diff options
| author | liuxueli <[email protected]> | 2023-05-10 11:13:02 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2023-05-10 11:13:02 +0800 |
| commit | 36dafd426749cc11cd0e8e41daabc15dfaa0616f (patch) | |
| tree | 136dbb0b96fc1adfd53bd2caef70bcc65e179f19 | |
| parent | 756a8b3a0de1034342f8ebbe11297613e65eaab5 (diff) | |
TSG-14961: SAPP接收的控制报文(TFE/SCE/SHAPER的LOG_UPDATE),规避检查是否为重复流量及校验IP报文长度的逻辑v4.3.1
| -rw-r--r-- | src/dealpkt/deal_ipv4.c | 10 | ||||
| -rw-r--r-- | src/dealpkt/deal_tcp.c | 11 | ||||
| -rw-r--r-- | src/dealpkt/deal_udp.c | 11 | ||||
| -rw-r--r-- | src/packet_io/packet_io_hook.c | 32 | ||||
| -rw-r--r-- | src/packet_io/sendpacket.c | 5 |
5 files changed, 40 insertions, 29 deletions
diff --git a/src/dealpkt/deal_ipv4.c b/src/dealpkt/deal_ipv4.c index 65f2c7b..7b3e8b1 100644 --- a/src/dealpkt/deal_ipv4.c +++ b/src/dealpkt/deal_ipv4.c @@ -934,9 +934,13 @@ static inline int checkipv4pkt(const struct mesa_ip4_hdr * iph, const raw_pkt_t || (pkt_declare_len > pkt_actual_len)
|| (iph->ip_hl < 5)
|| (iph->ip_v != 4)
- || (pkt_declare_len < iph->ip_hl << 2)){
- sapp_runtime_log(RLOG_LV_DEBUG, "ipv4 packet check error: pkt length, hdr len, or version error, pkt_declare_len:%d, pkt_actual_len:%d", pkt_declare_len, pkt_actual_len);
- return -1;
+ || (pkt_declare_len < iph->ip_hl << 2)){
+
+ if(raw_pkt->is_ctrl_pkt==0)
+ {
+ sapp_runtime_log(RLOG_LV_DEBUG, "ipv4 packet check error: pkt length, hdr len, or version error, pkt_declare_len:%d, pkt_actual_len:%d", pkt_declare_len, pkt_actual_len);
+ return -1;
+ }
}
#if 0
diff --git a/src/dealpkt/deal_tcp.c b/src/dealpkt/deal_tcp.c index 6dcca56..cf4c112 100644 --- a/src/dealpkt/deal_tcp.c +++ b/src/dealpkt/deal_tcp.c @@ -2923,11 +2923,12 @@ static int deal_tcp_stream(struct streamindex *pindex, const void *this_iphdr, s 1)��������˴�������, �ش�����ʶ������ظ����Ļ�, sapp��ֱ��PASS��, ʵ���Ǹ�������ʵͨ��˫������, û�о���tfe����, ���ܾͶ�����. 2)���������firewall��drop����, ��һ��drop�ɹ���, ��Ӧ�ò���ش�, �ش�����ʶ������ظ����Ļ�, sapp��ֱ��PASS��, ����CT. */ - if(deal_tcp_stream_dup_pkt_check(pstream->threadnum, pstream_pr, pdetail_pr, (const struct mesa_ip4_hdr *)this_iphdr, this_tcphdr) != 0){ - local_sys_stat->count[SAPP_STAT_RCV_DUP_TCP]++; - local_sys_stat->length[SAPP_STAT_RCV_DUP_TCP] += tcplen; - cycle_pkt_dump_by_classify(pstream->threadnum, raw_pkt, PKT_CLASSIFY_REPEAT); - return PASS; + if(raw_pkt->is_ctrl_pkt==0 && + deal_tcp_stream_dup_pkt_check(pstream->threadnum, pstream_pr, pdetail_pr, (const struct mesa_ip4_hdr *)this_iphdr, this_tcphdr) != 0){ + local_sys_stat->count[SAPP_STAT_RCV_DUP_TCP]++; + local_sys_stat->length[SAPP_STAT_RCV_DUP_TCP] += tcplen; + cycle_pkt_dump_by_classify(pstream->threadnum, raw_pkt, PKT_CLASSIFY_REPEAT); + return PASS; } if(unlikely(pdetail_pr->drop_stream_flag != 0)){ diff --git a/src/dealpkt/deal_udp.c b/src/dealpkt/deal_udp.c index 42b620b..95ba2f5 100644 --- a/src/dealpkt/deal_udp.c +++ b/src/dealpkt/deal_udp.c @@ -647,11 +647,12 @@ int dealipv4udppkt(struct streamindex *pindex, const struct mesa_ip4_hdr * this_ return PASS; } - if(dealipv4udppkt_dup_check(pstream->threadnum, pstream_pr, pdetail_pr, is_overlay_udp_layer, this_iphdr, udph) != 0){ - local_sys_stat->count[SAPP_STAT_RCV_DUP_UDP]++; - local_sys_stat->length[SAPP_STAT_RCV_DUP_UDP] += ulen; - cycle_pkt_dump_by_classify(pstream->threadnum, raw_pkt, PKT_CLASSIFY_REPEAT); - return PASS; + if(raw_pkt->is_ctrl_pkt==0 && + dealipv4udppkt_dup_check(pstream->threadnum, pstream_pr, pdetail_pr, is_overlay_udp_layer, this_iphdr, udph) != 0){ + local_sys_stat->count[SAPP_STAT_RCV_DUP_UDP]++; + local_sys_stat->length[SAPP_STAT_RCV_DUP_UDP] += ulen; + cycle_pkt_dump_by_classify(pstream->threadnum, raw_pkt, PKT_CLASSIFY_REPEAT); + return PASS; } /* 2014-11-15 lijia add, for udp serial kill udp */ diff --git a/src/packet_io/packet_io_hook.c b/src/packet_io/packet_io_hook.c index d1b5777..f8d63e5 100644 --- a/src/packet_io/packet_io_hook.c +++ b/src/packet_io/packet_io_hook.c @@ -5,12 +5,12 @@ /* 2020-09-28 add: - 传统意义上的packet_io, 一般不会修改原始包内容的, 原样收、原样转发, + ��ͳ�����ϵ�packet_io, һ�㲻����ԭʼ�����ݵ�, ԭ���ա�ԭ��ת��, - 但是在inline串联模式下, 如vxlan等, 需要对收到的包进行翻转, 如底层mac, 底层ip等. - 或者某些地址参数根本不在原始包里呈现, 要通过一些tes接口设置转发参数, 如A设备获取vlan、设置转发vlan, 等等, + ������inline����ģʽ��, ��vxlan��, ��Ҫ���յ��İ����з�ת, ��ײ�mac, �ײ�ip��. + ����ijЩ��ַ������������ԭʼ�������, Ҫͨ��һЩtes�ӿ�����ת������, ��A�豸��ȡvlan������ת��vlan, �ȵ�, - 原来都由mrtunnat完成, 对sapp透明, mrtunnat被取代后, 新增此层, 用于完成上述功能. + ԭ������mrtunnat���, ��sapp��, mrtunnat��ȡ����, �����˲�, ���������������. */ #ifdef __cplusplus @@ -60,12 +60,12 @@ static int packet_io_hook_output_vlan_flipping(raw_pkt_t *raw_pkt, unsigned char } if(raw_pkt->route_dir == route_dir){ - /* 原始包同向发送, 需要设置发送vlan为couple vlan id */ + /* ԭʼ��ͬ����, ��Ҫ���÷���vlanΪcouple vlan id */ marsio_set_vlan_id_to_mbuff((void *)io_lib_pkt_reference, raw_pkt->vlan_flipping_couple[1]); sapp_runtime_log(RLOG_LV_DEBUG, "%s: input_vlan_id:%u, output_vlan_id:%u, mac_flapping:%d", action, raw_pkt->vlan_flipping_couple[0], raw_pkt->vlan_flipping_couple[1], raw_pkt->mac_flipping_enable); }else{ - /* 反向注入, 需要设置发送vlan为收包时的vlan id */ + /* ����ע��, ��Ҫ���÷���vlanΪ�հ�ʱ��vlan id */ marsio_set_vlan_id_to_mbuff((void *)io_lib_pkt_reference, raw_pkt->vlan_flipping_couple[0]); sapp_runtime_log(RLOG_LV_DEBUG, "%s: input_vlan_id:%u, output_vlan_id:%u, mac_flapping:%d", action, raw_pkt->vlan_flipping_couple[0], raw_pkt->vlan_flipping_couple[0], raw_pkt->mac_flipping_enable); @@ -81,13 +81,13 @@ static int packet_io_hook_output_vxlan(raw_pkt_t *raw_pkt, void *raw_pkt_data, u struct mesa_ethernet_hdr *send_ethh = (struct mesa_ethernet_hdr *)(raw_pkt_data); const struct mesa_ip4_hdr *raw_ip4h = (struct mesa_ip4_hdr *)((char *)raw_pkt->raw_pkt_data + sizeof(struct mesa_ethernet_hdr)); struct mesa_ip4_hdr *send_ip4h = (struct mesa_ip4_hdr *)((char *)raw_pkt_data + sizeof(struct mesa_ethernet_hdr)); - /* vxlan udp层不用翻转, checksum设为0即可 */ + /* vxlan udp�㲻�÷�ת, checksum��Ϊ0���� */ struct mesa_udp_hdr *send_outer_udp_hdr = (struct mesa_udp_hdr *)((char *)raw_pkt_data + sizeof(struct mesa_ethernet_hdr)+sizeof(struct mesa_ip4_hdr)); const inline_vxlan_hdr_t *raw_vxlan_hdr = (inline_vxlan_hdr_t *)((char *)raw_pkt->raw_pkt_data + sizeof(struct mesa_ethernet_hdr) + sizeof(struct mesa_ip4_hdr) + sizeof(struct mesa_udp_hdr)); inline_vxlan_hdr_t *send_vxlan_hdr = (inline_vxlan_hdr_t *)((char *)raw_pkt_data + sizeof(struct mesa_ethernet_hdr) + sizeof(struct mesa_ip4_hdr) + sizeof(struct mesa_udp_hdr)); unsigned char tmp_mac_addr[ETH_ALEN]; unsigned int tmp_ip_addr; - /* 注意, 在forward时,raw_pkt->raw_pkt_data和raw_pkt_data实际上是一个地址, 需要暂存一下,不能直接像下面这样copy: */ + /* ע��, ��forwardʱ,raw_pkt->raw_pkt_data��raw_pkt_dataʵ������һ����ַ, ��Ҫ�ݴ�һ��,����ֱ������������copy: */ #if 0 memcpy((void *)send_ethh->ether_shost, raw_ethh->ether_dhost, ETH_ALEN); memcpy((void *)send_ethh->ether_dhost, raw_ethh->ether_shost, ETH_ALEN); @@ -97,7 +97,7 @@ static int packet_io_hook_output_vxlan(raw_pkt_t *raw_pkt, void *raw_pkt_data, u memcpy((void *)send_ethh->ether_dhost, tmp_mac_addr, ETH_ALEN); #endif - /* 注意, 在forward时,raw_pkt->raw_pkt_data和raw_pkt_data实际上是一个地址, 需要暂存一下,不能直接像下面这样copy: */ + /* ע��, ��forwardʱ,raw_pkt->raw_pkt_data��raw_pkt_dataʵ������һ����ַ, ��Ҫ�ݴ�һ��,����ֱ������������copy: */ #if 0 send_ip4h->ip_src.s_addr = raw_ip4h->ip_dst.s_addr; send_ip4h->ip_dst.s_addr = raw_ip4h->ip_src.s_addr; @@ -107,7 +107,7 @@ static int packet_io_hook_output_vxlan(raw_pkt_t *raw_pkt, void *raw_pkt_data, u send_ip4h->ip_dst.s_addr = tmp_ip_addr; #endif - /* keepalive icmp应答不是udp协议, 是g_dev_plug插件直接注入原始包, 是个特例, 此处要判断一下 */ + /* keepalive icmpӦ����udpЭ��, ��g_dev_plug���ֱ��ע��ԭʼ��, �Ǹ�����, �˴�Ҫ�ж�һ�� */ if(IPPROTO_UDP == raw_ip4h->ip_p){ send_outer_udp_hdr->uh_sum = 0; //send_vxlan_hdr->dir = route_dir; //20220415 liuxueli for TSG-10227 @@ -126,10 +126,10 @@ static int packet_io_hook_update_vlan_couple(raw_pkt_t *raw_pkt, unsigned short raw_pkt->mac_flipping_enable = vlan_map[vlan_id].mac_flipping_enable; if('C' == vlan_map[vlan_id].this_vlan_route_location){ - /* 数据包来自C路由器端, 即C2I(I2E)方向, 根据inbound_route_dir的值, 更新当前包route_dir的值 */ + /* ���ݰ�����C·������, ��C2I(I2E)����, ����inbound_route_dir��ֵ, ���µ�ǰ��route_dir��ֵ */ raw_pkt->route_dir = sapp_global_val->config.packet_io.inbound_route_dir ^ 1; }else{ - /* 数据包来自I路由器端, 即I2C(E2I)方向, 根据inbound_route_dir的值, 更新当前包route_dir的值 */ + /* ���ݰ�����I·������, ��I2C(E2I)����, ����inbound_route_dir��ֵ, ���µ�ǰ��route_dir��ֵ */ raw_pkt->route_dir = sapp_global_val->config.packet_io.inbound_route_dir; } @@ -140,7 +140,7 @@ static int packet_io_hook_update_vlan_couple(raw_pkt_t *raw_pkt, unsigned short } /* - 如果从metadata里获取不到, 从原始包里解析vlan头部获取. + �����metadata���ȡ����, ��ԭʼ�������vlanͷ����ȡ. */ static unsigned short get_vlan_id_from_rawpkt(raw_pkt_t *raw_pkt) { @@ -156,13 +156,13 @@ static int packet_io_hook_input_vlan_flipping(raw_pkt_t *raw_pkt, unsigned char int ret = 0; vlan_id = marsio_get_vlan_id_from_mbuff((void *)raw_pkt->io_lib_pkt_reference); - if((vlan_id > 1) && (vlan_map[vlan_id].couple_vlan_id > 1)){ /* vlan_id 不在vlan flipping表中, 不算作overlay packet */ + if((vlan_id > 1) && (vlan_map[vlan_id].couple_vlan_id > 1)){ /* vlan_id ����vlan flipping����, ������overlay packet */ packet_io_hook_update_vlan_couple(raw_pkt, vlan_id); ret= 0; raw_pkt->overlay_layer_bytes = 0; }else{ vlan_id = get_vlan_id_from_rawpkt(raw_pkt); - if((vlan_id > 1) && (vlan_map[vlan_id].couple_vlan_id > 1)){ /* vlan_id 不在vlan flipping表中, 不算作overlay packet */ + if((vlan_id > 1) && (vlan_map[vlan_id].couple_vlan_id > 1)){ /* vlan_id ����vlan flipping����, ������overlay packet */ packet_io_hook_update_vlan_couple(raw_pkt, vlan_id); }else{ sapp_runtime_log(RLOG_LV_DEBUG, "packet_io_hook_input(), not found vlan_id:%u in vlan flipping table\n", vlan_id); @@ -217,7 +217,7 @@ int packet_io_hook_input(raw_pkt_t *raw_pkt, unsigned char dir, int thread_num) { int ret = 0; - /* vlan flipping与overlay可共存, 如果metadata或原始包里有vlan且命中flip规则, 则进行翻转,可能是本机自检流量; */ + /* vlan flipping��overlay�ɹ���, ���metadata��ԭʼ������vlan������flip����, ����з�ת,�����DZ����Լ�����; */ ret = packet_io_hook_input_vlan_flipping(raw_pkt, dir, thread_num); if(ret >= 0){ return 0; diff --git a/src/packet_io/sendpacket.c b/src/packet_io/sendpacket.c index 2d78a80..99f2dcd 100644 --- a/src/packet_io/sendpacket.c +++ b/src/packet_io/sendpacket.c @@ -3407,6 +3407,11 @@ int __sapp_inject_pkt(struct streaminfo *raw_stream, enum sapp_inject_opt sio, { ((raw_pkt_t *)raw_pkt)->stream_trace_id = raw_stream_pr->stream_trace_id; } + + if (((raw_pkt_t *)raw_pkt)->is_ctrl_pkt != 0) + { + ((raw_pkt_t *)raw_pkt)->payload_len=payload_len; + } /* injectʹ�õ���routedir, �˴�ת����stream dir, ע��: ��������Ķ������ܲ����ɵ�ǰ��������, ����kni, �Ǵ����������յ����ݰ�, ��ע����·��, |