gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

perf: 删除无效代码;修改变量命名;减少内存分配

Browse Source
This commit is contained in:
luwenpeng
2023-11-23 16:52:06 +08:00
parent cbac7fea29
commit bda50d79af
19 changed files with 2937 additions and 472 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
platform/src/packet_io.cpp
View File

@@ -94,7 +94,7 @@ int mbuff_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
// 1: E2I
// 0: I2E
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_DIR, &(meta->is_e2i_dir), sizeof(meta->is_e2i_dir)) <= 0)
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_DIR, &(meta->direction), sizeof(meta->direction)) <= 0)
{
LOG_ERROR("%s: unable to get buff_dir from metadata", LOG_TAG_PKTIO);
return -1;
@@ -210,21 +210,23 @@ static void update_session_by_metadata(struct session_ctx *ctx, struct metadata
if (meta->is_decrypted)
{
dst_meta_i2e = ctx->decrypted_meta_i2e;
dst_meta_e2i = ctx->decrypted_meta_e2i;
dst_meta_i2e = &ctx->decrypted_meta_i2e;
dst_meta_e2i = &ctx->decrypted_meta_e2i;
}
else
{
dst_meta_i2e = ctx->raw_meta_i2e;
dst_meta_e2i = ctx->raw_meta_e2i;
dst_meta_i2e = &ctx->raw_meta_i2e;
dst_meta_e2i = &ctx->raw_meta_e2i;
}
if (meta->is_e2i_dir)
// 1: E2I
// 0: I2E
if (meta->direction)
{
// first packet update metadata
if (metadata_is_empty(dst_meta_e2i))
if (metadata_isempty(dst_meta_e2i))
{
metadata_shallow_copy(dst_meta_e2i, meta);
metadata_copy(dst_meta_e2i, meta);
}
else
{
@@ -235,9 +237,9 @@ static void update_session_by_metadata(struct session_ctx *ctx, struct metadata
else
{
// first packet update metadata
if (metadata_is_empty(dst_meta_i2e))
if (metadata_isempty(dst_meta_i2e))
{
metadata_shallow_copy(dst_meta_i2e, meta);
metadata_copy(dst_meta_i2e, meta);
}
else
{
@@ -254,30 +256,32 @@ static void update_metadata_by_session(struct session_ctx *ctx, struct metadata
meta->session_id = ctx->session_id;
if (meta->is_e2i_dir)
// 1: E2I
// 0: I2E
if (meta->direction)
{
if (meta->is_decrypted)
{
sids = &ctx->decrypted_meta_e2i->sids;
route_ctx = &ctx->decrypted_meta_e2i->route_ctx;
sids = &(ctx->decrypted_meta_e2i.sids);
route_ctx = &(ctx->decrypted_meta_e2i.route_ctx);
}
else
{
sids = &ctx->raw_meta_e2i->sids;
route_ctx = &ctx->raw_meta_e2i->route_ctx;
sids = &(ctx->raw_meta_e2i.sids);
route_ctx = &(ctx->raw_meta_e2i.route_ctx);
}
}
else
{
if (meta->is_decrypted)
{
sids = &ctx->decrypted_meta_i2e->sids;
route_ctx = &ctx->decrypted_meta_i2e->route_ctx;
sids = &(ctx->decrypted_meta_i2e.sids);
route_ctx = &(ctx->decrypted_meta_i2e.route_ctx);
}
else
{
sids = &ctx->raw_meta_i2e->sids;
route_ctx = &ctx->raw_meta_i2e->route_ctx;
sids = &(ctx->raw_meta_i2e.sids);
route_ctx = &(ctx->raw_meta_i2e.route_ctx);
}
}
@@ -491,6 +495,7 @@ static inline int send_packet_to_sf(struct session_ctx *session_ctx, marsio_buff
char *buffer = NULL;
struct packet_io *packet_io = thread_ctx->ref_io;
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
uint32_t rehash_index = session_ctx->ctrl_meta.rehash_index;
marsio_buff_ctrlzone_reset(mbuff);
switch (sf->sf_connectivity.method)
@@ -502,18 +507,18 @@ static inline int send_packet_to_sf(struct session_ctx *session_ctx, marsio_buff
packet_io->config.dev_endpoint_l3_mac, sf->sf_dst_mac,
packet_io->config.dev_endpoint_l3_ip, sf->sf_dst_ip, thread_ctx->tx_packets_ipid % 65535,
session_ctx->vxlan_src_port, meta->raw_len,
meta->is_e2i_dir, meta->is_decrypted, sf->sf_index);
meta->direction, meta->is_decrypted, sf->sf_index);
nsend = marsio_buff_datalen(mbuff);
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &(session_ctx->ctrl_meta->rehash_index), sizeof(session_ctx->ctrl_meta->rehash_index));
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &rehash_index, sizeof(rehash_index));
marsio_send_burst(packet_io->dev_endpoint_l3.mr_path, thread_ctx->thread_index, &mbuff, 1);
throughput_metrics_inc(&(thread_metrics->device.endpoint_vxlan_tx), 1, nsend);
break;
case ENCAPSULATE_METHOD_LAYER2_SWITCH:
vlan_encapsulate(mbuff,
meta->is_e2i_dir ? sf->sf_connectivity.ext_vlan_tag : sf->sf_connectivity.int_vlan_tag,
meta->direction ? sf->sf_connectivity.ext_vlan_tag : sf->sf_connectivity.int_vlan_tag,
packet_io->config.vlan_encapsulate_replace_orig_vlan_header);
nsend = marsio_buff_datalen(mbuff);
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &(session_ctx->ctrl_meta->rehash_index), sizeof(session_ctx->ctrl_meta->rehash_index));
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &rehash_index, sizeof(rehash_index));
marsio_send_burst(packet_io->dev_endpoint_l2.mr_path, thread_ctx->thread_index, &mbuff, 1);
throughput_metrics_inc(&(thread_metrics->device.endpoint_vlan_tx), 1, nsend);
break;
@@ -654,7 +659,7 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx
LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr,
sf_index, chaining->chaining_used,
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
(meta->is_decrypted == 1 ? "decrypted" : "raw"), (meta->is_e2i_dir ? "E2I" : "I2E"), forward_type_to_string(sf->sff_forward_type), action_desc_to_string(sf->sf_action_desc));
(meta->is_decrypted ? "decrypted" : "raw"), (meta->direction ? "E2I" : "I2E"), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc));
switch (sf->sf_action)
{
@@ -714,13 +719,13 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx
* handle session status
******************************************************************************/
static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_chainings *chainings, struct thread_ctx *thread_ctx)
static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *thread_ctx)
{
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
struct packet_io *packet_io = thread_ctx->ref_io;
struct mutable_array *rule_ids = &session_ctx->rule_ids;
struct selected_chaining *chaining_raw = chainings->chaining_raw;
struct selected_chaining *chaining_decrypted = chainings->chaining_decrypted;
struct selected_chaining *chaining_raw = session_ctx->chaining_raw;
struct selected_chaining *chaining_decrypted = session_ctx->chaining_decrypted;
int thread_index = thread_ctx->thread_index;
int sc_rsp_raw_exist = 0;
int sc_rsp_decrypted_exist = 0;
@@ -831,11 +836,11 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_cha
return 0;
}
LOG_INFO("%s: session %lu %s send event log %ld bytes", LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr, size);
LOG_INFO("%s: session %lu %s send event log %ld bytes", LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr, size);
marsio_buff_t *tx_buffs[1];
char *packet_header_data = session_ctx->ctrl_meta->raw_data;
int packet_header_len = session_ctx->ctrl_meta->l7offset;
const char *packet_header_data = session_ctx->ctrl_packet_header_data;
int packet_header_len = session_ctx->ctrl_packet_header_len;
marsio_buff_malloc_global(packet_io->instance, tx_buffs, 1, 0, thread_index);
char *dst = marsio_buff_append(tx_buffs[0], packet_header_len + size);
memcpy(dst, packet_header_data, packet_header_len);
@@ -847,7 +852,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_cha
meta.is_ctrl_pkt = 1;
meta.sids.num = 1;
meta.sids.elems[0] = sce_ctx->firewall_sids;
route_ctx_copy(&meta.route_ctx, &session_ctx->ctrl_meta->route_ctx);
route_ctx_copy(&meta.route_ctx, &(session_ctx->ctrl_meta.route_ctx));
mbuff_set_metadata(tx_buffs[0], &meta);
int nsend = marsio_buff_datalen(tx_buffs[0]);
marsio_send_burst(packet_io->dev_nf.mr_path, thread_index, tx_buffs, 1);
@@ -864,7 +869,7 @@ static void send_event_log(struct session_ctx *session_ctx, struct thread_ctx *t
if (sce_ctx->enable_send_log)
{
nsend = send_ctrl_packet(session_ctx, &session_ctx->chainings, thread_ctx);
nsend = send_ctrl_packet(session_ctx, thread_ctx);
if (nsend > 0)
{
ATOMIC_INC(&(thread_metrics->sf_session.log));
@@ -885,9 +890,9 @@ static void dump_sf_metrics(struct session_ctx *session_ctx, struct selected_cha
{
struct selected_sf *sf = &(chaining->chaining[i]);
LOG_INFO("%s: session %lu %s metrics: policy %lu->%d->%d action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr,
LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr,
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
traffic_type_to_string(sf->traffic_type), forward_type_to_string(sf->sff_forward_type), action_desc_to_string(sf->sf_action_desc),
traffic_type_tostring(sf->traffic_type), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc),
sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
}
}
@@ -898,7 +903,7 @@ static void session_value_free_cb(void *ctx)
session_ctx_free(s_ctx);
}
static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct control_packet *ctrl_pkt, packet *data_pkt, int is_e2i_dir, struct thread_ctx *thread_ctx)
static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct control_packet *ctrl_pkt, packet *data_pkt, int direction, struct thread_ctx *thread_ctx)
{
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
@@ -912,12 +917,12 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con
}
else
{
policy_enforce_select_chainings(enforcer, &session_ctx->chainings, session_ctx, data_pkt, rule_id, is_e2i_dir);
policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_id, direction);
if (sce_ctx->enable_debug)
{
selected_chaining_bref(session_ctx->chainings.chaining_raw);
selected_chaining_bref(session_ctx->chainings.chaining_decrypted);
selected_chaining_bref(session_ctx->chaining_raw);
selected_chaining_bref(session_ctx->chaining_decrypted);
}
mutable_array_add_elem(&session_ctx->rule_ids, rule_id);
@@ -925,51 +930,6 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con
}
}
static void handle_session_opening(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
{
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
struct session_table *session_table = thread_ctx->session_table;
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
int chaining_size = policy_enforce_chaining_size(enforcer);
#if 0
if (session_table_search_by_id(session_table, meta->session_id))
{
return ;
}
#endif
struct packet data_pkt;
struct four_tuple inner_tuple4;
const char *payload = packet_parse(&data_pkt, meta->raw_data, meta->raw_len);
sce_packet_get_innermost_tuple(&data_pkt, &inner_tuple4);
uint16_t real_offset = payload - meta->raw_data;
if (real_offset != meta->l7offset)
{
char *addr_str = four_tuple_tostring(&inner_tuple4);
LOG_ERROR("%s: incorrect dataoffset %d in the control zone of session %lu %s, the expect value is %d", LOG_TAG_PKTIO, meta->l7offset, meta->session_id, addr_str, real_offset);
free(addr_str);
}
struct session_ctx *session_ctx = session_ctx_new();
session_ctx->session_id = meta->session_id;
session_ctx->session_addr = sce_ctx->enable_debug ? four_tuple_tostring(&inner_tuple4) : NULL;
session_ctx->vxlan_src_port = calculate_vxlan_source_port(&inner_tuple4);
four_tuple_copy(&session_ctx->inner_tuple4, &inner_tuple4);
metadata_deep_copy(session_ctx->ctrl_meta, meta);
session_ctx->chainings.chaining_raw = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
session_ctx->chainings.chaining_decrypted = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
session_ctx->ref_thread_ctx = thread_ctx;
LOG_INFO("%s: session %lu %s active first", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir, thread_ctx);
send_event_log(session_ctx, thread_ctx);
session_table_insert(session_table, session_ctx->session_id, &session_ctx->inner_tuple4, session_ctx, session_value_free_cb);
ATOMIC_INC(&(thread_metrics->sf_session.num));
}
static void handle_session_closing(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
{
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
@@ -981,11 +941,8 @@ static void handle_session_closing(struct metadata *meta, struct control_packet
struct session_ctx *s_ctx = (struct session_ctx *)node->value;
LOG_INFO("%s: session %lu %s closing", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr);
struct selected_chaining *chaining_raw = s_ctx->chainings.chaining_raw;
dump_sf_metrics(s_ctx, chaining_raw);
struct selected_chaining *chaining_decrypted = s_ctx->chainings.chaining_decrypted;
dump_sf_metrics(s_ctx, chaining_decrypted);
dump_sf_metrics(s_ctx, s_ctx->chaining_raw);
dump_sf_metrics(s_ctx, s_ctx->chaining_decrypted);
session_table_delete_by_id(session_table, meta->session_id);
ATOMIC_DEC(&(thread_metrics->sf_session.num));
@@ -995,6 +952,9 @@ static void handle_session_closing(struct metadata *meta, struct control_packet
static void handle_session_active(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
{
struct session_table *session_table = thread_ctx->session_table;
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
struct session_node *node = session_table_search_by_id(session_table, meta->session_id);
if (node)
@@ -1010,12 +970,42 @@ static void handle_session_active(struct metadata *meta, struct control_packet *
}
LOG_INFO("%s: session %lu %s active again", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir, thread_ctx);
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->direction, thread_ctx);
send_event_log(session_ctx, thread_ctx);
}
else
{
handle_session_opening(meta, ctrl_pkt, thread_ctx);
struct packet data_pkt;
struct four_tuple inner_tuple4;
const char *payload = packet_parse(&data_pkt, meta->raw_data, meta->raw_len);
sce_packet_get_innermost_tuple(&data_pkt, &inner_tuple4);
uint16_t real_offset = payload - meta->raw_data;
if (real_offset != meta->l7offset)
{
char *addr_str = four_tuple_tostring(&inner_tuple4);
LOG_ERROR("%s: incorrect dataoffset %d in the control zone of session %lu %s, the expect value is %d", LOG_TAG_PKTIO, meta->l7offset, meta->session_id, addr_str, real_offset);
free(addr_str);
}
int chaining_size = policy_enforce_chaining_size(enforcer);
struct session_ctx *session_ctx = session_ctx_new();
session_ctx->session_id = meta->session_id;
session_ctx->session_addr = sce_ctx->enable_debug ? four_tuple_tostring(&inner_tuple4) : NULL;
session_ctx->vxlan_src_port = calculate_vxlan_source_port(&inner_tuple4);
four_tuple_copy(&session_ctx->inner_tuple4, &inner_tuple4);
metadata_copy(&session_ctx->ctrl_meta, meta);
session_ctx->ctrl_packet_header_data = memdup(meta->raw_data, meta->raw_len);
session_ctx->ctrl_packet_header_len = meta->raw_len;
session_ctx->chaining_raw = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
session_ctx->chaining_decrypted = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
session_ctx->ref_thread_ctx = thread_ctx;
LOG_INFO("%s: session %lu %s active first", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->direction, thread_ctx);
send_event_log(session_ctx, thread_ctx);
session_table_insert(session_table, session_ctx->session_id, &session_ctx->inner_tuple4, session_ctx, session_value_free_cb);
ATOMIC_INC(&(thread_metrics->sf_session.num));
}
}
@@ -1140,11 +1130,11 @@ static void handle_data_packet(marsio_buff_t *rx_buff, struct thread_ctx *thread
if (meta.is_decrypted == 1)
{
chaining = session_ctx->chainings.chaining_decrypted;
chaining = session_ctx->chaining_decrypted;
}
else
{
chaining = session_ctx->chainings.chaining_raw;
chaining = session_ctx->chaining_raw;
}
if (chaining == NULL)
{
@@ -1185,7 +1175,7 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
meta.l7offset = 0;
meta.is_ctrl_pkt = 0;
sf_index = vxlan_get_opt(vxlan_hdr, VNI_OPT_SFINDEX);
meta.is_e2i_dir = vxlan_get_opt(vxlan_hdr, VNI_OPT_DIR);
meta.direction = vxlan_get_opt(vxlan_hdr, VNI_OPT_DIR);
meta.is_decrypted = vxlan_get_opt(vxlan_hdr, VNI_OPT_TRAFFIC);
session_ctx = inject_packet_search_session(session_table, meta.raw_data, meta.raw_len);
@@ -1198,11 +1188,11 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
if (meta.is_decrypted == 1)
{
chaining = session_ctx->chainings.chaining_decrypted;
chaining = session_ctx->chaining_decrypted;
}
else
{
chaining = session_ctx->chainings.chaining_raw;
chaining = session_ctx->chaining_raw;
}
if (chaining == NULL || sf_index < 0 || sf_index >= chaining->chaining_used)