gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13842 tsg-service-chaining-engine服务链中的SF需缓存第三方设备的目的IP和目的MAC

Browse Source
This commit is contained in:
luwenpeng
2023-02-20 15:30:32 +08:00
parent 82ac815b68
commit b1abe96b06
7 changed files with 66 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
common/include/g_vxlan.h
View File

@@ -19,7 +19,7 @@ struct g_vxlan
unsigned int dir_is_e2i : 1;
unsigned int traffic_is_decrypted : 1;
unsigned int chain_index : 5; // max value 32
unsigned int next_sf_index : 5; // max value 32
unsigned int online_test : 1;
// Reserved 1 Bytes
@@ -34,11 +34,11 @@ struct g_vxlan
} __attribute__((__packed__));
void g_vxlan_set_packet_dir(struct g_vxlan *hdr, int dir_is_e2i);
void g_vxlan_set_chain_index(struct g_vxlan *hdr, int chain_index);
void g_vxlan_set_next_sf_index(struct g_vxlan *hdr, int next_sf_index);
void g_vxlan_set_traffic_type(struct g_vxlan *hdr, int traffic_is_decrypted);
int g_vxlan_get_packet_dir(struct g_vxlan *hdr);
int g_vxlan_get_chain_index(struct g_vxlan *hdr);
int g_vxlan_get_next_sf_index(struct g_vxlan *hdr);
int g_vxlan_get_traffic_type(struct g_vxlan *hdr);
// return 0 : success

8
common/src/g_vxlan.cpp
View File

@@ -9,9 +9,9 @@ void g_vxlan_set_packet_dir(struct g_vxlan *hdr, int dir_is_e2i)
hdr->dir_is_e2i = (!!dir_is_e2i);
}
void g_vxlan_set_chain_index(struct g_vxlan *hdr, int chain_index)
void g_vxlan_set_next_sf_index(struct g_vxlan *hdr, int next_sf_index)
{
hdr->chain_index = (0x1f & chain_index);
hdr->next_sf_index = (0x1f & next_sf_index);
}
void g_vxlan_set_traffic_type(struct g_vxlan *hdr, int traffic_is_decrypted)
@@ -24,9 +24,9 @@ int g_vxlan_get_packet_dir(struct g_vxlan *hdr)
return (!!hdr->dir_is_e2i);
}
int g_vxlan_get_chain_index(struct g_vxlan *hdr)
int g_vxlan_get_next_sf_index(struct g_vxlan *hdr)
{
return hdr->chain_index;
return hdr->next_sf_index;
}
int g_vxlan_get_traffic_type(struct g_vxlan *hdr)

8
platform/include/health_check.h
View File

@@ -28,6 +28,14 @@ int health_check_session_get_status(int session_id);
// return -1 : key not exist
int health_check_session_set_status(int session_id, int is_active);
// return 0 : success
// return -1 : key not exist
int health_check_session_get_ip(int session_id, char *ip_buff);
// return 0 : success
// return -1 : key not exist
int health_check_session_get_mac(int session_id, char *mac_buff);
void health_check_session_foreach();
#ifdef __cpluscplus

4
platform/include/policy.h
View File

@@ -97,6 +97,10 @@ struct selected_sf
struct throughput_metrics rx;
struct throughput_metrics tx;
char sf_dst_ip[16];
char sf_dst_mac[32];
int sf_index;
};
struct selected_chaining

20
platform/src/health_check.cpp
View File

@@ -15,7 +15,9 @@ struct session_iterm
int session_id; // key
struct health_check policy; // value1: deep copy
int is_active; // value2
int is_active; // value2
char dst_ip[16]; // value3
char dst_mac[32]; // value4
};
void health_check_session_init()
@@ -59,6 +61,22 @@ int health_check_session_set_status(int session_id, int is_active)
return 0;
}
// return 0 : success
// return -1 : key not exist
int health_check_session_get_ip(int session_id, char *ip_buff)
{
// TODO
return 0;
}
// return 0 : success
// return -1 : key not exist
int health_check_session_get_mac(int session_id, char *mac_buff)
{
// TODO
return 0;
}
void health_check_session_foreach()
{
// TODO

48
platform/src/packet_io.cpp
View File

@@ -131,11 +131,11 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
// return 0 : success
// return -1 : error
static int forward_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, int chain_index, int thread_seq, void *ctx);
static int forward_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, struct selected_sf *sf, int thread_seq, void *ctx);
// return 0 : success
// return -1 : error
static int forward_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, int chain_index, int thread_seq, void *ct);
static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx);
static int forward_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, int thread_seq, void *ct);
static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct selected_sf *sf, int thread_seq, void *ctx);
static void forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx);
// return 0 : success
@@ -295,13 +295,17 @@ int packet_io_polling_nf_interface(struct packet_io *handle, int thread_seq, voi
}
else if (handle->config.bypass_all_traffic == 2)
{
struct selected_sf sf = {0};
sf.sf_index = 1;
memcpy(sf.sf_dst_ip, handle->config.default_dst_ip, strlen(handle->config.default_dst_ip));
memcpy(sf.sf_dst_mac, handle->config.default_dst_mac, strlen(handle->config.default_dst_mac));
for (int j = 0; j < nr_recv; j++)
{
marsio_buff_t *rx_buff = rx_buffs[j];
int raw_len = marsio_buff_datalen(rx_buff);
throughput_metrics_inc(&g_metrics->dev_nf_interface_rx, 1, raw_len);
throughput_metrics_inc(&g_metrics->dev_endpoint_tx, 1, raw_len);
forward_all_nf_packet_to_sf(handle, rx_buff, thread_seq, ctx);
forward_all_nf_packet_to_sf(handle, rx_buff, &sf, thread_seq, ctx);
}
return nr_recv;
}
@@ -688,7 +692,7 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
return RAW_PKT_ERR_BYPASS;
}
for (int i = 0; i < chaining->chaining_size; i++)
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_INFO("%s: session %lu %s execute policy: %d -> sff_profile_id %d -> sf_profile_id %d -> sf_need_skip %d sf_action_reason : %d",
@@ -716,7 +720,7 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
return RAW_PKT_ERR_BYPASS;
}
if (forward_packet_to_sf(handle, rx_buff, &meta, i + 1, thread_seq, ctx) == 0)
if (forward_packet_to_sf(handle, rx_buff, &meta, node, thread_seq, ctx) == 0)
{
throughput_metrics_inc(&node->tx, 1, meta.raw_len);
return RAW_PKT_HIT_FORWARD;
@@ -767,7 +771,7 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
meta.l7_offset = 0;
// meta.session_id set later
// meta.sids set later
int chain_index = g_vxlan_get_chain_index(g_vxlan_hdr);
int next_sf_index = g_vxlan_get_next_sf_index(g_vxlan_hdr);
struct addr_tuple4 inner_addr;
struct raw_pkt_parser raw_parser;
@@ -800,16 +804,16 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
}
struct selected_chaining *chaining = s_ctx->chaining;
if (chaining == NULL || chain_index < 1 || chain_index > chaining->chaining_size)
if (chaining == NULL || next_sf_index < 1 || next_sf_index > chaining->chaining_used)
{
LOG_ERROR("%s: unexpected inject packet, session %lu %s misses chaining index, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
return INJT_PKT_ERR_DROP;
}
throughput_metrics_inc(&chaining->chaining[chain_index - 1].rx, 1, meta.raw_len);
throughput_metrics_inc(&chaining->chaining[next_sf_index - 1].rx, 1, meta.raw_len);
for (int i = chain_index; i < chaining->chaining_size; i++)
for (int i = next_sf_index; i < chaining->chaining_used; i++)
{
struct selected_sf *node = &(chaining->chaining[i]);
LOG_INFO("%s: session %lu %s execute policy: %d -> sff_profile_id %d -> sf_profile_id %d -> sf_need_skip %d sf_action_reason : %d",
@@ -837,7 +841,7 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
return INJT_PKT_ERR_DROP;
}
if (forward_packet_to_sf(handle, rx_buff, &meta, i + 1, thread_seq, ctx) == 0)
if (forward_packet_to_sf(handle, rx_buff, &meta, node, thread_seq, ctx) == 0)
{
throughput_metrics_inc(&node->tx, 1, meta.raw_len);
return INJT_PKT_HIT_FWD2SF;
@@ -853,14 +857,14 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
}
}
if (chain_index != chaining->chaining_size)
if (next_sf_index != chaining->chaining_used)
{
LOG_ERROR("%s: unexpected inject packet, session %lu %s using invalid chaining index, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
return INJT_PKT_ERR_DROP;
}
if (forward_packet_to_nf(handle, rx_buff, &meta, -1, thread_seq, ctx) == -1)
if (forward_packet_to_nf(handle, rx_buff, &meta, thread_seq, ctx) == -1)
{
LOG_ERROR("%s: processing inject packet, session %lu %s forwarding packet to network function failed, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
@@ -874,10 +878,8 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
// return 0 : success
// return -1 : error
static int forward_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, int chain_index, int thread_seq, void *ctx)
static int forward_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, struct selected_sf *sf, int thread_seq, void *ctx)
{
// TODO get dst ip frome policy
// TODO get dst mac by dst ip
marsio_buff_reset(rx_buff);
struct ethhdr *eth_hdr = (struct ethhdr *)marsio_buff_prepend(rx_buff, sizeof(struct ethhdr) + sizeof(struct ip) + sizeof(struct udp_hdr) + sizeof(struct g_vxlan));
@@ -887,11 +889,11 @@ static int forward_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff
memset(g_vxlan_hdr, 0, sizeof(struct g_vxlan));
g_vxlan_set_packet_dir(g_vxlan_hdr, meta->dir_is_e2i);
g_vxlan_set_chain_index(g_vxlan_hdr, chain_index);
g_vxlan_set_next_sf_index(g_vxlan_hdr, sf->sf_index + 1);
g_vxlan_set_traffic_type(g_vxlan_hdr, meta->traffic_is_decrypted);
build_ether_header(eth_hdr, ETH_P_IP, handle->config.default_src_mac, handle->config.default_dst_mac);
build_ip_header(ip_hdr, IPPROTO_UDP, handle->config.default_src_ip, handle->config.default_dst_ip, sizeof(struct udp_hdr) + sizeof(struct g_vxlan) + meta->raw_len);
build_ether_header(eth_hdr, ETH_P_IP, handle->config.default_src_mac, sf->sf_dst_mac);
build_ip_header(ip_hdr, IPPROTO_UDP, handle->config.default_src_ip, sf->sf_dst_ip, sizeof(struct udp_hdr) + sizeof(struct g_vxlan) + meta->raw_len);
build_udp_header((const char *)&ip_hdr->ip_src, 8, udp_hdr, meta->session_id % (65535 - 49152) + 49152, 4789, sizeof(struct g_vxlan) + meta->raw_len);
if (marsio_send_burst(handle->dev_endpoint.mr_path, thread_seq, &rx_buff, 1) != 0)
@@ -905,7 +907,7 @@ static int forward_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff
// return 0 : success
// return -1 : error
static int forward_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, int chain_index, int thread_seq, void *ct)
static int forward_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff, struct metadata *meta, int thread_seq, void *ct)
{
marsio_buff_adj(rx_buff, marsio_buff_datalen(rx_buff) - meta->raw_len);
@@ -924,7 +926,7 @@ static int forward_packet_to_nf(struct packet_io *handle, marsio_buff_t *rx_buff
return 0;
}
static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, int thread_seq, void *ctx)
static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t *rx_buff, struct selected_sf *sf, int thread_seq, void *ctx)
{
struct thread_ctx *thread = (struct thread_ctx *)ctx;
struct global_metrics *g_metrics = thread->ref_metrics;
@@ -990,7 +992,7 @@ static void forward_all_nf_packet_to_sf(struct packet_io *handle, marsio_buff_t
// forward data
forward:
if (forward_packet_to_sf(handle, rx_buff, &meta, 0, thread_seq, ctx) == 0)
if (forward_packet_to_sf(handle, rx_buff, &meta, sf, thread_seq, ctx) == 0)
{
LOG_ERROR("%s: processing raw packet, session %lu %s forwarding packet to service function failed, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);
@@ -1057,7 +1059,7 @@ static void forward_all_sf_packet_to_nf(struct packet_io *handle, marsio_buff_t
}
// sendto nf
if (forward_packet_to_nf(handle, rx_buff, &meta, -1, thread_seq, ctx) == -1)
if (forward_packet_to_nf(handle, rx_buff, &meta, thread_seq, ctx) == -1)
{
LOG_ERROR("%s: processing inject packet, session %lu %s forwarding packet to network function failed, drop !!!", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
marsio_buff_free(handle->instance, &rx_buff, 1, 0, thread_seq);

3
platform/src/policy.cpp
View File

@@ -1421,6 +1421,7 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
item->policy_id = policy_id;
item->traffic_type = chaining_param->traffic_type;
item->sff_profile_id = chaining_param->sff_profile_ids[i];
item->sf_index = chaining->chaining_used;
memset(buffer, 0, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "%u", item->sff_profile_id);
@@ -1474,6 +1475,8 @@ void policy_enforce_select_chaining(struct selected_chaining *chaining, struct p
item->sf_connectivity.int_vlan_tag = sf_param->sf_connectivity.int_vlan_tag;
item->sf_connectivity.ext_vlan_tag = sf_param->sf_connectivity.ext_vlan_tag;
memcpy(item->sf_connectivity.dest_ip, sf_param->sf_connectivity.dest_ip, strlen(sf_param->sf_connectivity.dest_ip));
health_check_session_get_ip(item->sf_profile_id, item->sf_dst_ip);
health_check_session_get_mac(item->sf_profile_id, item->sf_dst_mac);
chaining->chaining_used++;
sf_param_free(sf_param);