基于DPDK flow规则过滤流量(代码未写完)
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright 2017 Mellanox Technologies, Ltd
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>
#include <sys/types.h>
#include <sys/queue.h>
#include <setjmp.h>
#include <stdarg.h>
#include <ctype.h>
#include <errno.h>
#include <getopt.h>
#include <signal.h>
#include <stdbool.h>
#include <rte_eal.h>
#include <rte_common.h>
#include <rte_malloc.h>
#include <rte_ether.h>
#include <rte_ethdev.h>
#include <rte_mempool.h>
#include <rte_mbuf.h>
#include <rte_net.h>
#include <rte_flow.h>
#include <rte_cycles.h>
static volatile bool force_quit;
static uint16_t port_id;
static uint16_t nr_queues = 5;
static uint8_t selected_queue = 1;
struct rte_mempool *mbuf_pool;
struct rte_flow *flow;
#define SRC_IP ((0<<24) + (0<<16) + (0<<8) + 0) /* src ip = 0.0.0.0 */
#define DEST_IP ((192<<24) + (168<<16) + (1<<8) + 1) /* dest ip = 192.168.1.1 */
#define FULL_MASK 0xffffffff /* full mask */
#define EMPTY_MASK 0x0 /* empty mask */
#include "flow_blocks.c"
// 创建哈希表
struct rte_hash *hash_table = rte_hash_create("packet_hash", 16, rte_hash_get_empty_key(), NULL,
rte_hash_hash_crc, rte_hash_compare_crc);
if (hash_table == NULL) {
fprintf(stderr, "Failed to create hash table.\n");
hs_free_scratch(scratch);
hs_free_database(database);
return -1;
}
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <hs/hs.h>
#include <rte_mbuf.h>
static int eventHandler(unsigned int id, unsigned long long from, unsigned long long to, unsigned int flags, void *context) {
printf("Match found: id = %u, from = %llu, to = %llu\n", id, from, to);
return 0;
}
int main() {
// 编译 Hyperscan 数据库,使用流模式
hs_database_t *database;
hs_compile_error_t compileError;
const char *expressions[] = {"your_pattern_here"};
if (hs_compile_multi(expressions, NULL, 0, HS_MODE_STREAM, NULL, &database, &compileError)!= HS_SUCCESS) {
fprintf(stderr, "Compile error: %s\n", compileError.message);
return -1;
}
hs_scratch_t *scratch;
if (hs_alloc_scratch(database, &scratch)!= HS_SUCCESS) {
fprintf(stderr, "Failed to allocate scratch space.\n");
hs_free_database(database);
return -1;
}
// 假设从 DPDK 接收到一个 mbuf
struct rte_mbuf *mbuf = /* 通过 DPDK 的接收函数获取的 mbuf */;
// 使用流模式进行匹配
hs_stream_t stream_id;
if (hs_open_stream(database, &stream_id)!= HS_SUCCESS) {
fprintf(stderr, "Failed to open stream.\n");
hs_free_scratch(scratch);
hs_free_database(database);
return -1;
}
size_t offset = 0;
while (offset < mbuf->pkt_len) {
size_t remaining = mbuf->pkt_len - offset;
size_t chunkSize = remaining > 10? 10 : remaining;
hs_status_t status = hs_scan_stream(database, (const char *)(mbuf->data + offset), chunkSize, 0, scratch, eventHandler, NULL);
if (status!= HS_SUCCESS) {
fprintf(stderr, "Scan error.\n");
hs_close_stream(database, stream_id);
hs_free_scratch(scratch);
hs_free_database(database);
return -1;
}
offset += chunkSize;
}
if (hs_close_stream(database, stream_id)!= HS_SUCCESS) {
fprintf(stderr, "Failed to close stream.\n");
hs_free_scratch(scratch);
hs_free_database(database);
return -1;
}
hs_free_scratch(scratch);
hs_free_database(database);
return 0;
}
static inline void
print_ether_addr(const char *what, struct rte_ether_addr *eth_addr)
{
char buf[RTE_ETHER_ADDR_FMT_SIZE];
rte_ether_format_addr(buf, RTE_ETHER_ADDR_FMT_SIZE, eth_addr);
printf("%s%s", what, buf);
}
/* Main_loop for flow filtering. 8< */
static int
main_loop(void)
{
static const int MAX_PKT_BURST = 32;
struct rte_mbuf *mbufs[MAX_PKT_BURST];
struct rte_ether_hdr *eth_hdr;
struct rte_flow_error error;
uint16_t nb_rx;
uint16_t i;
uint16_t j;
int ret;
/* Reading the packets from all queues. 8< */
while (!force_quit) {
for (i = 0; i < nr_queues; i++) {
nb_rx = rte_eth_rx_burst(port_id, i, mbufs, MAX_PKT_BURST);
if (nb_rx) {
for (j = 0; j < nb_rx; j++) {
if (rte_be_to_cpu_16(pkts_burst[j]->packet_type) == ETH_P_IPV4 &&
((struct ipv4_hdr *)pkts_burst[j]->data)->version == 4 &&
((struct ipv4_hdr *)pkts_burst[j]->data)->ihl == 5 &&
((struct ipv4_hdr *)((uint8_t *)pkts_burst[j]->data + 20))->version == 4 &&
((struct ipv4_hdr *)((uint8_t *)pkts_burst[j]->data + 20))->ihl == 5) {
// IP-in-IP tunnel detected
}
struct ipv4_hdr *ip_hdr = (struct ipv4_hdr *)pkts_burst[j]->data;
if (ip_hdr->next_proto_id == IPPROTO_UDP &&
rte_be_to_cpu_16(((struct udp_hdr *)(ip_hdr + 1))->dst_port) == 4789) {
// VXLAN tunnel detected
}
if (ip_hdr->next_proto_id == 47) {
// GRE tunnel detected
}
struct ipv4_hdr *ip_hdr = (struct ipv4_hdr *)packet->data;
if (ip_hdr->next_proto_id == IPPROTO_UDP &&
rte_be_to_cpu_16(((struct udp_hdr *)(ip_hdr + 1))->dst_port) == 2152) {
// GTP-U tunnel detected
}
if (is_ip_in_ip_tunnel) {
pkts_burst[0]->data += 20;
pkts_burst[0]->pkt_len -= 20;
} else if (is_vxlan_tunnel) {
pkts_burst[0]->data += 8 + 8;
pkts_burst[0]->pkt_len -= 8 + 8;
} else if (is_gre_tunnel) {
// calculate GRE header length and adjust pointer and length accordingly
} else if (is_gtp_tunnel){
struct gtp_hdr *gtp_hdr = (struct gtp_hdr *)((uint8_t *)packet->data + sizeof(struct ipv4_hdr) + sizeof(struct udp_hdr));
uint32_t tunnel_id = rte_be_to_cpu_32(gtp_hdr->tunnel_id);
uint8_t *user_data = (uint8_t *)(gtp_hdr + 1);
uint16_t user_data_len = packet->pkt_len - (sizeof(struct ipv4_hdr) + sizeof(struct udp_hdr) + sizeof(struct gtp_hdr));
// Process user data
}
struct rte_mbuf *m = mbufs[j];
eth_hdr = rte_pktmbuf_mtod(m,
struct rte_ether_hdr *);
print_ether_addr("src=",
ð_hdr->src_addr);
print_ether_addr(" - dst=",
ð_hdr->dst_addr);
printf(" - queue=0x%x",
(unsigned int)i);
printf("\n");
rte_pktmbuf_free(m);
}
}
}
}
/* >8 End of reading the packets from all queues. */
/* closing and releasing resources */
rte_flow_flush(port_id, &error);
ret = rte_eth_dev_stop(port_id);
if (ret < 0)
printf("Failed to stop port %u: %s",
port_id, rte_strerror(-ret));
rte_eth_dev_close(port_id);
return ret;
}
/* >8 End of main_loop for flow filtering. */
#define CHECK_INTERVAL 1000 /* 100ms */
#define MAX_REPEAT_TIMES 90 /* 9s (90 * 100ms) in total */
static void
assert_link_status(void)
{
struct rte_eth_link link;
uint8_t rep_cnt = MAX_REPEAT_TIMES;
int link_get_err = -EINVAL;
memset(&link, 0, sizeof(link));
do {
link_get_err = rte_eth_link_get(port_id, &link);
if (link_get_err == 0 && link.link_status == RTE_ETH_LINK_UP)
break;
rte_delay_ms(CHECK_INTERVAL);
} while (--rep_cnt);
if (link_get_err < 0)
rte_exit(EXIT_FAILURE, ":: error: link get is failing: %s\n",
rte_strerror(-link_get_err));
if (link.link_status == RTE_ETH_LINK_DOWN)
rte_exit(EXIT_FAILURE, ":: error: link is still down\n");
}
/* Port initialization used in flow filtering. 8< */
static void
init_port(void)
{
int ret;
uint16_t i;
/* Ethernet port configured with default settings. 8< */
struct rte_eth_conf port_conf = {
.rxmode = {
.split_hdr_size = 0,
},
.txmode = {
.offloads =
RTE_ETH_TX_OFFLOAD_VLAN_INSERT |
RTE_ETH_TX_OFFLOAD_IPV4_CKSUM |
RTE_ETH_TX_OFFLOAD_UDP_CKSUM |
RTE_ETH_TX_OFFLOAD_TCP_CKSUM |
RTE_ETH_TX_OFFLOAD_SCTP_CKSUM |
RTE_ETH_TX_OFFLOAD_TCP_TSO,
},
};
struct rte_eth_txconf txq_conf;
struct rte_eth_rxconf rxq_conf;
struct rte_eth_dev_info dev_info;
ret = rte_eth_dev_info_get(port_id, &dev_info);
if (ret != 0)
rte_exit(EXIT_FAILURE,
"Error during getting device (port %u) info: %s\n",
port_id, strerror(-ret));
port_conf.txmode.offloads &= dev_info.tx_offload_capa;
printf(":: initializing port: %d\n", port_id);
ret = rte_eth_dev_configure(port_id,
nr_queues, nr_queues, &port_conf);
if (ret < 0) {
rte_exit(EXIT_FAILURE,
":: cannot configure device: err=%d, port=%u\n",
ret, port_id);
}
rxq_conf = dev_info.default_rxconf;
rxq_conf.offloads = port_conf.rxmode.offloads;
/* >8 End of ethernet port configured with default settings. */
/* Configuring number of RX and TX queues connected to single port. 8< */
for (i = 0; i < nr_queues; i++) {
ret = rte_eth_rx_queue_setup(port_id, i, 512,
rte_eth_dev_socket_id(port_id),
&rxq_conf,
mbuf_pool);
if (ret < 0) {
rte_exit(EXIT_FAILURE,
":: Rx queue setup failed: err=%d, port=%u\n",
ret, port_id);
}
}
txq_conf = dev_info.default_txconf;
txq_conf.offloads = port_conf.txmode.offloads;
for (i = 0; i < nr_queues; i++) {
ret = rte_eth_tx_queue_setup(port_id, i, 512,
rte_eth_dev_socket_id(port_id),
&txq_conf);
if (ret < 0) {
rte_exit(EXIT_FAILURE,
":: Tx queue setup failed: err=%d, port=%u\n",
ret, port_id);
}
}
/* >8 End of Configuring RX and TX queues connected to single port. */
/* Setting the RX port to promiscuous mode. 8< */
ret = rte_eth_promiscuous_enable(port_id);
if (ret != 0)
rte_exit(EXIT_FAILURE,
":: promiscuous mode enable failed: err=%s, port=%u\n",
rte_strerror(-ret), port_id);
/* >8 End of setting the RX port to promiscuous mode. */
/* Starting the port. 8< */
ret = rte_eth_dev_start(port_id);
if (ret < 0) {
rte_exit(EXIT_FAILURE,
"rte_eth_dev_start:err=%d, port=%u\n",
ret, port_id);
}
/* >8 End of starting the port. */
assert_link_status();
printf(":: initializing port: %d done\n", port_id);
}
/* >8 End of Port initialization used in flow filtering. */
static void
signal_handler(int signum)
{
if (signum == SIGINT || signum == SIGTERM) {
printf("\n\nSignal %d received, preparing to exit...\n",
signum);
force_quit = true;
}
}
int
main(int argc, char **argv)
{
int ret;
uint16_t nr_ports;
struct rte_flow_error error;
/* Initialize EAL. 8< */
ret = rte_eal_init(argc, argv);
if (ret < 0)
rte_exit(EXIT_FAILURE, ":: invalid EAL arguments\n");
/* >8 End of Initialization of EAL. */
force_quit = false;
signal(SIGINT, signal_handler);
signal(SIGTERM, signal_handler);
nr_ports = rte_eth_dev_count_avail();
if (nr_ports == 0)
rte_exit(EXIT_FAILURE, ":: no Ethernet ports found\n");
port_id = 0;
if (nr_ports != 1) {
printf(":: warn: %d ports detected, but we use only one: port %u\n",
nr_ports, port_id);
}
/* Allocates a mempool to hold the mbufs. 8< */
mbuf_pool = rte_pktmbuf_pool_create("mbuf_pool", 4096, 128, 0,
RTE_MBUF_DEFAULT_BUF_SIZE,
rte_socket_id());
/* >8 End of allocating a mempool to hold the mbufs. */
if (mbuf_pool == NULL)
rte_exit(EXIT_FAILURE, "Cannot init mbuf pool\n");
/* Initializes all the ports using the user defined init_port(). 8< */
init_port();
/* >8 End of Initializing the ports using user defined init_port(). */
/* Create flow for send packet with. 8< */
flow = generate_ipv4_flow(port_id, selected_queue,
SRC_IP, EMPTY_MASK,
DEST_IP, FULL_MASK, &error);
/* >8 End of create flow and the flow rule. */
if (!flow) {
printf("Flow can't be created %d message: %s\n",
error.type,
error.message ? error.message : "(no stated reason)");
rte_exit(EXIT_FAILURE, "error in creating flow");
}
/* >8 End of creating flow for send packet with. */
/* Launching main_loop(). 8< */
ret = main_loop();
/* >8 End of launching main_loop(). */
/* clean up the EAL */
rte_eal_cleanup();
return ret;
}