summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorlijie <[email protected]>2018-12-07 13:52:27 +0800
committerlijie <[email protected]>2018-12-07 13:52:27 +0800
commita99c438e15ad2000d151ee0460b8f725ae7fe53b (patch)
treebb11355e96301e0c138834517bc8ad5d5beebe77 /src
parentac94ad0124de7a529854ba7e3914ac26b8255ffe (diff)
添加读取dnat_policy表功能
Diffstat (limited to 'src')
-rw-r--r--src/mrl_main.c12
-rw-r--r--src/mrl_packet.c106
-rw-r--r--src/mrl_redis.c109
-rw-r--r--src/mrl_stat.c7
4 files changed, 198 insertions, 36 deletions
diff --git a/src/mrl_main.c b/src/mrl_main.c
index f09e1ae..8b07956 100644
--- a/src/mrl_main.c
+++ b/src/mrl_main.c
@@ -523,6 +523,7 @@ extern "C" int mrl_init(void)
}
mrl_instance.ht_nominee = mrl_htable_init((void *)ht_nominee_free_cb);
+ mrl_instance.ht_nominee = mrl_htable_init((void *)ht_dnat_free_cb);
mrl_instance.mrl_feather = mrl_Maat_feather_init();
@@ -673,11 +674,10 @@ extern "C" char mrl_tcpall_entry(struct streaminfo *a_tcp,void **pme, int thread
char ret = APP_STATE_GIVEME;
switch(a_tcp->pktstate){
case OP_STATE_PENDING:
- if(mrl_pkt_signature_identify(a_tcp))
+ if(mrl_dnat_pkt_identify(a_tcp) || mrl_snat_pkt_identify(a_tcp))
{
- global_stat.recv_ir_pkts ++;
mrl_send_to_mgw(raw_packet, thread_seq);
- ret = APP_STATE_GIVEME;//��ָ��faw��drop���ȡ�ĸ�������
+ ret = APP_STATE_GIVEME;
}
else
{
@@ -715,10 +715,10 @@ extern "C" char mrl_udp_entry(struct streaminfo *a_udp, void **pme, int thread_
char ret = APP_STATE_GIVEME;
switch(a_udp->pktstate){
- case OP_STATE_PENDING:
- if(mrl_pkt_signature_identify(a_udp))
+ case OP_STATE_PENDING:
+ if(mrl_dnat_pkt_identify(a_udp) || mrl_snat_pkt_identify(a_udp))
{
- global_stat.recv_ir_pkts ++;
+
mrl_send_to_mgw(raw_packet, thread_seq);
ret = APP_STATE_GIVEME;
}
diff --git a/src/mrl_packet.c b/src/mrl_packet.c
index 466107f..a7d8e2f 100644
--- a/src/mrl_packet.c
+++ b/src/mrl_packet.c
@@ -241,14 +241,72 @@ void mrl_send_to_gdev(int thread_seq, struct mrl_vxlan_info * vxlan_info, const
//printf("send to gdev ret is %d\n",ret);
}
+bool mrl_dnat_key_search(struct mrl_dnat_key *dnat_key)
+{
+ bool ret = false;
+ if(MESA_htable_search_cb(mrl_instance.ht_dnat, (const unsigned char *)dnat_key, sizeof(mrl_dnat_key),NULL,NULL,NULL) != NULL)
+ {
+ ret = true;
+ }
+ else
+ {
+ if(MESA_htable_search_cb(mrl_instance.ht_dnat, (const unsigned char *)&(dnat_key->trans_ip), sizeof(dnat_key->trans_ip),NULL,NULL,NULL) != NULL)
+ {
+ ret = true;
+ }
+ else
+ {
+ ret = false;
+ }
+ }
+ return ret;
+}
-//�ж��Ƿ���IP���ð�
-bool mrl_pkt_signature_identify(struct streaminfo *mystream)
+//�ж��Ƿ���dnat���ݰ�
+bool mrl_dnat_pkt_identify(struct streaminfo *mystream)
{
- char temp_sip[MRL_STR_IP_LEN];
- char temp_dip[MRL_STR_IP_LEN];
- memset(temp_sip,0,MRL_STR_IP_LEN);
- memset(temp_dip,0,MRL_STR_IP_LEN);
+ bool ret = false;
+ uint16_t sport = 0, dport = 0, temp_port = 0;
+ uint32_t hash_sport = 0, hash_dport =0;
+ uint32_t sip = 0, dip = 0;
+ sport = ntohs(mystream->addr.tuple4_v4->source);
+ dport = ntohs(mystream->addr.tuple4_v4->dest);
+ sip = ntohl(mystream->addr.tuple4_v4->saddr);
+ dip = ntohl(mystream->addr.tuple4_v4->daddr);
+ struct mrl_dnat_key dnat_key;
+ memset(&dnat_key,0,sizeof(dnat_key));
+ dnat_key.trans_ip = sip;
+ dnat_key.trans_port = sport;
+ if(mrl_dnat_key_search(&dnat_key))
+ {
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_dnat_pkt_identify","sapp recv stream info:"
+ "[sip:%u,sport:%hu,dip:%u,dport:%hu] is dnat pkt,the dnat ip is sip",sip,dip,sport,dport);
+ ret = true;
+ }
+ else
+ {
+ dnat_key.trans_ip = dip;
+ dnat_key.trans_port = dport;
+ if(mrl_dnat_key_search(&dnat_key))
+ {
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_dnat_pkt_identify","sapp recv stream info:"
+ "[sip:%u,sport:%hu,dip:%u,dport:%hu] is dnat pkt, the dnat ip is dip",sip,dip,sport,dport);
+ ret = true;
+ }
+ else
+ {
+ ret = false;
+ }
+ }
+ return ret;
+
+}
+
+
+//�ж��Ƿ���snat���ݰ�
+bool mrl_snat_pkt_identify(struct streaminfo *mystream)
+{
+ bool ret = false;
uint8_t type = 0;
uint16_t sport = 0, dport = 0, temp_port = 0;
uint32_t hash_sport = 0, hash_dport =0;
@@ -257,8 +315,6 @@ bool mrl_pkt_signature_identify(struct streaminfo *mystream)
dport = ntohs(mystream->addr.tuple4_v4->dest);
sip = ntohl(mystream->addr.tuple4_v4->saddr);
dip = ntohl(mystream->addr.tuple4_v4->daddr);
- inet_ntop(AF_INET,&(mystream->addr.tuple4_v4->saddr),temp_sip,MRL_STR_IP_LEN);
- inet_ntop(AF_INET,&(mystream->addr.tuple4_v4->daddr),temp_dip,MRL_STR_IP_LEN);
switch(mystream->type)
{
case STREAM_TYPE_TCP:
@@ -275,26 +331,32 @@ bool mrl_pkt_signature_identify(struct streaminfo *mystream)
hash_dport = hash_dport & 0xff;
temp_port = dport & 0xff;
MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_pkt_signature_identify","sapp recv stream info:"
- "sport is %hu, dport is %hu, hash_dport is %hu, temp_port is %u,sip is %s,dip is %s, protocol is %d",
- sport,dport,hash_dport,temp_port,temp_sip,temp_dip,type);
+ "sip is %u,sport is %hu, dip is %u,dport is %hu, hash_dport is %hu, temp_port is %u,, protocol is %d",
+ sip,dip,sport,dport,hash_dport,temp_port,type);
if(hash_dport == temp_port)
{
- return true;
+ global_stat.recv_snat_pkts ++;
+ ret = true;
}
else
{
- hash_sport = dport ^ sip ^ dip ^type;
- hash_sport = hash_sport & 0xff;
- temp_port = sport & 0xff;
- MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_pkt_signature_identify","sapp recv stream info:"
- "sport is %hu, dport is %hu, hash_sport is %hu, temp_port is %u,sip is %s,dip is %s, protocol is %d",
- sport,dport,hash_sport,temp_port,temp_sip,temp_dip,type);
- if(hash_sport == temp_port)
- {
- return true;
- }
- return false;
+ hash_sport = dport ^ sip ^ dip ^type;
+ hash_sport = hash_sport & 0xff;
+ temp_port = sport & 0xff;
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_pkt_signature_identify","sapp recv stream info:"
+ "sip is %u,sport is %hu, dip is %u,dport is %hu, hash_sport is %hu, temp_port is %u,, protocol is %d",
+ sip,dip,sport,dport,hash_dport,temp_port,type);
+ if(hash_sport == temp_port)
+ {
+ global_stat.recv_snat_pkts ++;
+ ret = true;
+ }
+ else
+ {
+ ret =false;
+ }
}
+ return ret;
}
diff --git a/src/mrl_redis.c b/src/mrl_redis.c
index 7de9db1..8fa5c69 100644
--- a/src/mrl_redis.c
+++ b/src/mrl_redis.c
@@ -32,6 +32,21 @@ void ht_nominee_free_cb(void * data)
}
+void ht_dnat_free_cb(void * data)
+{
+ struct mrl_dnat_item *dnat_item = (struct mrl_dnat_item *)data;
+ if(dnat_item != NULL)
+ {
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"ht_dnat_free_cb","the dnat item[orig_ip:%s,orig_port%s,orig_proto:%s,trans_ip:%s,trans_port:%s] is free.",
+ dnat_item->original_dest_ip,dnat_item->original_dest_port,dnat_item->original_protocol,
+ dnat_item->translated_dest_ip,dnat_item->translated_dest_port);
+ free(dnat_item);
+ dnat_item = NULL;
+ global_stat.free_memory += sizeof(struct mrl_dnat_item);
+ }
+
+}
+
MESA_htable_handle mrl_htable_init(void * fn_data_free_cb)
{
unsigned int opt_int;
@@ -124,14 +139,14 @@ void nominee_update_cb(int table_id,const char *table_line,void *u_para)
"config_id:%d,group_id:%d,addr_type:%d,ip_addr:%s,is_valid:%d,effective_range:%s,op_time:%s",
nominee_item->config_id, nominee_item->addr_pool_id,nominee_item->addr_type,
nominee_item->ip_addr, nominee_item->is_valid,nominee_item->effective_range,nominee_item->op_time);
- struct mrl_ht_nominee_key nominee_key;
- memset(&nominee_key,0,sizeof(struct mrl_ht_nominee_key));
+ struct mrl_nominee_key nominee_key;
+ memset(&nominee_key,0,sizeof(struct mrl_nominee_key));
inet_pton(AF_INET,nominee_item->ip_addr,&(nominee_key.sip));
inet_pton(AF_INET,mrl_instance.mrl_cfg.dest_ip,&(nominee_key.dip));
nominee_key.sport=htons(mrl_instance.mrl_cfg.local_port);
nominee_key.dport=htons(mrl_instance.mrl_cfg.dest_port);
- switch(nominee_item->is_valid)
- {
+ switch(nominee_item->is_valid)
+ {
case 0:
if(MESA_htable_search_cb(mrl_instance.ht_nominee, (const unsigned char *)&nominee_key, sizeof(nominee_key),NULL,NULL,NULL) != NULL)
{
@@ -174,13 +189,91 @@ void nominee_update_cb(int table_id,const char *table_line,void *u_para)
default:
assert(0);
break;
- }
+ }
}
+int mrl_dnat_update_action(const unsigned char *key, unsigned int key_len, struct mrl_dnat_item *dnat_item)
+{
+ int ret;
+ switch(dnat_item->is_valid)
+ {
+ case 0:
+ if(MESA_htable_search_cb(mrl_instance.ht_dnat, key, key_len,NULL,NULL,NULL) != NULL)
+ {
+ ret = MESA_htable_del(mrl_instance.ht_dnat, key, key_len, NULL);
+ if(ret < 0)
+ {
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_dnat_update_action","MESA_htable_del func error! ret is %d",ret);
+ assert(0);
+ }
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_dnat_update_action","the dnat item[origin_ip:%u,origin_port:%hu,trans_ip:%u, trans_port:%hu] is deleted.",
+ dnat_item->original_dest_ip,dnat_item->original_dest_port,dnat_item->translated_dest_ip,dnat_item->translated_dest_port);
+ }
+ else
+ {
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_dnat_update_action","the dnat item[origin_ip:%u,origin_port:%hu,trans_ip:%u, trans_port:%hu] is not exsit in nominee htable.",
+ dnat_item->original_dest_ip,dnat_item->original_dest_port,dnat_item->translated_dest_ip,dnat_item->translated_dest_port);
+ }
+ break;
+ case 1:
+ if(MESA_htable_search_cb(mrl_instance.ht_nominee, key, key_len,NULL,NULL,NULL) == NULL)
+ {
+ ret = MESA_htable_add(mrl_instance.ht_nominee, key, key_len, dnat_item);
+ if(ret < 0)
+ {
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_dnat_update_action","MESA_htable_add func error! ret is %d",ret);
+ assert(0);
+ }
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_dnat_update_action","insert the dnat item[origin_ip:%u,origin_port:%hu,trans_ip:%u, trans_port:%hu] into nominee htable.",
+ dnat_item->original_dest_ip,dnat_item->original_dest_port,dnat_item->translated_dest_ip,dnat_item->translated_dest_port);
+ }
+ else
+ {
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_dnat_update_action","the dnat item[origin_ip:%u,origin_port:%hu,trans_ip:%u, trans_port:%hu] is duplicated in nominee htable.",
+ dnat_item->original_dest_ip,dnat_item->original_dest_port,dnat_item->translated_dest_ip,dnat_item->translated_dest_port);
+ }
+ break;
+ default:
+ assert(0);
+ break;
+ }
+ return ret;
+}
void dnat_policy_update_cb(int table_id, const char *table_line, void *u_para)
{
+ int ret = 0;
+ uint32_t ip;
+ uint32_t port;
+ struct mrl_dnat_item *dnat_item = (struct mrl_dnat_policy_item *)calloc(1, sizeof(struct mrl_dnat_item));
+ global_stat.malloc_memory += sizeof(struct mrl_dnat_policy_item);
+ sscanf(table_line,"%d\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%s\t%s",
+ &(dnat_item->config_id), dnat_item->original_dest_ip, dnat_item->original_dest_port,
+ dnat_item->original_protocol, dnat_item->translated_dest_ip, dnat_item->translated_dest_port,
+ &(dnat_item->do_log),&(dnat_item->action),&(dnat_item->service),&(dnat_item->is_valid),
+ dnat_item->effective_range, dnat_item->op_time);
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"dnat_policy_update_cb","get dnat_policy item:"
+ "config_id:%d,original_dest_ip:%s,original_dest_port:%s,original_protocol:%s,translated_dest_ip:%s,"
+ "translated_dest_port:%s,do_log:%d,action:%d,addr_type:%d,service:%d,is_valid:%d,effective_range:%s,op_time:%s",
+ dnat_item->config_id,dnat_item->original_dest_ip,dnat_item->original_dest_port,dnat_item->original_protocol,
+ dnat_item->translated_dest_ip, dnat_item->translated_dest_port,dnat_item->do_log,dnat_item->action,
+ dnat_item->service,dnat_item->is_valid,dnat_item->effective_range, dnat_item->op_time);
+ struct mrl_dnat_key dnat_key;
+ memset(&dnat_key,0,sizeof(struct mrl_dnat_key));
+ inet_pton(INET_AF, dnat_item->translated_dest_ip, (void *)&ip);
+ port = atoi(dnat_item->translated_dest_port);
+ dnat_key.trans_ip = ip;
+ dnat_key.trans_port = port;
+ if(dnat_key.trans_port == 0)
+ {
+ mrl_dnat_update_action((const unsigned char *)&(dnat_key.trans_ip),sizeof(dnat_key.trans_ip),dnat_item);
+ }
+ else
+ {
+ mrl_dnat_update_action((const unsigned char *)&dnat_key, sizeof(dnat_key),dnat_item);
+ }
+
}
@@ -283,7 +376,11 @@ void mrl_get_vxlan_info(struct streaminfo *mystream, struct mrl_vxlan_info *vxl
int position = mrl_get_link_id_index(gdev_index, vxlan_info->vxlan_link_id);
if(position <0)
{
- MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_get_vxlan_info","mrl_get_link_id_index error,link id is %d,gdev index is %d,position is %d",vxlan_info->vxlan_link_id,gdev_index,position);
+ uint16_t sport = ntohs(mystream->addr.tuple4_v4->source);
+ uint16_t dport = ntohs(mystream->addr.tuple4_v4->dest);
+ uint32_t sip = ntohl(mystream->addr.tuple4_v4->saddr);
+ uint32_t dip = ntohl(mystream->addr.tuple4_v4->daddr);
+ MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_get_vxlan_info","mrl_get_link_id_index error,cur pkt [sip:%u, dip:%u,sport:%hu,dport:%hu] link id is error ,link id is %d,gdev index is %d,position is %d",sip,dip,sport,dport,vxlan_info->vxlan_link_id,gdev_index,position);
assert(0);
}
diff --git a/src/mrl_stat.c b/src/mrl_stat.c
index a2ead74..475d853 100644
--- a/src/mrl_stat.c
+++ b/src/mrl_stat.c
@@ -29,7 +29,8 @@ void mrl_stat_init()
global_fs_stat.fs_field_id[FIELD_RECV_GDEV_PKTS] = FS_register(global_fs_stat.handle, FS_STYLE_FIELD, FS_CALC_SPEED,"RECV_GDEV_PKTS");
global_fs_stat.fs_field_id[FIELD_SEND_GDEV_PKTS] = FS_register(global_fs_stat.handle, FS_STYLE_FIELD, FS_CALC_SPEED,"SEND_GDEV_PKTS");
- global_fs_stat.fs_field_id[FIELD_RECV_IR_PKTS] = FS_register(global_fs_stat.handle, FS_STYLE_FIELD, FS_CALC_SPEED,"rec_ir_pkts");
+ global_fs_stat.fs_field_id[FIELD_RECV_SNAT_PKTS] = FS_register(global_fs_stat.handle, FS_STYLE_FIELD, FS_CALC_SPEED,"rec_snat_pkts");
+ global_fs_stat.fs_field_id[FIELD_RECV_DNAT_PKTS] = FS_register(global_fs_stat.handle, FS_STYLE_FIELD, FS_CALC_SPEED,"rec_dnat_pkts");
global_fs_stat.fs_field_id[FIELD_RECV_GDEV_TCP_PKTS] = FS_register(global_fs_stat.handle, FS_STYLE_FIELD, FS_CALC_SPEED,"recv_gdev_tcp_pkts");
global_fs_stat.fs_field_id[FIELD_RECV_GDEV_UDP_PKTS] = FS_register(global_fs_stat.handle, FS_STYLE_FIELD, FS_CALC_SPEED,"recv_gdev_udp_pkts");
@@ -53,10 +54,12 @@ void mrl_stat_output()
FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_SEND_GDEV_PKTS], 0, FS_OP_SET, global_stat.send_gdev_total_pkts);
FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_RECV_GDEV_PKTS], 0, FS_OP_SET, global_stat.recv_gdev_total_pkts);
+
FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_RECV_GDEV_TCP_PKTS], 0, FS_OP_SET, global_stat.recv_gdev_tcp_pkts);
FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_RECV_GDEV_UDP_PKTS], 0, FS_OP_SET, global_stat.recv_gdev_udp_pkts);
- FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_RECV_IR_PKTS], 0, FS_OP_SET, global_stat.recv_ir_pkts);
+ FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_RECV_SNAT_PKTS], 0, FS_OP_SET, global_stat.recv_snat_pkts);
+ FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_RECV_DNAT_PKTS], 0, FS_OP_SET, global_stat.recv_dnat_pkts);
FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_SEND_DETECT_PKTS], 0, FS_OP_SET, global_stat.send_detect_pkts);
FS_operate(global_fs_stat.handle, global_fs_stat.fs_field_id[FIELD_RECV_DETECT_PKTS], 0, FS_OP_SET, global_stat.recv_detect_pkts);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 16:11:25 +0000