mirrors/dae
1
0
Fork 0
mirror of https://github.com/daeuniverse/dae.git synced 2025-07-15 02:09:57 +07:00
Code Issues Packages Projects Releases Wiki Activity

chore: add useful macro

Browse Source
This commit is contained in:
mzz2017
2023-02-01 16:02:33 +08:00
parent 483a2f973d
commit 95fba1da49
1 changed files with 76 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
component/control/kern/tproxy.c
View File

@ -15,6 +15,15 @@
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
// #define __DEBUG_ROUTING
// #define __PRINT_ROUTING_RESULT
// #define __REMOVE_BPF_PRINTK
#ifdef __REMOVE_BPF_PRINTK
#undef bpf_printk
#define bpf_printk(...) (void)0
#endif
// #define likely(x) x // #define likely(x) x
// #define unlikely(x) x // #define unlikely(x) x
#define likely(x) __builtin_expect((x), 1) #define likely(x) __builtin_expect((x), 1)
@ -899,18 +908,24 @@ static int routing(__u32 flag[6], void *l4_hdr, __be32 saddr[4],
} }
if (bad_rule || good_subrule) { if (bad_rule || good_subrule) {
key = match_set->type; key = match_set->type;
// bpf_printk("key(match_set->type): %llu", key); #ifdef __DEBUG_ROUTING
// bpf_printk("Skip to judge. bad_rule: %d, good_subrule: %d", bad_rule, bpf_printk("key(match_set->type): %llu", key);
// good_subrule); bpf_printk("Skip to judge. bad_rule: %d, good_subrule: %d", bad_rule,
good_subrule);
#endif
goto before_next_loop; goto before_next_loop;
} }
key = match_set->type; key = match_set->type;
// bpf_printk("key(match_set->type): %llu", key); #ifdef __DEBUG_ROUTING
bpf_printk("key(match_set->type): %llu", key);
#endif
if ((lpm_key = bpf_map_lookup_elem(&lpm_key_map, &key))) { if ((lpm_key = bpf_map_lookup_elem(&lpm_key_map, &key))) {
// bpf_printk( #ifdef __DEBUG_ROUTING
// "CHECK: lpm_key_map, match_set->type: %u, not: %d, outbound: %u", bpf_printk(
// match_set->type, match_set->not, match_set->outbound); "CHECK: lpm_key_map, match_set->type: %u, not: %d, outbound: %u",
// bpf_printk("\tip: %pI6", lpm_key->data); match_set->type, match_set->not, match_set->outbound);
bpf_printk("\tip: %pI6", lpm_key->data);
#endif
lpm = bpf_map_lookup_elem(&lpm_array_map, &match_set->index); lpm = bpf_map_lookup_elem(&lpm_array_map, &match_set->index);
if (unlikely(!lpm)) { if (unlikely(!lpm)) {
return -EFAULT; return -EFAULT;
@ -920,30 +935,33 @@ static int routing(__u32 flag[6], void *l4_hdr, __be32 saddr[4],
good_subrule = true; good_subrule = true;
} }
} else if ((p_u16 = bpf_map_lookup_elem(&h_port_map, &key))) { } else if ((p_u16 = bpf_map_lookup_elem(&h_port_map, &key))) {
// bpf_printk( #ifdef __DEBUG_ROUTING
// "CHECK: h_port_map, match_set->type: %u, not: %d, outbound: %u", bpf_printk(
// match_set->type, match_set->not, match_set->outbound); "CHECK: h_port_map, match_set->type: %u, not: %d, outbound: %u",
// bpf_printk("\tport: %u, range: [%u, %u]", *p_u16, match_set->type, match_set->not, match_set->outbound);
// match_set->port_range.port_start, bpf_printk("\tport: %u, range: [%u, %u]", *p_u16,
// match_set->port_range.port_end); match_set->port_range.port_start,
match_set->port_range.port_end);
#endif
if (*p_u16 >= match_set->port_range.port_start && if (*p_u16 >= match_set->port_range.port_start &&
*p_u16 <= match_set->port_range.port_end) { *p_u16 <= match_set->port_range.port_end) {
good_subrule = true; good_subrule = true;
} }
} else if ((p_u32 = bpf_map_lookup_elem(&l4proto_ipversion_map, &key))) { } else if ((p_u32 = bpf_map_lookup_elem(&l4proto_ipversion_map, &key))) {
// bpf_printk("CHECK: l4proto_ipversion_map, match_set->type: %u, not: #ifdef __DEBUG_ROUTING
// %d," bpf_printk("CHECK: l4proto_ipversion_map, match_set->type: %u, not: %d, "
// "outbound: %u", "outbound: %u",
// match_set->type, match_set->not, match_set->outbound); match_set->type, match_set->not, match_set->outbound);
#endif
if (*p_u32 & match_set->__value) { if (*p_u32 & match_set->__value) {
good_subrule = true; good_subrule = true;
} }
} else if (match_set->type == MatchType_DomainSet) { } else if (match_set->type == MatchType_DomainSet) {
// bpf_printk("CHECK: domain, match_set->type: %u, not: %d, " #ifdef __DEBUG_ROUTING
// "outbound: %u", bpf_printk("CHECK: domain, match_set->type: %u, not: %d, "
// match_set->type, match_set->not, match_set->outbound); "outbound: %u",
// Bottleneck of insns limit. match_set->type, match_set->not, match_set->outbound);
// We fixed it by invoking bpf_map_lookup_elem here. #endif
// Get domain routing bitmap. // Get domain routing bitmap.
domain_routing = bpf_map_lookup_elem(&domain_routing_map, daddr); domain_routing = bpf_map_lookup_elem(&domain_routing_map, daddr);
@ -961,17 +979,23 @@ static int routing(__u32 flag[6], void *l4_hdr, __be32 saddr[4],
good_subrule = true; good_subrule = true;
} }
} else if (match_set->type == MatchType_Final) { } else if (match_set->type == MatchType_Final) {
// bpf_printk("CHECK: hit final"); #ifdef __DEBUG_ROUTING
bpf_printk("CHECK: hit final");
#endif
good_subrule = true; good_subrule = true;
} else { } else {
// bpf_printk("CHECK: <unknown>, match_set->type: %u, not: %d, " #ifdef __DEBUG_ROUTING
// "outbound: %u", bpf_printk("CHECK: <unknown>, match_set->type: %u, not: %d, "
// match_set->type, match_set->not, match_set->outbound); "outbound: %u",
match_set->type, match_set->not, match_set->outbound);
#endif
return -EINVAL; return -EINVAL;
} }
before_next_loop: before_next_loop:
// bpf_printk("good_subrule: %d, bad_rule: %d", good_subrule, bad_rule); #ifdef __DEBUG_ROUTING
bpf_printk("good_subrule: %d, bad_rule: %d", good_subrule, bad_rule);
#endif
if (match_set->outbound != OUTBOUND_LOGICAL_OR) { if (match_set->outbound != OUTBOUND_LOGICAL_OR) {
// This match_set reaches the end of subrule. // This match_set reaches the end of subrule.
// We are now at end of rule, or next match_set belongs to another // We are now at end of rule, or next match_set belongs to another
@ -985,14 +1009,18 @@ static int routing(__u32 flag[6], void *l4_hdr, __be32 saddr[4],
// Reset good_subrule. // Reset good_subrule.
good_subrule = false; good_subrule = false;
} }
// bpf_printk("_bad_rule: %d", bad_rule); #ifdef __DEBUG_ROUTING
bpf_printk("_bad_rule: %d", bad_rule);
#endif
if ((match_set->outbound & OUTBOUND_LOGICAL_MASK) != if ((match_set->outbound & OUTBOUND_LOGICAL_MASK) !=
OUTBOUND_LOGICAL_MASK) { OUTBOUND_LOGICAL_MASK) {
// Tail of a rule (line). // Tail of a rule (line).
// Decide whether to hit. // Decide whether to hit.
if (!bad_rule) { if (!bad_rule) {
// bpf_printk("MATCHED: match_set->type: %u, match_set->not: %d", #ifdef __DEBUG_ROUTING
// match_set->type, match_set->not ); bpf_printk("MATCHED: match_set->type: %u, match_set->not: %d",
match_set->type, match_set->not );
#endif
if (match_set->outbound == OUTBOUND_DIRECT && h_dport == 53 && if (match_set->outbound == OUTBOUND_DIRECT && h_dport == 53 &&
_l4proto_type == L4ProtoType_UDP) { _l4proto_type == L4ProtoType_UDP) {
// DNS packet should go through control plane. // DNS packet should go through control plane.
@ -1106,10 +1134,11 @@ int tproxy_ingress(struct __sk_buff *skb) {
} }
outbound = ret; outbound = ret;
#if defined(__DEBUG_ROUTING) || defined(__PRINT_ROUTING_RESULT)
// Print only new connection. // Print only new connection.
// bpf_printk("tcp(lan): outbound: %u, %pI6:%u", outbound, daddr, bpf_printk("tcp(lan): outbound: %u, %pI6:%u", outbound, daddr,
// bpf_ntohs(key_src.port)); bpf_ntohs(key_src.port));
#endif
} else { } else {
// bpf_printk("[%X]Old Connection", bpf_ntohl(tcph.seq)); // bpf_printk("[%X]Old Connection", bpf_ntohl(tcph.seq));
// The TCP connection exists. // The TCP connection exists.
@ -1178,8 +1207,11 @@ int tproxy_ingress(struct __sk_buff *skb) {
return TC_ACT_SHOT; return TC_ACT_SHOT;
} }
new_hdr.outbound = ret; new_hdr.outbound = ret;
// bpf_printk("udp(lan): outbound: %u, %pI6:%u", new_hdr.outbound, daddr,
// bpf_ntohs(new_hdr.port)); #if defined(__DEBUG_ROUTING) || defined(__PRINT_ROUTING_RESULT)
bpf_printk("udp(lan): outbound: %u, %pI6:%u", new_hdr.outbound, daddr,
bpf_ntohs(new_hdr.port));
#endif
if (new_hdr.outbound == OUTBOUND_DIRECT) { if (new_hdr.outbound == OUTBOUND_DIRECT) {
return TC_ACT_OK; return TC_ACT_OK;
@ -1590,9 +1622,11 @@ int tproxy_wan_egress(struct __sk_buff *skb) {
outbound = ret; outbound = ret;
#if defined(__DEBUG_ROUTING) || defined(__PRINT_ROUTING_RESULT)
// Print only new connection. // Print only new connection.
// bpf_printk("tcp(wan): outbound: %u, %pI6:%u", outbound, daddr, bpf_printk("tcp(wan): outbound: %u, %pI6:%u", outbound, daddr,
// bpf_ntohs(key_src.port)); bpf_ntohs(key_src.port));
#endif
} else { } else {
// bpf_printk("[%X]Old Connection", bpf_ntohl(tcph.seq)); // bpf_printk("[%X]Old Connection", bpf_ntohl(tcph.seq));
// The TCP connection exists. // The TCP connection exists.
@ -1670,8 +1704,10 @@ int tproxy_wan_egress(struct __sk_buff *skb) {
return TC_ACT_SHOT; return TC_ACT_SHOT;
} }
new_hdr.outbound = ret; new_hdr.outbound = ret;
// bpf_printk("udp(wan): outbound: %u, %pI6:%u", new_hdr.outbound, daddr, #if defined(__DEBUG_ROUTING) || defined(__PRINT_ROUTING_RESULT)
// bpf_ntohs(new_hdr.port)); bpf_printk("udp(wan): outbound: %u, %pI6:%u", new_hdr.outbound, daddr,
bpf_ntohs(new_hdr.port));
#endif
if (new_hdr.outbound == OUTBOUND_DIRECT) { if (new_hdr.outbound == OUTBOUND_DIRECT) {
return TC_ACT_OK; return TC_ACT_OK;