(g_vxlan_hdr, sf->sf_index);
g_vxlan_set_traffic_type(g_vxlan_hdr, meta->traffic_is_decrypted);
build_ether_header(eth_hdr, ETH_P_IP, handle->config.default_src_mac, sf->sf_dst_mac);
build_ip_header(ip_hdr, IPPROTO_UDP, handle->config.default_src_ip, sf->sf_dst_ip, sizeof(struct udp_hdr) + sizeof(struct g_vxlan) + meta->raw_len);
build_udp_header((const char *)&ip_hdr->ip_src, 8, udp_hdr, meta->session_id % (65535 - 49152) + 49152, 4789, sizeof(struct g_vxlan) + meta->raw_len);
int raw_len = marsio_buff_datalen(rx_buff);
if (marsio_send_burst(handle->dev_endpoint.mr_path, thread_seq, &rx_buff, 1) != 0)
{
LOG_ERROR("%s: unable to send burst on device %s, thread_seq: %d", LOG_TAG_PKTIO, handle->config.dev_endpoint, thread_seq);
return -1;
}
return 0;
return raw_len;
}
// return 0 : success
@@ -911,22 +982,25 @@ static int forward_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff
{
marsio_buff_adj(rx_buff, marsio_buff_datalen(rx_buff) - meta->raw_len);
marsio_buff_reset(rx_buff);
marsio_buff_ctrlzone_reset(rx_buff);
if (packet_io_set_metadata(rx_buff, meta) != 0)
{
return -1;
}
int raw_len = marsio_buff_datalen(rx_buff);
if (marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1) != 0)
{
LOG_ERROR("%s: unable to send burst on device %s, thread_seq: %d", LOG_TAG_PKTIO, handle->config.dev_nf_interface, thread_seq);
return -1;
}
return 0;
return raw_len;
}
static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct selected_sf *sf, int thread_seq, void *ctx)
// return + : send n bytes
// return -1 : error drop
static int forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct selected_sf *sf, int thread_seq, void *ctx)
{
struct thread_ctx *thread = (struct thread_ctx *)ctx;
struct global_metrics *g_metrics = thread->ref_metrics;
@@ -941,9 +1015,9 @@ static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t
// get metadata
if (packet_io_get_metadata(rx_buff, &meta) == -1)
{
LOG_ERROR("%s: unexpected raw packet, unable to get metadata, drop !!!", LOG_TAG_PKTIO);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
return;
LOG_ERROR("%s: unexpected raw packet, unable to get metadata, bypass !!!", LOG_TAG_PKTIO);
packet_io_dump_metadata(rx_buff, &meta);
return -1;
}
// search session id
@@ -992,15 +1066,21 @@ static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t
// forward data
forward:
if (forward_packet_to_sf(handle, rx_buff, &meta, sf, thread_seq, ctx) == 0)
int nsend = forward_packet_to_sf(handle, rx_buff, &meta, sf, thread_seq, ctx);
if (nsend > 0)
{
LOG_ERROR("%s: processing raw packet, session %lu %s forwarding packet to service function failed, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
return;
return nsend;
}
else
{
LOG_ERROR("%s: processing raw packet, session %lu %s forwarding packet to service function failed, bypass !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
return -1;
}
}
static void forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx)
// return + : send n bytes
// return -1 : error drop
static int forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx)
{
struct thread_ctx *thread = (struct thread_ctx *)ctx;
// struct global_metrics *g_metrics = thread->ref_metrics;
@@ -1013,7 +1093,7 @@ static void forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t
{
LOG_ERROR("%s: unexpected inject packet, not a vxlan-encapsulated packet, drop !!!", LOG_TAG_PKTIO);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
return;
return -1;
}
struct metadata meta;
@@ -1041,7 +1121,7 @@ static void forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t
LOG_ERROR("%s: unexpected inject packet, unable to find session %s from session table, drop !!!", LOG_TAG_PKTIO, addr_string);
free(addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
return;
return -1;
}
// add meta data
@@ -1059,11 +1139,16 @@ static void forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t
}
// sendto nf
if (forward_packet_to_nf(handle, rx_buff, &meta, thread_seq, ctx) == -1)
int nsend = forward_packet_to_nf(handle, rx_buff, &meta, thread_seq, ctx);
if (nsend > 0)
{
return nsend;
}
else
{
LOG_ERROR("%s: processing inject packet, session %lu %s forwarding packet to network function failed, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
return;
return -1;
}
}
@@ -1097,6 +1182,8 @@ static int handle_session_opening(struct metadata *meta, struct ctrl_pkt_parser
s_ctx->first_ctrl_pkt.header_len = meta->l7_offset;
s_ctx->chaining = selected_chaining_create(128);
LOG_INFO("%s: session %lu %s opening", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
for (int i = 0; i < parser->policy_id_num; i++)
{
int new_policy_id = parser->policy_ids[i];
@@ -1107,12 +1194,11 @@ static int handle_session_opening(struct metadata *meta, struct ctrl_pkt_parser
else
{
policy_enforce_select_chaining(s_ctx->chaining, thread->ref_enforcer, &raw_parser, new_policy_id, meta->dir_is_e2i);
selected_chaining_bref(s_ctx->chaining);
fixed_num_array_add_elem(&s_ctx->policy_ids, new_policy_id);
}
}
LOG_INFO("%s: session %lu %s opening", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
__atomic_fetch_add(&g_metrics->session_nums, 1, __ATOMIC_RELAXED);
session_table_insert(thread->session_table, s_ctx->session_id, &(s_ctx->first_ctrl_pkt.tuple4), s_ctx, session_value_free_cb);
@@ -1161,6 +1247,8 @@ static int handle_session_active(struct metadata *meta, struct ctrl_pkt_parser *
}
struct session_ctx *s_ctx = (struct session_ctx *)node->val_data;
LOG_INFO("%s: session %lu %s update", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
for (int i = 0; i < parser->policy_id_num; i++)
{
int new_policy_id = parser->policy_ids[i];
@@ -1171,6 +1259,7 @@ static int handle_session_active(struct metadata *meta, struct ctrl_pkt_parser *
else
{
policy_enforce_select_chaining(s_ctx->chaining, thread->ref_enforcer, &raw_parser, new_policy_id, meta->dir_is_e2i);
selected_chaining_bref(s_ctx->chaining);
fixed_num_array_add_elem(&s_ctx->policy_ids, new_policy_id);
}
}