From 3cf8232a9b37ea7eed5158a634a23e4cf1c556f1 Mon Sep 17 00:00:00 2001 From: lijie Date: Thu, 24 Jan 2019 16:32:52 +0800 Subject: 修改无法删除vxlan_info问题;修改无法正确删除dnat_policy策略问题 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/conf/all_ip_info_v4.mmdb | Bin 148263034 -> 0 bytes ...\264\346\230\216-\347\256\200\347\211\210.docx" | Bin 20871 -> 21411 bytes include/mrl_utils.h | 3 +- src/mrl_io.cpp | 32 ++++--- src/mrl_redis.cpp | 101 +++++++++++---------- src/mrl_utils.cpp | 11 +-- 6 files changed, 82 insertions(+), 65 deletions(-) delete mode 100644 bin/conf/all_ip_info_v4.mmdb diff --git a/bin/conf/all_ip_info_v4.mmdb b/bin/conf/all_ip_info_v4.mmdb deleted file mode 100644 index a5d5bd9..0000000 Binary files a/bin/conf/all_ip_info_v4.mmdb and /dev/null differ diff --git "a/doc/MRL\351\203\250\347\275\262\345\217\212\345\270\270\350\247\201\346\227\245\345\277\227\350\257\264\346\230\216-\347\256\200\347\211\210.docx" "b/doc/MRL\351\203\250\347\275\262\345\217\212\345\270\270\350\247\201\346\227\245\345\277\227\350\257\264\346\230\216-\347\256\200\347\211\210.docx" index 03414b3..4d09b6e 100644 Binary files "a/doc/MRL\351\203\250\347\275\262\345\217\212\345\270\270\350\247\201\346\227\245\345\277\227\350\257\264\346\230\216-\347\256\200\347\211\210.docx" and "b/doc/MRL\351\203\250\347\275\262\345\217\212\345\270\270\350\247\201\346\227\245\345\277\227\350\257\264\346\230\216-\347\256\200\347\211\210.docx" differ diff --git a/include/mrl_utils.h b/include/mrl_utils.h index 56d2759..794221c 100644 --- a/include/mrl_utils.h +++ b/include/mrl_utils.h @@ -56,6 +56,7 @@ #define MRL_CLOSED_LOCATION -1 #define MRL_INSIDE_LOCATION 0 #define MRL_OUTSIDE_LOCATION 1 +#define MRL_UNDEFINED_LOCATION 2 #define MRL_COUNTRY_LEVEL 0 #define MRL_PROVINCE_LEVEL 1 @@ -107,6 +108,6 @@ int mrl_get_pkt_tuple(const char *raw_packet, struct mrl_tuple *five_tuple); void mrl_mmdb_init(const char *path); -int mrl_is_inside_ip(const char *ip_addr); +int mrl_is_outside_ip(const char *ip_addr); #endif diff --git a/src/mrl_io.cpp b/src/mrl_io.cpp index 2879108..265f4de 100644 --- a/src/mrl_io.cpp +++ b/src/mrl_io.cpp @@ -323,7 +323,7 @@ void ht_link_identity_iterate_cb(const uchar* key, uint size, void* data, void* size_t ip_len = 0; int thread_seq = 0; int temp_len = 0; - int is_inside = -1; + int is_outside = MRL_CLOSED_LOCATION; char ip_pkt[MRL_IP_PKT_LEN]; memset(ip_pkt,0,MRL_IP_PKT_LEN); uint64_t* identity_value = (uint64_t* )data; @@ -336,15 +336,20 @@ void ht_link_identity_iterate_cb(const uchar* key, uint size, void* data, void* inet_pton(AF_INET,mydata->detect_ip,&sip); if(mrl_instance.mrl_cfg.ip_location_enable) { - is_inside =mrl_is_inside_ip(mydata->detect_ip); - if(is_inside) + is_outside =mrl_is_outside_ip(mydata->detect_ip); + switch(is_outside) { - inet_pton(AF_INET,mrl_instance.mrl_cfg.outside_detect_ip,&dip); - } - else - { - inet_pton(AF_INET,mrl_instance.mrl_cfg.inside_detect_ip,&dip); - } + case MRL_INSIDE_LOCATION: + case MRL_UNDEFINED_LOCATION: + inet_pton(AF_INET,mrl_instance.mrl_cfg.outside_detect_ip,&dip); + break; + case MRL_OUTSIDE_LOCATION: + inet_pton(AF_INET,mrl_instance.mrl_cfg.inside_detect_ip,&dip); + break; + default: + assert(0); + break; + } } else { @@ -354,7 +359,7 @@ void ht_link_identity_iterate_cb(const uchar* key, uint size, void* data, void* sapp_get_platform_opt(SPO_INDEPENDENT_THREAD_ID, &thread_seq, &temp_len); mrl_send_to_gdev(thread_seq,link_identity,ip_pkt,ip_len); global_stat.send_detect_pkts ++; - switch(is_inside) + switch(is_outside) { case MRL_CLOSED_LOCATION: MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"ht_link_identity_iterate_cb", @@ -365,12 +370,17 @@ void ht_link_identity_iterate_cb(const uchar* key, uint size, void* data, void* MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"ht_link_identity_iterate_cb", "cur detect ip %s is inside ip,detect dest ip is %s,detect payload info is [nominee_type:%d,link_identity:%lu]", mydata->detect_ip,mrl_instance.mrl_cfg.outside_detect_ip,mydata->nominee_type,link_identity); - break; + break; case MRL_OUTSIDE_LOCATION: MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"ht_link_identity_iterate_cb", "cur detect ip %s is outside ip,detect dest ip is %s,detect payload info is [nominee_type:%d,link_identity:%lu]", mydata->detect_ip,mrl_instance.mrl_cfg.inside_detect_ip,mydata->nominee_type,link_identity); break; + case MRL_UNDEFINED_LOCATION: + MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"ht_link_identity_iterate_cb", + "cur detect ip %s is undefined ip,detect dest ip is %s,detect payload info is [nominee_type:%d,link_identity:%lu]", + mydata->detect_ip,mrl_instance.mrl_cfg.inside_detect_ip,mydata->nominee_type,link_identity); + break; default: assert(0); break; diff --git a/src/mrl_redis.cpp b/src/mrl_redis.cpp index 90b83c4..34c49ef 100644 --- a/src/mrl_redis.cpp +++ b/src/mrl_redis.cpp @@ -267,14 +267,17 @@ void Maat_del_back_info(const int cfg_id, const char *back_ip) void Maat_del_dnat_candidate(const char *candidate_ip,int rule_id) { - if(Maat_del_line(mrl_instance.dynamic_feather, rule_id,MRL_DEL_AFTER,IR_DNAT_CANDIDATE_IP_TABLE_NAME)) + if(MESA_htable_search_cb(mrl_instance.ht_dnat_candidate, (const unsigned char *)candidate_ip, MRL_STR_IP_LEN,NULL,NULL,NULL) != NULL) { - MESA_handle_runtime_log(mrl_instance.mrl_log_handle,RLOG_LV_FATAL,"Maat_del_dnat_candidate","Maat succeed to del dnat_candidate item %s",candidate_ip); - global_stat.vxlan_info_num--; - } - else - { - MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"Maat_del_dnat_candidate","Maat fail to del dnat_candidate item %s",candidate_ip); + if(Maat_del_line(mrl_instance.dynamic_feather, rule_id,MRL_DEL_AFTER,IR_DNAT_CANDIDATE_IP_TABLE_NAME)) + { + MESA_handle_runtime_log(mrl_instance.mrl_log_handle,RLOG_LV_FATAL,"Maat_del_dnat_candidate","Maat succeed to del dnat_candidate item %s",candidate_ip); + global_stat.vxlan_info_num--; + } + else + { + MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"Maat_del_dnat_candidate","Maat fail to del dnat_candidate item %s",candidate_ip); + } } } @@ -287,7 +290,7 @@ void mrl_create_snat_candidate(struct mrl_snat_candidate* snat_candidate, struct strncpy(snat_candidate->ip_addr,(const char*)snat_nominee->ip_addr,MRL_STR_IP_LEN); if(mrl_instance.mrl_cfg.ip_location_enable) { - snat_candidate->location = mrl_is_inside_ip(snat_candidate->ip_addr); + snat_candidate->location = mrl_is_outside_ip(snat_candidate->ip_addr); } else { @@ -309,7 +312,7 @@ void mrl_create_dnat_candidate(struct mrl_dnat_candidate* dnat_candidate, struct dnat_candidate->addr_type = dnat_nominee->addr_type; if(mrl_instance.mrl_cfg.ip_location_enable) { - dnat_candidate->location = mrl_is_inside_ip(dnat_candidate->ip_addr); + dnat_candidate->location = mrl_is_outside_ip(dnat_candidate->ip_addr); } else { @@ -404,7 +407,7 @@ void snat_nominee_start_cb(int update_type,void* u_para) void snat_nominee_update_cb(int table_id,const char *table_line,void *u_para) { int ret = 0; - int is_inside = -1; + int is_outside = MRL_CLOSED_LOCATION; struct mrl_nominee snat_nominee; memset(&snat_nominee,0,sizeof(snat_nominee)); @@ -424,10 +427,11 @@ void snat_nominee_update_cb(int table_id,const char *table_line,void *u_para) strncpy(nominee_key.sip,(const char*)snat_nominee.ip_addr,MRL_STR_IP_LEN); if(mrl_instance.mrl_cfg.ip_location_enable) { - is_inside = mrl_is_inside_ip(snat_nominee.ip_addr); - switch(is_inside) + is_outside = mrl_is_outside_ip(snat_nominee.ip_addr); + switch(is_outside) { case MRL_INSIDE_LOCATION: + case MRL_UNDEFINED_LOCATION: strncpy(nominee_key.dip,(const char*)mrl_instance.mrl_cfg.outside_detect_ip,MRL_STR_IP_LEN); break; case MRL_OUTSIDE_LOCATION: @@ -599,7 +603,7 @@ void dnat_policy_start_cb(int update_type,void* u_para) void dnat_policy_update_cb(int table_id, const char *table_line, void *u_para) { - int ret = 0, is_inside = -1; + int ret = 0, is_outside = MRL_CLOSED_LOCATION; int operation = MRL_ADD_DNAT_NOMINEE; long nominee_count = 0; struct mrl_dnat_policy dnat_policy; @@ -629,10 +633,11 @@ void dnat_policy_update_cb(int table_id, const char *table_line, void *u_para) strncpy(nominee_key.sip,dnat_policy.original_dest_ip,MRL_STR_IP_LEN); if(mrl_instance.mrl_cfg.ip_location_enable) { - is_inside = mrl_is_inside_ip(dnat_policy.original_dest_ip); - switch(is_inside) + is_outside = mrl_is_outside_ip(dnat_policy.original_dest_ip); + switch(is_outside) { case MRL_INSIDE_LOCATION: + case MRL_UNDEFINED_LOCATION: strncpy(nominee_key.dip,(const char*)mrl_instance.mrl_cfg.outside_detect_ip,MRL_STR_IP_LEN); break; case MRL_OUTSIDE_LOCATION: @@ -1102,13 +1107,10 @@ bool mrl_construct_ir_vxlan_info(int cfg_id, uint64_t link_identity,const char* assert(0); return false; } - else - { - global_stat.vxlan_info_num++; - MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_construct_ir_vxlan_info"," Maat succeed to insert the vxlan_info key[back_ip:%s] into ht_vxlan_info",back_ip); - Maat_set_vxlan_info(mrl_instance.dynamic_feather,vxlan_info); - return true; - } + global_stat.vxlan_info_num++; + MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_construct_ir_vxlan_info"," Maat succeed to insert the vxlan_info key[back_ip:%s] into ht_vxlan_info",back_ip); + Maat_set_vxlan_info(mrl_instance.dynamic_feather,vxlan_info); + return true; } else { @@ -1133,27 +1135,21 @@ void mrl_construct_ir_mrl_ip(int mrl_ip_config_id, const char* back_ip, int back assert(0); return; } - else - { - global_stat.mrl_ip_num ++; - MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_construct_ir_mrl_ip"," Maat succeed to insert the mrl_ip_info key[back_ip:%s] into ht_mrl_ip_info",back_ip); - Maat_set_mrl_ip(mrl_instance.dynamic_feather, mrl_ip); - return ; - } + global_stat.mrl_ip_num ++; + MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_construct_ir_mrl_ip"," Maat succeed to insert the mrl_ip_info key[back_ip:%s] into ht_mrl_ip_info",back_ip); + Maat_set_mrl_ip(mrl_instance.dynamic_feather, mrl_ip); } else { MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_construct_ir_mrl_ip","the mrl_ip_info key[back_ip:%s] is duplicate in ht_mrl_ip_info",back_ip); - return ; } - + return ; } void mrl_deal_snat_detect(struct mrl_nominee* snat_nominee, uint64_t link_identity) { int ret = 0; struct mrl_snat_candidate* snat_candidate = NULL; - if(MESA_htable_search_cb(mrl_instance.ht_snat_candidate, (const unsigned char *)snat_nominee->ip_addr, MRL_STR_IP_LEN,NULL,NULL,NULL) == NULL) { snat_candidate = (struct mrl_snat_candidate* )calloc(1,sizeof(struct mrl_snat_candidate)); @@ -1162,19 +1158,18 @@ void mrl_deal_snat_detect(struct mrl_nominee* snat_nominee, uint64_t link_identi ret = MESA_htable_add(mrl_instance.ht_snat_candidate, (const unsigned char *)snat_candidate->ip_addr, MRL_STR_IP_LEN, snat_candidate); if(ret < 0) { - MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_deal_snat_detect","fail to add the snat_candidate key[ip_addr:%s] into ht_vxlan_info! ret is %d",snat_candidate->ip_addr,ret); + MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_deal_snat_detect","fail to add the snat_candidate key[ip_addr:%s] into ht_snat_candidate ! ret is %d",snat_candidate->ip_addr,ret); free(snat_candidate); snat_candidate = NULL; assert(0); - } - else + return; + } + global_stat.snat_candidate_num ++; + if(Maat_set_snat_candidate(mrl_instance.dynamic_feather,snat_candidate)) { - if(Maat_set_snat_candidate(mrl_instance.dynamic_feather,snat_candidate)) + if(mrl_construct_ir_vxlan_info(snat_candidate->config_id,link_identity,snat_candidate->ip_addr,MRL_SNAT_BACK_TYPE)) { - if(mrl_construct_ir_vxlan_info(snat_candidate->config_id,link_identity,snat_candidate->ip_addr,MRL_SNAT_BACK_TYPE)) - { - mrl_construct_ir_mrl_ip(snat_candidate->config_id,snat_candidate->ip_addr,MRL_SNAT_BACK_TYPE); - } + mrl_construct_ir_mrl_ip(snat_candidate->config_id,snat_candidate->ip_addr,MRL_SNAT_BACK_TYPE); } } } @@ -1186,22 +1181,34 @@ void mrl_deal_snat_detect(struct mrl_nominee* snat_nominee, uint64_t link_identi void mrl_deal_dnat_detect(struct mrl_nominee* dnat_nominee, uint64_t link_identity) { - struct mrl_dnat_candidate dnat_candidate; - memset(&dnat_candidate,0,sizeof(struct mrl_dnat_candidate)); + int ret = 0; + struct mrl_dnat_candidate* dnat_candidate = NULL; if(MESA_htable_search_cb(mrl_instance.ht_dnat_candidate, (const unsigned char *)dnat_nominee->ip_addr, MRL_STR_IP_LEN,NULL,NULL,NULL) == NULL) { - mrl_create_dnat_candidate(&dnat_candidate,dnat_nominee); - if(Maat_set_dnat_candidate(mrl_instance.dynamic_feather,&dnat_candidate)) + dnat_candidate = (struct mrl_dnat_candidate* )calloc(1,sizeof(struct mrl_dnat_candidate)); + global_stat.malloc_memory += sizeof(struct mrl_dnat_candidate); + mrl_create_dnat_candidate(dnat_candidate,dnat_nominee); + ret = MESA_htable_add(mrl_instance.ht_dnat_candidate, (const unsigned char *)dnat_candidate->ip_addr, MRL_STR_IP_LEN, dnat_candidate); + if(ret < 0) + { + MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_deal_dnat_detect","fail to add the dnat_candidate key[ip_addr:%s] into ht_dnat_candidate! ret is %d",dnat_candidate->ip_addr,ret); + free(dnat_candidate); + dnat_candidate = NULL; + assert(0); + return; + } + global_stat.dnat_candidate_num ++; + if(Maat_set_dnat_candidate(mrl_instance.dynamic_feather,dnat_candidate)) { - if(mrl_construct_ir_vxlan_info(dnat_candidate.config_id,link_identity,dnat_candidate.ip_addr,MRL_DNAT_BACK_TYPE)) + if(mrl_construct_ir_vxlan_info(dnat_candidate->config_id,link_identity,dnat_candidate->ip_addr,MRL_DNAT_BACK_TYPE)) { - mrl_construct_ir_mrl_ip(dnat_candidate.config_id,dnat_candidate.ip_addr,MRL_DNAT_BACK_TYPE); + mrl_construct_ir_mrl_ip(dnat_candidate->config_id,dnat_candidate->ip_addr,MRL_DNAT_BACK_TYPE); } } } else { - MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_identify_detect_pkt","cur candidate ip[ip_addr:%s] is duplicated int ht_dnat_candidate",dnat_nominee->ip_addr); + MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_DEBUG,"mrl_deal_dnat_detect","cur dnat candidate ip[ip_addr:%s] is duplicated int ht_dnat_candidate",dnat_nominee->ip_addr); } } diff --git a/src/mrl_utils.cpp b/src/mrl_utils.cpp index 7c9283f..96e12a3 100644 --- a/src/mrl_utils.cpp +++ b/src/mrl_utils.cpp @@ -287,25 +287,24 @@ int mrl_search_ip_country(MMDB_s mmdb, const char *ip_address, const unsigned in { if(memcmp(name, entry_data.utf8_string, entry_data.data_size) == 0) { - return 0; + return MRL_INSIDE_LOCATION; } else { - return 1; + return MRL_OUTSIDE_LOCATION; } } } - return -1; + return MRL_UNDEFINED_LOCATION; } -int mrl_is_inside_ip(const char *ip_addr) +int mrl_is_outside_ip(const char *ip_addr) { int location = 0; location = mrl_search_ip_country(mrl_instance.mrl_mmdb, ip_addr, mrl_instance.mrl_cfg.ip_location_level,mrl_instance.mrl_cfg.ip_location_name); if(location < 0) { - MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_is_inside_ip","cur ip addr %s not exist in mmdb",ip_addr); - return 0; + MESA_handle_runtime_log(mrl_instance.mrl_log_handle, RLOG_LV_FATAL,"mrl_is_outside_ip","cur ip addr %s not exist in mmdb",ip_addr); } return location; } -- cgit v1.2.3