From 3e35f78a8f477a4ef2e36f372f9d30d15a5f7dcc Mon Sep 17 00:00:00 2001 From: Dung Man Date: Thu, 15 Apr 2021 18:58:31 +0700 Subject: [PATCH] Add files Signed-off-by: Dung Man --- LICENSE | 198 +++ README.md | 34 + debian/.gitignore | 9 + debian/changelog | 5 + debian/compat | 1 + debian/control | 36 + debian/copyright | 71 + debian/dataplane-flowstat-plugin.install | 1 + ...lane-flowstat-plugin-proto-support.install | 2 + debian/rules | 12 + debian/source/format | 1 + meson.build | 61 + meson_options.txt | 1 + protobuf/FlowStatFeatConfig.proto | 12 + protobuf/FlowStatFeatOp.proto | 15 + protobuf/meson.build | 37 + scripts/vyatta-generate-pb-perl.pl | 32 + src/flowstat.c | 687 +++++++++ src/flowstat.h | 24 + tests/meson.build | 50 + tests/src/dp_test_lib_tcp.h | 140 ++ tests/src/dp_test_npf_lib.h | 43 + tests/src/dp_test_pipeline_flowstat.c | 1224 +++++++++++++++++ tests/src/dp_test_session_internal_lib.h | 20 + tests/src/pcap/gen_pkt.py | 82 ++ tests/src/pcap/http-example.h | 126 ++ tests/src/pcap/http-example.pcap | Bin 0 -> 2873 bytes tests/src/pcap/http-google.h | 64 + tests/src/pcap/http-google.pcap | Bin 0 -> 1809 bytes tests/src/util.h | 20 + 30 files changed, 3008 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 debian/.gitignore create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/dataplane-flowstat-plugin.install create mode 100644 debian/libdataplane-flowstat-plugin-proto-support.install create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 meson.build create mode 100644 meson_options.txt create mode 100644 protobuf/FlowStatFeatConfig.proto create mode 100644 protobuf/FlowStatFeatOp.proto create mode 100644 protobuf/meson.build create mode 100755 scripts/vyatta-generate-pb-perl.pl create mode 100644 src/flowstat.c create mode 100644 src/flowstat.h create mode 100644 tests/meson.build create mode 100644 tests/src/dp_test_lib_tcp.h create mode 100644 tests/src/dp_test_npf_lib.h create mode 100644 tests/src/dp_test_pipeline_flowstat.c create mode 100644 tests/src/dp_test_session_internal_lib.h create mode 100755 tests/src/pcap/gen_pkt.py create mode 100644 tests/src/pcap/http-example.h create mode 100644 tests/src/pcap/http-example.pcap create mode 100644 tests/src/pcap/http-google.h create mode 100644 tests/src/pcap/http-google.pcap create mode 100644 tests/src/util.h diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..77408de --- /dev/null +++ b/LICENSE @@ -0,0 +1,198 @@ +This repository uses SPDX (https://spdx.org/) tags. + + +Files without a "SPDX-License-Identifier" tag or with the "SPDX-License-Identifier: Apache-2.0" tag are available under the following license: + +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. +"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. + +"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. +3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. +4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: +(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and +(b) You must cause any modified files to carry prominent notices stating that You changed the files; and +(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and +(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. +You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. +6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. +7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. +8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. +9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. +END OF TERMS AND CONDITIONS + + +Files with the "SPDX-License-Identifier: LGPL-2.1-only" tag are available under the following license: + +GNU LESSER GENERAL PUBLIC LICENSE + +Version 2.1, February 1999 + +Copyright (C) 1991, 1999 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. + +This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. + +When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. + +To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. + +We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. + +To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. + +Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. + +Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. + +When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. + +We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. + +For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. + +In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. + +Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. + +The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". +A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. + +The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) + +"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. + +1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: +a) The modified work must itself be a software library. +b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. +c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. +d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. +(For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. +Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. + +This option is useful when you wish to copy part of the code of the Library into a program that is not a library. + +4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. +If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. + +5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. +However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. + +When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. + +If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) + +Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. + +6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. +You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: + +a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) +b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. +c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. +d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. +e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. +For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. + +7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: +a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. +b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. +8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. +11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. +13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. +Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. + +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. +NO WARRANTY + +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) + +This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; version 2.1 of the License. + +This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +, 1 April 1990 +Ty Coon, President of Vice +That's all there is to it! diff --git a/README.md b/README.md new file mode 100644 index 0000000..1a12d44 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# DANOS Dataplane flowstat plugin + +A plugin for dataplane allow viewing flow statistics. + +# Tests +Setup and build test environment +```sh +meson build +ninja -C build +``` +Run tests +``` +cd build +meson test -v +``` + +## Architecture +```sh + +------------+ +----------+ +--------------+ + | Dataplane | --> | wfcqueue | --> | flowstat.log | + +------------+ +----------+ +--------------+ + | + v + +------------+ +-------------+ +-----------+ + | op command | --> | flowstat.db | <-- | flowstatd | + +------------+ +-------------+ +-----------+ +``` +- Session info was collected by session watch, and stored in a wait free queue. +- A thread dequeue session info from queue and flush to a log file (rotated by logrotate). +- A daemon called flowstatd will read log from log file then save statistics into a sqlite3 db `flowstat.db`. +- OP command will query statistics directly from `flowstat.db`. +- There 4 period time + - now: statistics were calculated by session table of dataplane + - 5m/1h/1d: statistics from `flowstatd.db` diff --git a/debian/.gitignore b/debian/.gitignore new file mode 100644 index 0000000..1d3dc4b --- /dev/null +++ b/debian/.gitignore @@ -0,0 +1,9 @@ +tmp/ +build/ +.debhelper/ +dataplane-flowstat-plugin/ +libdataplane-flowstat-plugin-proto-support/ +files +*.log +*.substvars + diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..91b7f5e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +dataplane-flowstat-plugin (1.0.0) UNRELEASED; urgency=medium + + * Initial release. + + -- Dung Man Thu, 25 Mar 2021 10:46:02 +0000 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..d88493d --- /dev/null +++ b/debian/control @@ -0,0 +1,36 @@ +Source: dataplane-flowstat-plugin +Section: contrib/net +Priority: optional +Maintainer: Dung Man +Build-Depends: meson, + check , + debhelper (>= 9.20160709), + dh-exec, + libczmq-dev, + libdpdk-dev (>= 19.11.4-0vyatta7), + libgoogle-protocolbuffers-perl, + libprotobuf-c-dev, + liburcu-dev (>= 0.8.0), + pkg-config, + protobuf-c-compiler, + python3, + vyatta-dataplane-dev, + vyatta-dataplane-test +Standards-Version: 4.3.0 +Homepage: + +Package: dataplane-flowstat-plugin +Section: contrib/net +Architecture: any +Depends: ${misc:Depends}, + ${shlibs:Depends} +Description: Vyatta dataplane flow stat plugin library. + A pipeline plugin for Vyatta dataplane that view + flow statistics. + +Package: libdataplane-flowstat-plugin-proto-support +Section: contrib/net +Architecture: all +Depends: ${misc:Depends} +Description: Vyatta dataplane flowstat plugin protocol buffer files and support + Set of files defining message formats accepted by the dataplane diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..42b3438 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,71 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + +Files: * +Copyright: 2021, SafePoint. +License: Apache-2.0 + +Files: src/flowstat.c + tests/src/dp_test_lib_tcp.h + tests/src/dp_test_npf_lib.h + tests/src/dp_test_pipeline_flowstat.c + tests/src/dp_test_session_internal_lib.h + tests/src/util.h +Copyright: 2011-2016, Brocade Communications Systems, Inc. + 2015, Brocade Communications Systems, Inc. + 2015-2017, Brocade Communications Systems, Inc. + 2016, Brocade Communications Systems, Inc. + 2017, Brocade Communications Systems, Inc. + 2017-2020, AT&T Intellectual Property. + 2017-2021, AT&T Intellectual Property. + 2018-2020, AT&T Intellectual Property. + 2021, SafePoint. +License: LGPL-2.1-only + +Files: meson.build + protobuf/FlowStatFeatConfig.proto + protobuf/FlowStatFeatOp.proto + protobuf/meson.build + tests/meson.build +Copyright: 2018-2019, AT&T Intellectual Property. + 2020, AT&T Intellectual Property. + 2020-2021, AT&T Intellectual Property. + 2021, SafePoint. +License: LGPL-2.1-only + +Files: src/flowstat.h + tests/src/pcap/gen_pkt.py +Copyright: 2021, SafePoint. +License: Apache-2.0 + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache License 2.0 can + be found in "/usr/share/common-licenses/Apache-2.0" + +License: LGPL-2.1-only + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; + version 2.1 + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-2.1". diff --git a/debian/dataplane-flowstat-plugin.install b/debian/dataplane-flowstat-plugin.install new file mode 100644 index 0000000..123ebf9 --- /dev/null +++ b/debian/dataplane-flowstat-plugin.install @@ -0,0 +1 @@ +usr/lib/*/vyatta-dataplane/pipeline/plugins/flowstat_plugin.so \ No newline at end of file diff --git a/debian/libdataplane-flowstat-plugin-proto-support.install b/debian/libdataplane-flowstat-plugin-proto-support.install new file mode 100644 index 0000000..7332666 --- /dev/null +++ b/debian/libdataplane-flowstat-plugin-proto-support.install @@ -0,0 +1,2 @@ +usr/share/vyatta-dataplane/protobuf/* +usr/share/perl5/vyatta/proto/* \ No newline at end of file diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..083520e --- /dev/null +++ b/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# You must remove unused comment lines for the released package. +# export DH_VERBOSE = 1 +export DEB_BUILD_MAINT_OPTIONS=hardening=+format,-fortify,-stackprotector,+relro,+bindnow +export DEB_CFLAGS_MAINT_APPEND = -O2 +# export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +%: + dh $@ --builddirectory=build --parallel --buildsystem=meson + +override_dh_auto_install: + dh_auto_install diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/meson.build b/meson.build new file mode 100644 index 0000000..81043e7 --- /dev/null +++ b/meson.build @@ -0,0 +1,61 @@ +# SPDX-License-Identifier: LGPL-2.1-only +# Copyright (c) 2021, SafePoint. All rights reserved. +# Copyright (c) 2020, AT&T Intellectual Property. All rights reserved. + +project('vyatta-flowstat-plugin', ['c', 'cpp'], + default_options: [ + 'debug=true', + 'optimization=3', + 'werror=true', + 'warning_level=2', + 'c_std=gnu11', + 'b_lto=true' + ] +) + +cc = meson.get_compiler('c') + +add_project_arguments( + '-D_GNU_SOURCE', + cc.get_supported_arguments([ + '-Wno-deprecated-declarations', + '-Wno-stringop-overflow', + '-Wno-stringop-truncation', + '-Wno-format-truncation' + ]), + language: 'c' +) + +with_tests = get_option('with_tests').enabled() + +check_dep = dependency('check', required: with_tests) +dp_dep = dependency('vyatta-dataplane-dev', required: true) +dl_dep = cc.find_library('dl', required : true) +dpdk_dep = dependency('libdpdk', version: '>= 19.11') +proto_c_dep = dependency('libprotobuf-c', version: '>= 1.0.0') +threads_dep = dependency('threads') +urcu_cds_dep = dependency('liburcu-cds', version: '>= 0.8.0') +urcu_dep = dependency('liburcu', version: '>= 0.8.0') +urcu_qsbr_dep = dependency('liburcu-qsbr', version: '>= 0.8.0') + +subdir('protobuf') + +flowstat_plugin_sources = files( + 'src/flowstat.c' +) + +flowstat_plugin = shared_module('flowstat_plugin', + sources: [flowstat_plugin_sources, flowstat_generated_protobuf_c], + dependencies: [dp_dep, dl_dep, dpdk_dep, proto_c_dep, threads_dep, urcu_cds_dep, urcu_dep, urcu_qsbr_dep], + include_directories: [], + name_prefix: '', + install: true, + install_dir: get_option('prefix') / get_option('libdir') / 'vyatta-dataplane' / 'pipeline' / 'plugins' +) + +flowstat_plugin_dep = declare_dependency( + include_directories: [include_directories('src')], + sources: [flowstat_plugin_sources, flowstat_generated_protobuf_c] +) + +subdir('tests') diff --git a/meson_options.txt b/meson_options.txt new file mode 100644 index 0000000..04f2071 --- /dev/null +++ b/meson_options.txt @@ -0,0 +1 @@ +option('with_tests', type : 'feature', value : 'enabled') diff --git a/protobuf/FlowStatFeatConfig.proto b/protobuf/FlowStatFeatConfig.proto new file mode 100644 index 0000000..36ec3bd --- /dev/null +++ b/protobuf/FlowStatFeatConfig.proto @@ -0,0 +1,12 @@ +// Copyright (c) 2021, SafePoint. All rights reserved. +// Copyright (c) 2018-2019, AT&T Intellectual Property. All rights reserved. +// +// SPDX-License-Identifier: LGPL-2.1-only +// + +syntax="proto2"; + +message FlowStatFeatConfig { + optional bool is_active = 1; + optional string if_name = 2; +} \ No newline at end of file diff --git a/protobuf/FlowStatFeatOp.proto b/protobuf/FlowStatFeatOp.proto new file mode 100644 index 0000000..2e6f79c --- /dev/null +++ b/protobuf/FlowStatFeatOp.proto @@ -0,0 +1,15 @@ +// Copyright (c) 2021, SafePoint. All rights reserved. +// Copyright (c) 2018-2019, AT&T Intellectual Property. All rights reserved. +// +// SPDX-License-Identifier: LGPL-2.1-only +// + +syntax="proto2"; + +message FlowStatOpReq { + //empty +} + +message FlowStatOpResp { + optional uint32 count = 1; +} \ No newline at end of file diff --git a/protobuf/meson.build b/protobuf/meson.build new file mode 100644 index 0000000..32c4446 --- /dev/null +++ b/protobuf/meson.build @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: LGPL-2.1-only +# Copyright (c) 2021, SafePoint. All rights reserved. +# Copyright (c) 2020, AT&T Intellectual Property. All rights reserved. + + +flowstat_protobuf_sources = [ + 'FlowStatFeatConfig.proto', + 'FlowStatFeatOp.proto', +] + +install_data(flowstat_protobuf_sources, + install_dir: get_option('datadir') / 'vyatta-dataplane' / 'protobuf' +) + +protoc = find_program('protoc-c') +perl_protobuf_generator = files('../scripts/vyatta-generate-pb-perl.pl') + +protobuf_generated_perl = [] +flowstat_generated_protobuf_c = [] +flowstat_generated_protobuf_c_headers = [] +foreach protobuf_definition : flowstat_protobuf_sources + generated_c = custom_target('c_' + protobuf_definition, + command: [protoc, '--proto_path=@CURRENT_SOURCE_DIR@', '--c_out=@OUTDIR@', '@INPUT@'], + input: protobuf_definition, + output: ['@BASENAME@.pb-c.c', '@BASENAME@.pb-c.h'], + ) + flowstat_generated_protobuf_c += generated_c + flowstat_generated_protobuf_c_headers += generated_c[1] + + protobuf_generated_perl += custom_target('pl_' + protobuf_definition, + command: [perl_protobuf_generator, '@INPUT@', '@OUTDIR@', '@CURRENT_SOURCE_DIR@'], + input: protobuf_definition, + output: '@BASENAME@.pm', + install: true, + install_dir: 'share/perl5/vyatta/proto' + ) +endforeach diff --git a/scripts/vyatta-generate-pb-perl.pl b/scripts/vyatta-generate-pb-perl.pl new file mode 100755 index 0000000..12e3c1e --- /dev/null +++ b/scripts/vyatta-generate-pb-perl.pl @@ -0,0 +1,32 @@ +#! /usr/bin/perl + +use warnings; +use strict; + +use Carp; + +use MIME::Base64; +use Google::ProtocolBuffers; + +my @arg0 = split(/\//, $ARGV[0]); +my $proto_dir = $arg0[$#arg0 - 1]; +my $proto_file = $arg0[$#arg0]; + +my $target_dir = $ARGV[1]; + +if (substr($proto_file, -6) eq ".proto") { + + my %options; + $options{include_dir} = "../$proto_dir"; + + my $pb_pm = substr($proto_file, 0, length($proto_file) - 6) . ".pm"; + $options{generate_code} = $target_dir . "/$pb_pm"; + + printf("writing out to: " . $target_dir . "/$pb_pm" . "\n"); + + $options{create_accessors} = 1; + $options{follow_best_practice} = 1; + Google::ProtocolBuffers->parsefile($ARGV[0], \%options); +} + +exit 0; diff --git a/src/flowstat.c b/src/flowstat.c new file mode 100644 index 0000000..a3a765d --- /dev/null +++ b/src/flowstat.c @@ -0,0 +1,687 @@ +/* + * Flow stat pipeline feature node + * + * Copyright (c) 2021, SafePoint. All rights reserved. + * Copyright (c) 2017-2021, AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2017 by Brocade Communications Systems, Inc. + * All rights reserved. + * + * SPDX-License-Identifier: LGPL-2.1-only + * + * To generate the protobuf message source: + * "protoc-c -I=. --c_out=. ./FlowStatFeatConfig.proto" + * + * To compile flow_stat as a standalone: + * "gcc -shared -fPIC flowstat.c -I/usr/include/vyatta-dataplane + * $(pkg-config --cflags libdpdk) -o libflowstat.so" + * + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* RCU flavor */ +#include /* RCU Lock-free hash table */ +#include +#include +#include +#include +#include + +#include "compiler.h" +#include "debug.h" +#include "dp_session.h" +#include "feature_commands.h" +#include "feature_plugin.h" +#include "json_writer.h" +#include "pipeline.h" + +#include "flowstat.h" +#include "FlowStatFeatConfig.pb-c.h" +#include "FlowStatFeatOp.pb-c.h" + +#define RTE_LOGTYPE_FLOWSTAT RTE_LOGTYPE_USER4 + +enum fstat_dispositions { FLOW_STAT_ACCEPT, FLOW_STAT_NUM }; + +enum log_level { + NOT_SET_LEVEL = 0, + CRIT_LEVEL = 10, + WARN_LEVEL = 20, + INFO_LEVEL = 30, + DEBUG_LEVEL = 40, +}; + +struct session_private { + bool locked; + bool is_long_lived; /* stat calculated by delta */ + time_t last_seen; + time_t last_seen_tw; + uint64_t last_pkts_in; + uint64_t last_bytes_in; + uint64_t last_pkts_out; + uint64_t last_bytes_out; + + /* cached DPI */ + const char *app; + const char *app_proto; + const char *app_type; +}; + +/* Used for log flow stats to file */ +struct flow_log { + struct dp_session_info session; + time_t timestamp; + uint64_t duration; /* seconds */ +}; + +/* Extra info for session */ +#define SESSION_PRIVATE_ID 10001000 +#define LOG_BUFFER_LIMIT 10000 +#define LOG_MSG_SIZE 512 +#define EXPORTER_FILE_BUFSIZ (LOG_MSG_SIZE * 1000) +#define EXPORTER_INTERVAL 5 +#define LOG_TW_SESSION_INTERVAL 1 +#define NPF_TCPS_TIME_WAIT 11 + +/* Buffer log */ +static uint32_t log_buffer_count; + +/* Config */ +static bool is_enabled_global = true; +static int debug_level = INFO_LEVEL; + +/* + * Nodes populated into the queue. + */ +struct lognode { + struct flow_log *info; /* Node content */ + struct cds_wfcq_node node; /* Chaining in queue */ +}; + +struct cds_wfcq_head logqueue_head; /* Queue head */ +struct cds_wfcq_tail logqueue_tail; /* Queue tail */ + +/* + * Enabled interfaces hash table. + */ +struct intf_node { + char name[IFNAMSIZ]; /* Interface name */ + struct cds_lfht_node node; /* Chaining in hash table */ +}; + +struct cds_lfht *enabled_intf_ht; + +#define ENABLED_INTF_HASH_MIN 4 +#define ENABLED_INTF_HASH_MAX 0 /* Unlimited */ + +static inline uint32_t intf_hash_name(const char *ifname) +{ + char __ifname[IFNAMSIZ] __rte_aligned(sizeof(uint32_t)); + int len = MIN(strlen(ifname), sizeof(__ifname)); + + memcpy(__ifname, ifname, len); + return rte_jhash(__ifname, len, 0); +} + +static inline int intf_match(struct cds_lfht_node *ht_node, const void *arg) +{ + const struct intf_node *node; + const char *key = arg; + + node = caa_container_of(ht_node, struct intf_node, node); + if ((strncmp(key, node->name, IFNAMSIZ) == 0)) + return 1; + + return 0; +} + +static struct intf_node *intf_lookup(const char *ifname) +{ + struct intf_node *node = NULL; + struct cds_lfht_iter iter; + struct cds_lfht_node *ht_node; + + cds_lfht_lookup(enabled_intf_ht, intf_hash_name(ifname), intf_match, + ifname, &iter); + + ht_node = cds_lfht_iter_get_node(&iter); + if (ht_node) + node = caa_container_of(ht_node, struct intf_node, node); + + return node; +} + +static void format_log(char *buf, struct flow_log *flow_log) +{ + struct dp_session_info *info = &flow_log->session; + time_t utc_now = mktime(gmtime(&flow_log->timestamp)); + struct tm *ts = localtime(&flow_log->timestamp); + + char srcip_str[INET6_ADDRSTRLEN]; + char dstip_str[INET6_ADDRSTRLEN]; + + inet_ntop(info->se_af, &info->se_src_addr, srcip_str, + sizeof(srcip_str)); + inet_ntop(info->se_af, &info->se_dst_addr, dstip_str, + sizeof(dstip_str)); + + sprintf(buf, + "date=%04d-%02d-%02d " + "time=%02d:%02d:%02d " + "timestamp=%lu " + "tz=\"%s\" " + "session_id=%lu " + "src_addr=%s src_port=%d " + "dst_addr=%s dst_port=%d " + "in_bytes=%lu in_pkts=%lu " + "protocol=%d " + "out_bytes=%lu out_pkts=%lu " + "duration=%lu " + "app_name=%s " + "app_proto=%s " + "app_type=%s " + "if_name=\"%s\" ", + ts->tm_year + 1900, ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, + ts->tm_min, ts->tm_sec, utc_now, ts->tm_zone, info->se_id, + srcip_str, ntohs(info->se_src_port), dstip_str, + ntohs(info->se_dst_port), info->se_bytes_in, info->se_pkts_in, + info->se_protocol, info->se_bytes_out, info->se_pkts_out, + flow_log->duration, info->se_app_name ? info->se_app_name : "", + info->se_app_proto ? info->se_app_proto : "", + info->se_app_type ? info->se_app_type : "", + info->se_ifname ? info->se_ifname : ""); +} + +static void export_log_to_file(struct lognode *nodes[], uint32_t size) +{ + FILE *f = fopen(FLOWSTAT_LOG, "a+"); + if (!f) { + if (debug_level >= DEBUG_LEVEL) + RTE_LOG(DEBUG, FLOWSTAT, "Failed to open log file\n"); + return; + } + + char buf[EXPORTER_FILE_BUFSIZ]; + setbuf(f, buf); + + for (uint32_t i = 0; i < size; i++) { + char msg[LOG_MSG_SIZE]; + format_log(msg, nodes[i]->info); + fputs(msg, f); + fputs("\n", f); + } + + if (debug_level >= INFO_LEVEL) + RTE_LOG(INFO, FLOWSTAT, "Flushed %d logs\n", size); + + fclose(f); +} + +void export_log(void) +{ + struct lognode *buffer[LOG_BUFFER_LIMIT]; + uint32_t count = 0; + + /* get some limited items from queue */ + while (count < LOG_BUFFER_LIMIT) { + struct cds_wfcq_node *qnode = __cds_wfcq_dequeue_nonblocking( + &logqueue_head, &logqueue_tail); + if (!qnode || qnode == CDS_WFCQ_WOULDBLOCK) + break; /* empty queue or need block */ + + uatomic_dec(&log_buffer_count); + + struct lognode *node = + caa_container_of(qnode, struct lognode, node); + buffer[count++] = node; + } + + if (count > 0) { + /* flush buffer to file */ + export_log_to_file(buffer, count); + + /* clean up */ + for (uint32_t i = 0; i < count; i++) { + struct lognode *node = buffer[i]; + free(node->info); + free(node); + } + } +} + +static void *log_exporter_thread(void *args __unused) +{ + if (debug_level >= INFO_LEVEL) { + unsigned long tid = syscall(SYS_gettid); + RTE_LOG(INFO, FLOWSTAT, "Exporter started threadId=%lu\n", tid); + } + + while (true) { + export_log(); + sleep(EXPORTER_INTERVAL); + } + + if (debug_level >= INFO_LEVEL) + RTE_LOG(INFO, FLOWSTAT, "Exporter stopped\n"); + + return NULL; +} + +static void queue_log(struct flow_log *flow_log) +{ + struct lognode *node = malloc(sizeof(struct lognode)); + if (!node) + return; + + cds_wfcq_node_init(&node->node); + node->info = flow_log; + cds_wfcq_enqueue(&logqueue_head, &logqueue_tail, &node->node); + if (debug_level >= DEBUG_LEVEL) { + char msg[LOG_MSG_SIZE]; + format_log(msg, flow_log); + RTE_LOG(DEBUG, FLOWSTAT, "Queued log %s\n", msg); + } +} + +static void add_session_log(struct session *s, + struct session_private *s_private, + enum dp_session_state state) +{ + uint32_t next = uatomic_add_return(&log_buffer_count, 1); + if (next > LOG_BUFFER_LIMIT) { + uatomic_dec(&log_buffer_count); + return; + } + + struct flow_log *flow_log = malloc(sizeof(struct flow_log)); + struct dp_session_info *info = &flow_log->session; + dp_session_query(s, SESSION_ATTR_ALL, info); + + /* Load cached dpi for expired session */ + if (state == SESSION_STATE_CLOSED) { + info->se_app_name = s_private->app; + info->se_app_proto = s_private->app_proto; + info->se_app_type = s_private->app_type; + } + + time_t now = time(NULL); + flow_log->timestamp = now; + + /* + * duration + */ + int64_t duration = rte_get_timer_cycles() - info->se_create_time; + duration = duration / rte_get_timer_hz(); + if (duration <= 0) + duration = 1; + flow_log->duration = duration; + + if (s_private->is_long_lived) { + uint64_t in_bytes, in_pkts, out_bytes, out_pkts; + + /* calc delta */ + in_bytes = info->se_bytes_in - s_private->last_bytes_in; + in_pkts = info->se_pkts_in - s_private->last_pkts_in; + out_bytes = info->se_bytes_out - s_private->last_bytes_out; + out_pkts = info->se_pkts_out - s_private->last_pkts_out; + + /* no stats was updated, ignore it */ + if (!in_pkts && !out_pkts) + return; + + /* update to latest stat */ + s_private->last_bytes_in = info->se_bytes_in; + s_private->last_pkts_in = info->se_pkts_in; + s_private->last_bytes_out = info->se_bytes_out; + s_private->last_pkts_out = info->se_pkts_out; + + /* save delta for export */ + info->se_bytes_in = in_bytes; + info->se_pkts_in = in_pkts; + info->se_bytes_out = out_bytes; + info->se_pkts_out = out_pkts; + } + + queue_log(flow_log); +} + +static void add_es_session_log(struct session *s, + struct session_private *s_private, + enum dp_session_state state) +{ + /* try acquire lock */ + bool locked = uatomic_xchg(&s_private->locked, true); + if (!locked) { + s_private->is_long_lived = true; + add_session_log(s, s_private, state); + + if (state == SESSION_STATE_ESTABLISHED) + s_private->last_seen = time(NULL); + else if (state == SESSION_STATE_TERMINATING) + s_private->last_seen_tw = time(NULL); + + /* release lock */ + uatomic_set(&s_private->locked, false); + } else if (debug_level >= DEBUG_LEVEL) { + RTE_LOG(DEBUG, FLOWSTAT, "failed to acquire lock es\n"); + } +} + +static void session_watch_cb(struct session *s, enum dp_session_hook hook, + void *data __unused) +{ + /* Check if feature is disabled global */ + if (!is_enabled_global) + return; + + /* Check if feature is enabled for interface */ + struct dp_session_info info; + dp_session_query(s, SESSION_ATTR_IF_NAME | SESSION_ATTR_PROTOCOL, + &info); + + rcu_read_lock(); + bool enabled = intf_lookup(info.se_ifname); + rcu_read_unlock(); + + if (!enabled) + return; + + struct session_private *s_private = NULL; + + /* Set extra data for new session */ + if (hook == SESSION_ACTIVATE) { + s_private = malloc(sizeof(*s_private)); + s_private->locked = false; + s_private->is_long_lived = false; + s_private->last_seen = time(NULL); + s_private->last_seen_tw = 0; + s_private->last_bytes_in = 0; + s_private->last_pkts_in = 0; + s_private->last_bytes_out = 0; + s_private->last_pkts_out = 0; + s_private->app = NULL; + s_private->app_proto = NULL; + s_private->app_type = NULL; + + dp_session_set_private(SESSION_PRIVATE_ID, s, s_private); + } else { + s_private = dp_session_get_private(SESSION_PRIVATE_ID, s); + } + + if (!s_private) + return; + + switch (hook) { + case SESSION_STATS_UPDATE: + if (dp_session_is_established(s)) { + /* For long active connections, export log by interval + */ + double seconds = + difftime(time(NULL), s_private->last_seen); + if (seconds >= LOG_ES_SESSION_INTERVAL) + add_es_session_log(s, s_private, + SESSION_STATE_ESTABLISHED); + } else if (info.se_protocol == IPPROTO_TCP && + info.se_protocol_state >= NPF_TCPS_TIME_WAIT) { + double seconds = + difftime(time(NULL), s_private->last_seen_tw); + if (seconds >= LOG_TW_SESSION_INTERVAL) + add_es_session_log(s, s_private, + SESSION_STATE_TERMINATING); + } + break; + case SESSION_STATE_CHANGE: + if (dp_session_get_state(s) == SESSION_STATE_TERMINATING) { + /* Cache dpi info before session expired. Because + * expired session has no features, mean no dpi info. + */ + if (!s_private->app) { + dp_session_query(s, SESSION_ATTR_DPI, &info); + /* Make it dont try load again if not found any + * dpi + */ + s_private->app = info.se_app_name + ? info.se_app_name + : ""; + s_private->app_proto = info.se_app_proto; + s_private->app_type = info.se_app_type; + } + } + break; + case SESSION_EXPIRE: + /* Closed, add log */ + add_session_log(s, s_private, SESSION_STATE_CLOSED); + + /* Free private data, too */ + free(s_private); + break; + default: + break; + } + + if (debug_level >= DEBUG_LEVEL) { + if (hook == SESSION_STATS_UPDATE) { + char msg[LOG_MSG_SIZE]; + struct flow_log flow_log; + dp_session_query(s, SESSION_ATTR_ALL, + &flow_log.session); + format_log(msg, &flow_log); + RTE_LOG(DEBUG, FLOWSTAT, + "session uuid=%lu state=%s hook=%d proto=%d " + "proto_state=%d %s\n", + dp_session_unique_id(s), + dp_session_get_state_name(s, false), hook, + info.se_protocol, info.se_protocol_state, msg); + } else { + RTE_LOG(DEBUG, FLOWSTAT, + "session uuid=%lu state=%s hook=%d proto=%d " + "proto_state=%d\n", + dp_session_unique_id(s), + dp_session_get_state_name(s, false), hook, + info.se_protocol, info.se_protocol_state); + } + } +} + +static void fstat_cleanup_cb(const char *instance __unused, + void *context __unused) +{ + cds_wfcq_destroy(&logqueue_head, &logqueue_tail); + cds_lfht_destroy(enabled_intf_ht, NULL); +} + +static unsigned int fstat_process(struct pl_packet *pkt __unused, + void *context __unused) +{ + return FLOW_STAT_ACCEPT; +} + +static int fstat_feat_cmd(struct pb_msg *msg) +{ + int ret = 0; + + FlowStatFeatConfig *fstat_msg = + flow_stat_feat_config__unpack(NULL, msg->msg_len, msg->msg); + if (!fstat_msg) { + dp_pb_cmd_err(msg, "failed to read fstat protobuf command\n"); + return -1; + } + + if (!fstat_msg->has_is_active) { + dp_pb_cmd_err(msg, "error in fstat protobuf command\n"); + return -1; + } + + const char *if_name = fstat_msg->if_name; + + if (strlen(if_name) == 0) { + /* Enable/disable on global */ + if (fstat_msg->is_active == false) { + is_enabled_global = false; + if (debug_level >= INFO_LEVEL) + RTE_LOG(INFO, FLOWSTAT, "disabled global\n"); + } else { + is_enabled_global = true; + if (debug_level >= INFO_LEVEL) + RTE_LOG(INFO, FLOWSTAT, "enabled global\n"); + } + } else if (fstat_msg->is_active == false) { + /* + * Disable interface. + */ + struct intf_node *node = intf_lookup(if_name); + if (node) { + cds_lfht_del(enabled_intf_ht, &node->node); + free(node); + } + + if (debug_level >= INFO_LEVEL) + RTE_LOG(INFO, FLOWSTAT, "disabled on %s\n", if_name); + } else { + /* + * Enable interface. + */ + struct intf_node *node; + struct cds_lfht_node *ret_node; + + node = malloc(sizeof(struct intf_node)); + if (!node) { + dp_pb_cmd_err(msg, "Failed to allocate memory\n"); + return -1; + } + + cds_lfht_node_init(&node->node); + strncpy(node->name, if_name, IFNAMSIZ); + + ret_node = cds_lfht_add_unique( + enabled_intf_ht, intf_hash_name(if_name), intf_match, + if_name, &node->node); + if (ret_node != &node->node) + /* already added, free new node */ + free(node); + + if (debug_level >= INFO_LEVEL) + RTE_LOG(INFO, FLOWSTAT, "enabled on %s\n", if_name); + } + + flow_stat_feat_config__free_unpacked(fstat_msg, NULL); + + return ret; +} + +static int cmd_fstat_feat_show(struct pb_msg *msg) +{ + /* request */ + FlowStatOpReq *fstat_op_req_msg = + flow_stat_op_req__unpack(NULL, msg->msg_len, msg->msg); + if (!fstat_op_req_msg) { + dp_pb_cmd_err(msg, + "failed to read fstat protobuf op command\n"); + return -1; + } + flow_stat_op_req__free_unpacked(fstat_op_req_msg, NULL); + + /* response */ + FlowStatOpResp fstat_op_resp_msg = FLOW_STAT_OP_RESP__INIT; + + fstat_op_resp_msg.count = 0; + fstat_op_resp_msg.has_count = false; + + /* now convert this to binary and add back */ + int len = flow_stat_op_resp__get_packed_size(&fstat_op_resp_msg); + void *buf2 = malloc(len); + flow_stat_op_resp__pack(&fstat_op_resp_msg, buf2); + msg->ret_msg = buf2; + msg->ret_msg_len = len; + + return 0; +} + +const char *fstat_next_nodes[] = { + "vyatta:term-noop", +}; + +static const char *plugin_name = "flow_stat"; + +struct dp_pipeline_feat_registration fstat_feat = { + .plugin_name = "flow_stat", + .name = "fstat:fstat", + .node_name = "fstat:fstat", + .feature_point = "vyatta:ipv4-validate", + .visit_before = NULL, + .visit_after = "vyatta:ipv4-pbr", + .cleanup_cb = fstat_cleanup_cb, +}; + +static struct session_watch fstat_sew = { + .fn = session_watch_cb, + .types = SESSION_TYPE_FW, + .data = NULL, + .name = "fstat_session_watch", +}; + +int dp_feature_plugin_init(const char **name) +{ + int rv; + + rv = dp_pipeline_register_node("fstat:fstat", 1, fstat_next_nodes, + PL_PROC, fstat_process); + if (rv) + goto error; + + rv = dp_pipeline_register_list_feature(&fstat_feat); + if (rv) + goto error; + + rv = dp_feature_register_pb_cfg_handler("fstat:fstat-feat", + fstat_feat_cmd); + if (rv) + goto error; + + rv = dp_feature_register_pb_op_handler("fstat:fstat-feat", + cmd_fstat_feat_show); + if (rv) + goto error; + + rv = dp_session_watch_register(&fstat_sew); + if (rv) + goto error; + + cds_wfcq_init(&logqueue_head, &logqueue_tail); + +#ifndef UNIT_TEST + pthread_t export_thread; + rv = pthread_create(&export_thread, NULL, log_exporter_thread, NULL); + if (rv < 0) { + RTE_LOG(INFO, FLOWSTAT, "pthread create failed\n"); + goto error; + } +#endif + + /* + * Allocate hash table. + */ + enabled_intf_ht = + cds_lfht_new(ENABLED_INTF_HASH_MIN, ENABLED_INTF_HASH_MIN, + ENABLED_INTF_HASH_MAX, + CDS_LFHT_AUTO_RESIZE | CDS_LFHT_ACCOUNTING, NULL); + if (!enabled_intf_ht) { + RTE_LOG(INFO, FLOWSTAT, "Error allocating hash table\n"); + goto error; + } + + *name = plugin_name; + RTE_LOG(INFO, FLOWSTAT, "flow_stat is loaded\n"); + return 0; +error: + return rv; +} diff --git a/src/flowstat.h b/src/flowstat.h new file mode 100644 index 0000000..71eb3f3 --- /dev/null +++ b/src/flowstat.h @@ -0,0 +1,24 @@ +/* + * Flow stat pipeline feature node + * + * Copyright (c) 2021, SafePoint. All rights reserved. + * All rights reserved. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#ifndef FLOWSTAT_H +#define FLOWSTAT_H + +#ifdef UNIT_TEST +#define FLOWSTAT_LOG "/tmp/flowstat_test.log" +#define LOG_ES_SESSION_INTERVAL 2 +#else +#define FLOWSTAT_LOG "/var/log/flowstat.log" +#define LOG_ES_SESSION_INTERVAL 60 +#endif + +/* Used by unit-test */ +void export_log(void); + +#endif diff --git a/tests/meson.build b/tests/meson.build new file mode 100644 index 0000000..786a2b3 --- /dev/null +++ b/tests/meson.build @@ -0,0 +1,50 @@ +# SPDX-License-Identifier: LGPL-2.1-only +# Copyright (c) 2021, SafePoint. All rights reserved. +# Copyright (c) 2020-2021, AT&T Intellectual Property. All rights reserved. + +flowstat_test_plugin_sources = files( + 'src/dp_test_pipeline_flowstat.c', +) + +flowstat_test_plugin = shared_module('flowstat_test', + sources: [ + flowstat_test_plugin_sources, + ], + include_directories: [ + include_directories('src'), + ], + dependencies: [dp_dep, dpdk_dep, flowstat_plugin_dep], + c_args: [ + '-DUNIT_TEST', + '-Wno-unused-function' + ] +) + +# Only files that declare a CK test suite (using DP_DECL_TEST_SUITE()) +# These will be iterated over using CK_RUN_SUITE for testing +# Everything else belongs in test_lib_sources above +check_tests = [ + 'dp_test_pipeline_flowstat.c' +] + +dataplane_test = find_program('dataplane_test') + +lcore_number = 0 +cores_available = run_command('nproc').stdout().to_int() + +foreach suite : check_tests + suite_env = ['CK_RUN_SUITE=@0@'.format(suite), 'CK_XML_LOG_FILE_NAME=test_@0@.xml'.format(suite)] + test(suite, dataplane_test, + depends: [flowstat_plugin, flowstat_test_plugin], + workdir: meson.current_build_dir(), + args: ['-l @0@'.format(lcore_number), '-d0', '-E'], + env: suite_env, + timeout: 120 + ) + + lcore_number += 1 + if (lcore_number >= cores_available) + lcore_number = 0 + endif + +endforeach diff --git a/tests/src/dp_test_lib_tcp.h b/tests/src/dp_test_lib_tcp.h new file mode 100644 index 0000000..dc37675 --- /dev/null +++ b/tests/src/dp_test_lib_tcp.h @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2021, SafePoint. All rights reserved. + * Copyright (c) 2017-2020, AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2016 by Brocade Communications Systems, Inc. + * All rights reserved. + * + * SPDX-License-Identifier: LGPL-2.1-only + * + * A library of useful functions for writing dataplane tests. + */ + +#ifndef _DP_TEST_LIB_TCP_H_ +#define _DP_TEST_LIB_TCP_H_ + +#include +#include + +/* + * dp_test_tcp_flag2str + * + * Returns a flags string from TCP flags. Uses a static buffer, so string + * should be used immediately. If no flags are set then "0" is returned. + */ +#define DPT_TCP_FLAG_DELIM_COMMA ", " +#define DPT_TCP_FLAG_DELIM_OR "|" + +char *dp_test_tcp_flag2str(uint8_t flags, const char *delim); + + +/*************************************************************************** + * TCP Flow Testing + **************************************************************************/ + +/* + * Provides a mechanism to automatically generate a TCP call, i.e. a forwards + * and backwards flow of packets, with use specified TCP flags and automatic + * update of seq and ack. + */ + +#define DPT_FORW true +#define DPT_BACK false + +/* + * TCP flow pkt flags and data + * + * data pointers are pointers to arrays or strings. If an array, then a dlen + * must be specified. If a string, then dlen may be specified. If not specd, + * then dpt_tcp_pak_receive will calculate it. + * + * If pst_data is NULL then the pre_data is used. Typically only ALG tests + * might use pst_data. + */ +struct dpt_tcp_flow_pkt { + bool forw; /* true for forw, false for back */ + uint8_t flags; /* TCP flags */ + uint pre_dlen; + char *pre_data; /* Pre data */ + uint pst_dlen; + char *pst_data; /* Post data */ +}; + +#define DPT_TCP_CALL_TEXT_LEN 120 + +/* + * TCP flow pkt descriptors + */ +struct dpt_tcp_flow_pkt_desc { + struct dp_test_pkt_desc_t *pre; + struct dp_test_pkt_desc_t *pst; +}; + +/* + * TCP flow. + * + * Keeps track of seq and ack numbers, and adds them to the test packets. + */ +struct dpt_tcp_flow { + char text[DPT_TCP_CALL_TEXT_LEN]; + + /* Forw and back, pre and post pkt descriptors */ + struct dpt_tcp_flow_pkt_desc desc[2]; + + /* Initial sequence number */ + uint32_t isn[2]; + + /* seq and ack; start at zero */ + uint32_t seq[2]; + uint32_t ack[2]; + + void (*test_cb)(const char *desc, + uint pktno, bool forw, + uint8_t flags, + struct dp_test_pkt_desc_t *pre, + struct dp_test_pkt_desc_t *post, + void *data, uint index); + void (*post_cb)(uint pktno, bool forw, uint8_t flags, + struct dp_test_pkt_desc_t *pre, + struct dp_test_pkt_desc_t *post, + const char *desc); +}; + +struct dp_test_pkt_desc_t *dpt_pdesc_v4_create(const char *text, + uint8_t proto, + const char *l2_src, + const char *l3_src, + uint16_t sport, + const char *l2_dst, + const char *l3_dst, + uint16_t dport, + const char *rx_intf, + const char *tx_intf); + +struct dp_test_pkt_desc_t *dpt_pdesc_v6_create(const char *text, + uint8_t proto, + const char *l2_src, + const char *l3_src, + uint16_t sport, + const char *l2_dst, + const char *l3_dst, + uint16_t dport, + const char *rx_intf, + const char *tx_intf); + +/* + * TCP call + * + * call Packet descriptors for forw and back packets + * df_array Array of direction, flags and pkt size tuples, + * one for each packet to be sent + * df_array_size + * first Index of first pkt in df_array + * last Index of last pkt in df_array (if > 0 and < df_array_size) + * ctx_ptr Pointer context to pass to test_cb + * ctx_uint Uint context to pass to test_cb + */ +void dpt_tcp_call(struct dpt_tcp_flow *call, struct dpt_tcp_flow_pkt *df_array, + size_t df_array_size, uint first, uint last, + void *ctx_ptr, uint ctx_uint); + +#endif /* _DP_TEST_LIB_TCP_H_ */ diff --git a/tests/src/dp_test_npf_lib.h b/tests/src/dp_test_npf_lib.h new file mode 100644 index 0000000..e47529c --- /dev/null +++ b/tests/src/dp_test_npf_lib.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2021, SafePoint. All rights reserved. + * Copyright (c) 2017-2020, AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2015 by Brocade Communications Systems, Inc. + * All rights reserved. + * + * SPDX-License-Identifier: LGPL-2.1-only + * + * Whole dataplane test npf library + */ + +#ifndef __DP_TEST_NPF_LIB_H__ +#define __DP_TEST_NPF_LIB_H__ + +#include +#include + +#include "dp_test/dp_test_firewall_lib.h" + +/* + * Defines for backward compatibility. + */ +#define dp_test_npf_rule_t dp_test_fw_rule_t +#define dp_test_npf_ruleset_t dp_test_fw_ruleset_t + +void +_dp_test_npf_cmd_fmt(bool print, const char *file, int line, + const char *fmt_str, ...) + __attribute__((__format__(printf, 4, 5))); + +#define dp_test_npf_cmd_fmt(print, fmt_str, ...) \ + _dp_test_npf_cmd_fmt(print, __FILE__, __LINE__, \ + fmt_str, ##__VA_ARGS__) + +#define dp_test_npf_fw_add(rs, debug) \ + _dp_test_fw_ruleset_add(rs, "fw", debug, \ + true, __FILE__, __LINE__) + +#define dp_test_npf_fw_del(fw, debug) \ + _dp_test_fw_ruleset_del(fw, "fw", debug, \ + true, __FILE__, __LINE__) + +#endif diff --git a/tests/src/dp_test_pipeline_flowstat.c b/tests/src/dp_test_pipeline_flowstat.c new file mode 100644 index 0000000..6d5d89e --- /dev/null +++ b/tests/src/dp_test_pipeline_flowstat.c @@ -0,0 +1,1224 @@ +/* + * Copyright (c) 2021, SafePoint. All rights reserved. + * Copyright (c) 2017-2020, AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2015-2017 by Brocade Communications Systems, Inc. + * All rights reserved. + * + * SPDX-License-Identifier: LGPL-2.1-only + * + * Whole dataplane test pipeline flowstat tests + */ + +#include "compiler.h" +#include "dp_test/dp_test_lib.h" +#include "dp_test/dp_test_lib_intf.h" +#include "dp_test/dp_test_macros.h" +#include "dp_test/dp_test_pktmbuf_lib.h" +#include "dp_test/dp_test_netlink_state.h" +#include "dp_test/dp_test_firewall_lib.h" +#include "dp_test/dp_test_session_lib.h" +#include "dp_test_lib_tcp.h" +#include "dp_test_npf_lib.h" +#include "util.h" + +#include "dp_test_session_internal_lib.h" + +#include + +#include "flowstat.h" +#include "FlowStatFeatConfig.pb-c.h" +#include "FlowStatFeatOp.pb-c.h" +#include "protobuf/DataplaneEnvelope.pb-c.h" + +#include "pcap/http-example.h" +#include "pcap/http-google.h" + +struct dp_test_flow_log_result { + const char *src; + int src_port; + const char *dst; + int dst_port; + int protocol; + uint64_t in_pkts; + uint64_t out_pkts; + const char *app; + const char *app_proto; + const char *app_type; + const char *if_name; +}; + +static struct dpt_tcp_flow_pkt tcp_simple_pkt[] = { + {DPT_FORW, TH_SYN, 0, NULL, 0, NULL}, + {DPT_BACK, TH_SYN | TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 20, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 50, NULL, 0, NULL}, + {DPT_BACK, TH_FIN, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_FIN, 0, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, +}; + +void _dp_test_remove_log_file(void) +{ + remove(FLOWSTAT_LOG); +} + +void _dp_test_verify_log(const char *log, + const struct dp_test_flow_log_result *p, + const char *file, int line) +{ + char buf[100]; + + sprintf(buf, "src_addr=%s ", p->src); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "src_port=%d ", p->src_port); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "dst_addr=%s ", p->dst); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "dst_port=%d ", p->dst_port); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "in_pkts=%lu ", p->in_pkts); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "out_pkts=%lu ", p->out_pkts); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "protocol=%d ", p->protocol); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "app_name=%s ", p->app); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "app_proto=%s ", p->app_proto); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "app_type=%s ", p->app_type); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); + + sprintf(buf, "if_name=\"%s\"", p->if_name); + _dp_test_fail_unless(strstr(log, buf) != NULL, file, line, + "Expected %s", buf); +} + +#define dp_test_verify_log(log, log_result) \ + _dp_test_verify_log(log, log_result, __FILE__, __LINE__) + +void _dp_test_verify_log_file(const struct dp_test_flow_log_result *log_result, + size_t size, + const char *file, int line) +{ + char log_line[1000]; + + FILE *f = fopen(FLOWSTAT_LOG, "r"); + _dp_test_fail_unless(f != NULL, file, line, + "Expected have log file %s", FLOWSTAT_LOG); + + for (size_t i = 0; i < size; i++) { + char *rv = fgets(log_line, 1000, f); + _dp_test_fail_unless(rv != NULL, file, line, + "Expected a log line"); + _dp_test_verify_log(log_line, &log_result[i], file, line); + } + + fclose(f); +} + +#define dp_test_verify_log_file(log_result, size) \ + _dp_test_verify_log_file(log_result, size, __FILE__, __LINE__) + +void _dp_test_verify_no_log_file(const char *file, int line) +{ + FILE *f = fopen(FLOWSTAT_LOG, "rb"); + _dp_test_fail_unless(f == NULL, file, line, + "Expected no log file %s", FLOWSTAT_LOG); +} + +#define dp_test_verify_no_log_file() \ + _dp_test_verify_no_log_file(__FILE__, __LINE__) + +static void +dp_test_create_and_send_cfg_feat_msg(bool enable, const char *ifname) +{ + int len; + FlowStatFeatConfig cfg = FLOW_STAT_FEAT_CONFIG__INIT; + + /* set values here */ + cfg.is_active = enable; + cfg.has_is_active = true; + /* strings don't have 'has_' */ + cfg.if_name = (char *)ifname; + len = flow_stat_feat_config__get_packed_size(&cfg); + void *buf2 = malloc(len); + assert(buf2); + + flow_stat_feat_config__pack(&cfg, buf2); + + dp_test_lib_pb_wrap_and_send_pb("fstat:fstat-feat", buf2, len); +} + +DP_DECL_TEST_SUITE(flowstat); + +DP_DECL_TEST_CASE(flowstat, general, NULL, NULL); + +/* + * Test not enabled + */ +DP_START_TEST(general, not_enabled) +{ + char *dp1T0_mac = dp_test_intf_name2mac_str("dp1T0"); + char *dp2T1_mac = dp_test_intf_name2mac_str("dp2T1"); + + /* Setup interfaces and neighbours */ + dp_test_nl_add_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_add_ip_addr_and_connected("dp2T1", "200.201.202.1/24"); + + dp_test_netlink_add_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_add_neigh("dp2T1", "200.201.202.203", + "aa:bb:cc:18:0:1"); + + _dp_test_remove_log_file(); + + struct dp_test_pkt_desc_t *ins_pre, *ins_post; + struct dp_test_pkt_desc_t *outs_pre, *outs_post; + + ins_pre = dpt_pdesc_v4_create( + "Inside pre", IPPROTO_TCP, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + dp1T0_mac, "200.201.202.203", 80, + "dp1T0", "dp2T1"); + + ins_post = dpt_pdesc_v4_create( + "Inside post", IPPROTO_TCP, + dp2T1_mac, "100.101.102.103", 49152, + "aa:bb:cc:18:0:1", "200.201.202.203", 80, + "dp1T0", "dp2T1"); + + outs_pre = dpt_pdesc_v4_create( + "Outside pre", IPPROTO_TCP, + "aa:bb:cc:18:0:1", "200.201.202.203", 80, + dp2T1_mac, "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + outs_post = dpt_pdesc_v4_create( + "Outside post", IPPROTO_TCP, + dp1T0_mac, "200.201.202.203", 80, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + struct dp_test_npf_rule_t rules[] = { + { + .rule = "10", + .pass = PASS, + .stateful = STATEFUL, + .npf = "to=any" + }, + RULE_DEF_BLOCK, + NULL_RULE + }; + + struct dp_test_npf_ruleset_t fw = { + .rstype = "fw-out", + .name = "FW1_OUT", + .enable = 1, + .attach_point = "dp2T1", + .fwd = FWD, + .dir = "out", + .rules = rules + }; + + dp_test_npf_fw_add(&fw, false); + + struct dpt_tcp_flow tcp_call = { + .text[0] = '\0', + .isn = {0, 0}, + .desc[DPT_FORW] = { + .pre = ins_pre, + .pst = ins_post, + }, + .desc[DPT_BACK] = { + .pre = outs_pre, + .pst = outs_post, + }, + .test_cb = NULL, + .post_cb = NULL, + }; + + dpt_tcp_call(&tcp_call, tcp_simple_pkt, ARRAY_SIZE(tcp_simple_pkt), + 0, 0, NULL, 0); + + /* Simulate export log */ + export_log(); + + dp_test_verify_no_log_file(); + + /* + * End + */ + + free(ins_pre); + free(ins_post); + free(outs_pre); + free(outs_post); + + /************************************************************* + * Cleanup + *************************************************************/ + + dp_test_npf_fw_del(&fw, false); + dp_test_sessions_clear(); + + dp_test_netlink_del_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_del_neigh("dp2T1", "200.201.202.203", + "aa:bb:cc:18:0:1"); + + dp_test_nl_del_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_del_ip_addr_and_connected("dp2T1", "200.201.202.1/24"); + +} DP_END_TEST; + +DP_DECL_TEST_CASE(flowstat, logflow, NULL, NULL); + +/* + * Test Log simple tcp session + */ +DP_START_TEST(logflow, simple) +{ + char *dp1T0_mac = dp_test_intf_name2mac_str("dp1T0"); + char *dp2T1_mac = dp_test_intf_name2mac_str("dp2T1"); + + /* Setup interfaces and neighbours */ + dp_test_nl_add_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_add_ip_addr_and_connected("dp2T1", "200.201.202.1/24"); + + dp_test_netlink_add_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_add_neigh("dp2T1", "200.201.202.203", + "aa:bb:cc:18:0:1"); + + _dp_test_remove_log_file(); + + /* Enable the feature */ + char real_ifname[IFNAMSIZ]; + dp_test_create_and_send_cfg_feat_msg( + true, dp_test_intf_real("dp2T1", real_ifname)); + + struct dp_test_pkt_desc_t *ins_pre, *ins_post; + struct dp_test_pkt_desc_t *outs_pre, *outs_post; + + ins_pre = dpt_pdesc_v4_create( + "Inside pre", IPPROTO_TCP, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + dp1T0_mac, "200.201.202.203", 80, + "dp1T0", "dp2T1"); + + ins_post = dpt_pdesc_v4_create( + "Inside post", IPPROTO_TCP, + dp2T1_mac, "100.101.102.103", 49152, + "aa:bb:cc:18:0:1", "200.201.202.203", 80, + "dp1T0", "dp2T1"); + + outs_pre = dpt_pdesc_v4_create( + "Outside pre", IPPROTO_TCP, + "aa:bb:cc:18:0:1", "200.201.202.203", 80, + dp2T1_mac, "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + outs_post = dpt_pdesc_v4_create( + "Outside post", IPPROTO_TCP, + dp1T0_mac, "200.201.202.203", 80, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + struct dp_test_npf_rule_t rules[] = { + { + .rule = "10", + .pass = PASS, + .stateful = STATEFUL, + .npf = "to=any" + }, + RULE_DEF_BLOCK, + NULL_RULE + }; + + struct dp_test_npf_ruleset_t fw = { + .rstype = "fw-out", + .name = "FW1_OUT", + .enable = 1, + .attach_point = "dp2T1", + .fwd = FWD, + .dir = "out", + .rules = rules + }; + + dp_test_npf_fw_add(&fw, false); + + struct dpt_tcp_flow tcp_call = { + .text[0] = '\0', + .isn = {0, 0}, + .desc[DPT_FORW] = { + .pre = ins_pre, + .pst = ins_post, + }, + .desc[DPT_BACK] = { + .pre = outs_pre, + .pst = outs_post, + }, + .test_cb = NULL, + .post_cb = NULL, + }; + + dpt_tcp_call(&tcp_call, tcp_simple_pkt, ARRAY_SIZE(tcp_simple_pkt), + 0, 0, NULL, 0); + + /* Simulate export log */ + export_log(); + + struct dp_test_flow_log_result log_result = { + .src = "100.101.102.103", + .src_port = 49152, + .dst = "200.201.202.203", + .dst_port = 80, + .protocol = IPPROTO_TCP, + .in_pkts = 5, + .out_pkts = 5, + .app = "", + .app_proto = "", + .app_type = "", + .if_name = dp_test_intf_real("dp2T1", real_ifname), + }; + dp_test_verify_log_file(&log_result, 1); + + /* + * End + */ + + free(ins_pre); + free(ins_post); + free(outs_pre); + free(outs_post); + + /************************************************************* + * Cleanup + *************************************************************/ + + dp_test_create_and_send_cfg_feat_msg( + false, dp_test_intf_real("dp2T1", real_ifname)); + dp_test_npf_fw_del(&fw, false); + dp_test_sessions_clear(); + + dp_test_netlink_del_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_del_neigh("dp2T1", "200.201.202.203", + "aa:bb:cc:18:0:1"); + + dp_test_nl_del_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_del_ip_addr_and_connected("dp2T1", "200.201.202.1/24"); + +} DP_END_TEST; + +/* + * Test log long lived tcp session + */ +static void +dp_test_logflow_ll_tcp_post_cb(uint pktno, bool forw __unused, + uint8_t flags __unused, + struct dp_test_pkt_desc_t *pre __unused, + struct dp_test_pkt_desc_t *post __unused, + const char *desc __unused) +{ + if (pktno == 3) + sleep(2); +} + +DP_START_TEST(logflow, long_lived_tcp) +{ + char *dp1T0_mac = dp_test_intf_name2mac_str("dp1T0"); + char *dp2T1_mac = dp_test_intf_name2mac_str("dp2T1"); + + /* Setup interfaces and neighbours */ + dp_test_nl_add_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_add_ip_addr_and_connected("dp2T1", "200.201.202.1/24"); + + dp_test_netlink_add_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_add_neigh("dp2T1", "200.201.202.203", + "aa:bb:cc:18:0:1"); + + _dp_test_remove_log_file(); + + /* Enable the feature */ + char real_ifname[IFNAMSIZ]; + dp_test_create_and_send_cfg_feat_msg( + true, dp_test_intf_real("dp2T1", real_ifname)); + + struct dp_test_pkt_desc_t *ins_pre, *ins_post; + struct dp_test_pkt_desc_t *outs_pre, *outs_post; + + ins_pre = dpt_pdesc_v4_create( + "Inside pre", IPPROTO_TCP, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + dp1T0_mac, "200.201.202.203", 80, + "dp1T0", "dp2T1"); + + ins_post = dpt_pdesc_v4_create( + "Inside post", IPPROTO_TCP, + dp2T1_mac, "100.101.102.103", 49152, + "aa:bb:cc:18:0:1", "200.201.202.203", 80, + "dp1T0", "dp2T1"); + + outs_pre = dpt_pdesc_v4_create( + "Outside pre", IPPROTO_TCP, + "aa:bb:cc:18:0:1", "200.201.202.203", 80, + dp2T1_mac, "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + outs_post = dpt_pdesc_v4_create( + "Outside post", IPPROTO_TCP, + dp1T0_mac, "200.201.202.203", 80, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + struct dp_test_npf_rule_t rules[] = { + { + .rule = "10", + .pass = PASS, + .stateful = STATEFUL, + .npf = "to=any" + }, + RULE_DEF_BLOCK, + NULL_RULE + }; + + struct dp_test_npf_ruleset_t fw = { + .rstype = "fw-out", + .name = "FW1_OUT", + .enable = 1, + .attach_point = "dp2T1", + .fwd = FWD, + .dir = "out", + .rules = rules + }; + + dp_test_npf_fw_add(&fw, false); + + struct dpt_tcp_flow tcp_call = { + .text[0] = '\0', + .isn = {0, 0}, + .desc[DPT_FORW] = { + .pre = ins_pre, + .pst = ins_post, + }, + .desc[DPT_BACK] = { + .pre = outs_pre, + .pst = outs_post, + }, + .test_cb = NULL, + .post_cb = dp_test_logflow_ll_tcp_post_cb, + }; + + struct dpt_tcp_flow_pkt tcp_pkt1[] = { + {DPT_FORW, TH_SYN, 0, NULL, 0, NULL}, + {DPT_BACK, TH_SYN | TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 20, NULL, 0, NULL}, + /* long lived session */ + {DPT_FORW, TH_ACK, 50, NULL, 0, NULL}, + {DPT_BACK, TH_FIN, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_FIN, 0, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, + }; + + dpt_tcp_call(&tcp_call, tcp_pkt1, ARRAY_SIZE(tcp_pkt1), 0, 0, NULL, 0); + + /* Simulate export log */ + export_log(); + + struct dp_test_flow_log_result log_result[] = {{ + .src = "100.101.102.103", + .src_port = 49152, + .dst = "200.201.202.203", + .dst_port = 80, + .protocol = IPPROTO_TCP, + .in_pkts = 2, + .out_pkts = 3, + .app = "", + .app_proto = "", + .app_type = "", + .if_name = dp_test_intf_real("dp2T1", real_ifname), + }, { + .src = "100.101.102.103", + .src_port = 49152, + .dst = "200.201.202.203", + .dst_port = 80, + .protocol = IPPROTO_TCP, + .in_pkts = 3, + .out_pkts = 2, + .app = "", + .app_proto = "", + .app_type = "", + .if_name = dp_test_intf_real("dp2T1", real_ifname), + }}; + dp_test_verify_log_file(log_result, ARRAY_SIZE(log_result)); + + /* + * End + */ + + free(ins_pre); + free(ins_post); + free(outs_pre); + free(outs_post); + + /************************************************************* + * Cleanup + *************************************************************/ + + dp_test_create_and_send_cfg_feat_msg( + false, dp_test_intf_real("dp2T1", real_ifname)); + dp_test_npf_fw_del(&fw, false); + dp_test_sessions_clear(); + + dp_test_netlink_del_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_del_neigh("dp2T1", "200.201.202.203", + "aa:bb:cc:18:0:1"); + + dp_test_nl_del_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_del_ip_addr_and_connected("dp2T1", "200.201.202.1/24"); + +} DP_END_TEST; + +/* + * 100.101.102.x 216.58.200.x + * +----------+ + * .1| |.1 + * .103 -------------------| UUT |------------------ .78 (google.com) + * dp1T0| |dp2T1 + * +----------+ + * + * + * Test http get google.com + */ +DP_START_TEST(logflow, google) +{ + char *dp1T0_mac = dp_test_intf_name2mac_str("dp1T0"); + char *dp2T1_mac = dp_test_intf_name2mac_str("dp2T1"); + + /* Setup interfaces and neighbours */ + dp_test_nl_add_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_add_ip_addr_and_connected("dp2T1", "216.58.200.1/24"); + + dp_test_netlink_add_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_add_neigh("dp2T1", "216.58.200.78", + "aa:bb:cc:18:0:1"); + + _dp_test_remove_log_file(); + + /* Enable the feature */ + char real_ifname[IFNAMSIZ]; + dp_test_create_and_send_cfg_feat_msg( + true, dp_test_intf_real("dp2T1", real_ifname)); + + struct dp_test_pkt_desc_t *ins_pre, *ins_post; + struct dp_test_pkt_desc_t *outs_pre, *outs_post; + + ins_pre = dpt_pdesc_v4_create( + "Inside pre", IPPROTO_TCP, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + dp1T0_mac, "216.58.200.78", 80, + "dp1T0", "dp2T1"); + + ins_post = dpt_pdesc_v4_create( + "Inside post", IPPROTO_TCP, + dp2T1_mac, "100.101.102.103", 49152, + "aa:bb:cc:18:0:1", "216.58.200.78", 80, + "dp1T0", "dp2T1"); + + outs_pre = dpt_pdesc_v4_create( + "Outside pre", IPPROTO_TCP, + "aa:bb:cc:18:0:1", "216.58.200.78", 80, + dp2T1_mac, "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + outs_post = dpt_pdesc_v4_create( + "Outside post", IPPROTO_TCP, + dp1T0_mac, "216.58.200.78", 80, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + struct dp_test_npf_rule_t rules[] = { + { + .rule = "10", + .pass = PASS, + .stateful = STATEFUL, + .npf = "to=any" + }, + RULE_DEF_BLOCK, + NULL_RULE + }; + + struct dp_test_npf_ruleset_t fw = { + .rstype = "fw-out", + .name = "FW1_OUT", + .enable = 1, + .attach_point = "dp2T1", + .fwd = FWD, + .dir = "out", + .rules = rules + }; + + dp_test_npf_fw_add(&fw, false); + + struct dpt_tcp_flow tcp_call = { + .text[0] = '\0', + .isn = {0, 0}, + .desc[DPT_FORW] = { + .pre = ins_pre, + .pst = ins_post, + }, + .desc[DPT_BACK] = { + .pre = outs_pre, + .pst = outs_post, + }, + .test_cb = NULL, + .post_cb = NULL, + }; + + dpt_tcp_call(&tcp_call, http_google_pkt, ARRAY_SIZE(http_google_pkt), + 0, 0, NULL, 0); + + /* Simulate export log */ + export_log(); + + struct dp_test_flow_log_result log_result = { + .src = "100.101.102.103", + .src_port = 49152, + .dst = "216.58.200.78", + .dst_port = 80, + .protocol = IPPROTO_TCP, + .in_pkts = 8, + .out_pkts = 8, + .app = "", + .app_proto = "", + .app_type = "", + .if_name = dp_test_intf_real("dp2T1", real_ifname), + }; + dp_test_verify_log_file(&log_result, 1); + + /* + * End + */ + + free(ins_pre); + free(ins_post); + free(outs_pre); + free(outs_post); + + /************************************************************* + * Cleanup + *************************************************************/ + + dp_test_create_and_send_cfg_feat_msg( + false, dp_test_intf_real("dp2T1", real_ifname)); + dp_test_npf_fw_del(&fw, false); + dp_test_sessions_clear(); + + dp_test_netlink_del_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_del_neigh("dp2T1", "216.58.200.78", + "aa:bb:cc:18:0:1"); + + dp_test_nl_del_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_del_ip_addr_and_connected("dp2T1", "216.58.200.1/24"); + +} DP_END_TEST; + +DP_DECL_TEST_CASE(flowstat, logflowdpi, NULL, NULL); + +/* + * 100.101.102.x 93.184.216.x + * +----------+ + * .1| |.1 + * .103 -------------------| UUT |------------------ .34 (example.com) + * dp1T0| |dp2T1 + * +----------+ + * + * + * http get example.com (with DPI) + */ +DP_START_TEST(logflowdpi, example) +{ + char *dp1T0_mac = dp_test_intf_name2mac_str("dp1T0"); + char *dp2T1_mac = dp_test_intf_name2mac_str("dp2T1"); + + /* Setup interfaces and neighbours */ + dp_test_nl_add_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_add_ip_addr_and_connected("dp2T1", "93.184.216.1/24"); + + dp_test_netlink_add_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_add_neigh("dp2T1", "93.184.216.34", + "aa:bb:cc:18:0:1"); + + _dp_test_remove_log_file(); + + /* Enable the feature */ + char real_ifname[IFNAMSIZ]; + dp_test_create_and_send_cfg_feat_msg( + true, dp_test_intf_real("dp2T1", real_ifname)); + + struct dp_test_pkt_desc_t *ins_pre, *ins_post; + struct dp_test_pkt_desc_t *outs_pre, *outs_post; + + ins_pre = dpt_pdesc_v4_create( + "Inside pre", IPPROTO_TCP, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + dp1T0_mac, "93.184.216.34", 80, + "dp1T0", "dp2T1"); + + ins_post = dpt_pdesc_v4_create( + "Inside post", IPPROTO_TCP, + dp2T1_mac, "100.101.102.103", 49152, + "aa:bb:cc:18:0:1", "93.184.216.34", 80, + "dp1T0", "dp2T1"); + + outs_pre = dpt_pdesc_v4_create( + "Outside pre", IPPROTO_TCP, + "aa:bb:cc:18:0:1", "93.184.216.34", 80, + dp2T1_mac, "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + outs_post = dpt_pdesc_v4_create( + "Outside post", IPPROTO_TCP, + dp1T0_mac, "93.184.216.34", 80, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + /* + * dpi app firewall + */ + dp_test_npf_cmd_fmt(false, + "npf-ut delete app-firewall:ALLOWED-SITES 10000"); + dp_test_npf_cmd_fmt(false, "npf-ut add app-firewall:ALLOWED-SITES 100 " + "action=accept engine=ndpi protocol=http"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, "npf-ut add fw:DPI 200 action=accept " + "proto-final=6 stateful=y dst-port=80 " + "rproc=app-firewall(ALLOWED-SITES)"); + dp_test_npf_cmd_fmt(false, + "npf-ut add fw:DPI 1000 action=accept stateful=y"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, + "npf-ut attach interface:dpT21 fw-out fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + + struct dpt_tcp_flow tcp_call = { + .text[0] = '\0', + .isn = {0, 0}, + .desc[DPT_FORW] = { + .pre = ins_pre, + .pst = ins_post, + }, + .desc[DPT_BACK] = { + .pre = outs_pre, + .pst = outs_post, + }, + .test_cb = NULL, + .post_cb = NULL, + }; + + dpt_tcp_call(&tcp_call, http_example_pkt, ARRAY_SIZE(http_example_pkt), + 0, 0, NULL, 0); + + /* Simulate export log */ + export_log(); + + struct dp_test_flow_log_result log_result = { + .src = "100.101.102.103", + .src_port = 49152, + .dst = "93.184.216.34", + .dst_port = 80, + .protocol = IPPROTO_TCP, + .in_pkts = 8, + .out_pkts = 8, + .app = "HTTP", + .app_proto = "HTTP", + .app_type = "Web", + .if_name = dp_test_intf_real("dp2T1", real_ifname), + }; + dp_test_verify_log_file(&log_result, 1); + + /* + * End + */ + + free(ins_pre); + free(ins_post); + free(outs_pre); + free(outs_post); + + /************************************************************* + * Cleanup + *************************************************************/ + + dp_test_create_and_send_cfg_feat_msg( + false, dp_test_intf_real("dp2T1", real_ifname)); + + dp_test_npf_cmd_fmt(false, + "npf-ut delete app-firewall:ALLOWED-SITES 10000"); + dp_test_npf_cmd_fmt(false, "npf-ut delete app-firewall:ALLOWED-SITES"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, + "npf-ut detach interface:dpT21 fw-out fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, "npf-ut delete fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + + dp_test_sessions_clear(); + + dp_test_netlink_del_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_del_neigh("dp2T1", "93.184.216.34", + "aa:bb:cc:18:0:1"); + + dp_test_nl_del_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_del_ip_addr_and_connected("dp2T1", "93.184.216.1/24"); + +} DP_END_TEST; + +/* + * 100.101.102.x 216.58.200.x + * +----------+ + * .1| |.1 + * .103 -------------------| UUT |------------------ .78 (google.com) + * dp1T0| |dp2T1 + * +----------+ + * + * + * http get google.com (with DPI) + */ +DP_START_TEST(logflowdpi, google) +{ + char *dp1T0_mac = dp_test_intf_name2mac_str("dp1T0"); + char *dp2T1_mac = dp_test_intf_name2mac_str("dp2T1"); + + /* Setup interfaces and neighbours */ + dp_test_nl_add_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_add_ip_addr_and_connected("dp2T1", "216.58.200.1/24"); + + dp_test_netlink_add_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_add_neigh("dp2T1", "216.58.200.78", + "aa:bb:cc:18:0:1"); + + _dp_test_remove_log_file(); + + /* Enable the feature */ + char real_ifname[IFNAMSIZ]; + dp_test_create_and_send_cfg_feat_msg( + true, dp_test_intf_real("dp2T1", real_ifname)); + + struct dp_test_pkt_desc_t *ins_pre, *ins_post; + struct dp_test_pkt_desc_t *outs_pre, *outs_post; + + ins_pre = dpt_pdesc_v4_create( + "Inside pre", IPPROTO_TCP, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + dp1T0_mac, "216.58.200.78", 80, + "dp1T0", "dp2T1"); + + ins_post = dpt_pdesc_v4_create( + "Inside post", IPPROTO_TCP, + dp2T1_mac, "100.101.102.103", 49152, + "aa:bb:cc:18:0:1", "216.58.200.78", 80, + "dp1T0", "dp2T1"); + + outs_pre = dpt_pdesc_v4_create( + "Outside pre", IPPROTO_TCP, + "aa:bb:cc:18:0:1", "216.58.200.78", 80, + dp2T1_mac, "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + outs_post = dpt_pdesc_v4_create( + "Outside post", IPPROTO_TCP, + dp1T0_mac, "216.58.200.78", 80, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + /* + * dpi app firewall + */ + dp_test_npf_cmd_fmt(false, + "npf-ut delete app-firewall:ALLOWED-SITES 10000"); + dp_test_npf_cmd_fmt(false, "npf-ut add app-firewall:ALLOWED-SITES 100 " + "action=accept engine=ndpi protocol=http"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, "npf-ut add fw:DPI 200 action=accept " + "proto-final=6 stateful=y dst-port=80 " + "rproc=app-firewall(ALLOWED-SITES)"); + dp_test_npf_cmd_fmt(false, + "npf-ut add fw:DPI 1000 action=accept stateful=y"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, + "npf-ut attach interface:dpT21 fw-out fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + + struct dpt_tcp_flow tcp_call = { + .text[0] = '\0', + .isn = {0, 0}, + .desc[DPT_FORW] = { + .pre = ins_pre, + .pst = ins_post, + }, + .desc[DPT_BACK] = { + .pre = outs_pre, + .pst = outs_post, + }, + .test_cb = NULL, + .post_cb = NULL, + }; + + dpt_tcp_call(&tcp_call, http_google_pkt, ARRAY_SIZE(http_google_pkt), + 0, 0, NULL, 0); + + /* Simulate export log */ + export_log(); + + struct dp_test_flow_log_result log_result = { + .src = "100.101.102.103", + .src_port = 49152, + .dst = "216.58.200.78", + .dst_port = 80, + .protocol = IPPROTO_TCP, + .in_pkts = 8, + .out_pkts = 8, + .app = "Google", + .app_proto = "HTTP", + .app_type = "Web", + .if_name = dp_test_intf_real("dp2T1", real_ifname), + }; + dp_test_verify_log_file(&log_result, 1); + + /* + * End + */ + + free(ins_pre); + free(ins_post); + free(outs_pre); + free(outs_post); + + /************************************************************* + * Cleanup + *************************************************************/ + + dp_test_create_and_send_cfg_feat_msg( + false, dp_test_intf_real("dp2T1", real_ifname)); + + dp_test_npf_cmd_fmt(false, + "npf-ut delete app-firewall:ALLOWED-SITES 10000"); + dp_test_npf_cmd_fmt(false, "npf-ut delete app-firewall:ALLOWED-SITES"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, + "npf-ut detach interface:dpT21 fw-out fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, "npf-ut delete fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + + dp_test_sessions_clear(); + + dp_test_netlink_del_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_del_neigh("dp2T1", "216.58.200.78", "aa:bb:cc:18:0:1"); + + dp_test_nl_del_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_del_ip_addr_and_connected("dp2T1", "216.58.200.1/24"); +} DP_END_TEST; + +/* + * 100.101.102.x 216.58.200.x + * +----------+ + * .1| |.1 + * .103 -------------------| UUT |------------------ .78 (google.com) + * dp1T0| |dp2T1 + * +----------+ + * + * + * http get google.com expired session (with DPI) + */ +DP_START_TEST(logflowdpi, google_expired) +{ + char *dp1T0_mac = dp_test_intf_name2mac_str("dp1T0"); + char *dp2T1_mac = dp_test_intf_name2mac_str("dp2T1"); + + /* Setup interfaces and neighbours */ + dp_test_nl_add_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_add_ip_addr_and_connected("dp2T1", "216.58.200.1/24"); + + dp_test_netlink_add_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_add_neigh("dp2T1", "216.58.200.78", + "aa:bb:cc:18:0:1"); + + _dp_test_remove_log_file(); + + /* Enable the feature */ + char real_ifname[IFNAMSIZ]; + dp_test_create_and_send_cfg_feat_msg( + true, dp_test_intf_real("dp2T1", real_ifname)); + + struct dp_test_pkt_desc_t *ins_pre, *ins_post; + struct dp_test_pkt_desc_t *outs_pre, *outs_post; + + ins_pre = dpt_pdesc_v4_create( + "Inside pre", IPPROTO_TCP, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + dp1T0_mac, "216.58.200.78", 80, + "dp1T0", "dp2T1"); + + ins_post = dpt_pdesc_v4_create( + "Inside post", IPPROTO_TCP, + dp2T1_mac, "100.101.102.103", 49152, + "aa:bb:cc:18:0:1", "216.58.200.78", 80, + "dp1T0", "dp2T1"); + + outs_pre = dpt_pdesc_v4_create( + "Outside pre", IPPROTO_TCP, + "aa:bb:cc:18:0:1", "216.58.200.78", 80, + dp2T1_mac, "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + outs_post = dpt_pdesc_v4_create( + "Outside post", IPPROTO_TCP, + dp1T0_mac, "216.58.200.78", 80, + "aa:bb:cc:16:0:20", "100.101.102.103", 49152, + "dp2T1", "dp1T0"); + + /* + * dpi app firewall + */ + dp_test_npf_cmd_fmt(false, + "npf-ut delete app-firewall:ALLOWED-SITES 10000"); + dp_test_npf_cmd_fmt(false, "npf-ut add app-firewall:ALLOWED-SITES 100 " + "action=accept engine=ndpi protocol=http"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, "npf-ut add fw:DPI 200 action=accept " + "proto-final=6 stateful=y dst-port=80 " + "rproc=app-firewall(ALLOWED-SITES)"); + dp_test_npf_cmd_fmt(false, + "npf-ut add fw:DPI 1000 action=accept stateful=y"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, + "npf-ut attach interface:dpT21 fw-out fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + + struct dpt_tcp_flow tcp_call = { + .text[0] = '\0', + .isn = {0, 0}, + .desc[DPT_FORW] = { + .pre = ins_pre, + .pst = ins_post, + }, + .desc[DPT_BACK] = { + .pre = outs_pre, + .pst = outs_post, + }, + .test_cb = NULL, + .post_cb = NULL, + }; + + /* Expected LAST-ACK state */ + dpt_tcp_call(&tcp_call, http_google_pkt, + ARRAY_SIZE(http_google_pkt) - 1, + 0, 0, NULL, 0); + + /* Simulate session expired */ + dp_test_session_gc(); + + /* Simulate export log */ + export_log(); + + struct dp_test_flow_log_result log_result = { + .src = "100.101.102.103", + .src_port = 49152, + .dst = "216.58.200.78", + .dst_port = 80, + .protocol = IPPROTO_TCP, + .in_pkts = 7, + .out_pkts = 8, + .app = "Google", + .app_proto = "HTTP", + .app_type = "Web", + .if_name = dp_test_intf_real("dp2T1", real_ifname), + }; + dp_test_verify_log_file(&log_result, 1); + + /* + * End + */ + + free(ins_pre); + free(ins_post); + free(outs_pre); + free(outs_post); + + /************************************************************* + * Cleanup + *************************************************************/ + + dp_test_create_and_send_cfg_feat_msg( + false, dp_test_intf_real("dp2T1", real_ifname)); + + dp_test_npf_cmd_fmt(false, + "npf-ut delete app-firewall:ALLOWED-SITES 10000"); + dp_test_npf_cmd_fmt(false, "npf-ut delete app-firewall:ALLOWED-SITES"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, + "npf-ut detach interface:dpT21 fw-out fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + dp_test_npf_cmd_fmt(false, "npf-ut delete fw:DPI"); + dp_test_npf_cmd_fmt(false, "npf-ut commit"); + + dp_test_sessions_clear(); + + dp_test_netlink_del_neigh("dp1T0", "100.101.102.103", + "aa:bb:cc:16:0:20"); + dp_test_netlink_del_neigh("dp2T1", "216.58.200.78", + "aa:bb:cc:18:0:1"); + + dp_test_nl_del_ip_addr_and_connected("dp1T0", "100.101.102.1/24"); + dp_test_nl_del_ip_addr_and_connected("dp2T1", "216.58.200.1/24"); + +} DP_END_TEST; + +static const char *plugin_name = "dp_test_pipeline_flowstat"; + +int dp_ut_plugin_init(const char **name) +{ + int rv = 0; + + *name = plugin_name; + + return rv; +} diff --git a/tests/src/dp_test_session_internal_lib.h b/tests/src/dp_test_session_internal_lib.h new file mode 100644 index 0000000..2e521e0 --- /dev/null +++ b/tests/src/dp_test_session_internal_lib.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2021, SafePoint. All rights reserved. + * Copyright (c) 2018-2020, AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2015 by Brocade Communications Systems, Inc. + * All rights reserved. + * + * SPDX-License-Identifier: LGPL-2.1-only + * + * Whole dataplane test npf session library + */ + +#ifndef __DP_TEST_SESSION_INTERNAL_LIB_H__ +#define __DP_TEST_SESSION_INTERNAL_LIB_H__ + +void _dp_test_session_gc(const char *file, int line); +#define dp_test_session_gc() \ + _dp_test_session_gc(__FILE__, __LINE__) + +#endif /* __DP_TEST_SESSION_LIB_H__ */ + diff --git a/tests/src/pcap/gen_pkt.py b/tests/src/pcap/gen_pkt.py new file mode 100755 index 0000000..5756dbd --- /dev/null +++ b/tests/src/pcap/gen_pkt.py @@ -0,0 +1,82 @@ +#!/usr/bin/env python3 +# +# Copyright (c) 2021, SafePoint. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +import pcapkit + + +def extract(file): + src = None + items = [] + extraction = pcapkit.extract(fin=file, nofile=True) + for frame in extraction.frame: + if frame.info.protocols.startswith('Ethernet:IPv4:TCP'): + ethernet = frame.payload + ipv4 = ethernet.payload + tcp = ipv4.payload + tcp_len = len(tcp.payload.data) + + if src is None: + src = str(ipv4.src) + + dp_dir = 'DPT_FORW' if str(ipv4.src) == src else 'DPT_BACK' + c_data = ''.join(f'\\x{i:02x}' for i in tcp.payload.data) + c_data = f'"{c_data}"' if tcp_len else 'NULL' + + # flags + m = { + 'urg': 'urg', + 'ack': 'ack', + 'psh': 'push', + 'rst': 'rst', + 'syn': 'syn', + 'fin': 'fin', + } + flags = [m[i] for i in list(tcp.info.flags) if getattr(tcp.info.flags, i, False)] + flags = sorted(flags, key=lambda f: f == 'ack') + flags = ' | '.join(f'TH_{i}'.upper() for i in flags) + + # fix fin,ack + if 'TH_FIN' in flags and 'TH_ACK' in flags: + for f in ['TH_FIN', 'TH_ACK']: + val = f'{dp_dir}, {f}, 0, NULL, 0, NULL' + items.append(val) + else: + val = f'{dp_dir}, {flags}, {tcp_len}, {c_data}, 0, NULL' + items.append(val) + + name = file.rsplit('.', 1)[0].replace('-', '_') + '_pkt' + result = [] + result += [f'/* generated from: {file} */'] + result += [''] + result += ['#include "dp_test_lib_tcp.h"'] + result += [''] + result += ['struct dpt_tcp_flow_pkt %s[] = {' % name] + for i in items: + result += ['\t{%s},' % i] + result += ['};'] + result += [''] + result = '\n'.join(result) + return result + + +def _main(): + import argparse + + parser = argparse.ArgumentParser('Flow test generator') + parser.add_argument('file', help='file.pcap') + args = parser.parse_args() + + result = extract(args.file) + + out_file = args.file.rsplit('.', 1)[0] + '.h' + with open(out_file, 'w') as f: + f.write(result) + print(f'Wrote to file {out_file}') + + +if __name__ == '__main__': + _main() diff --git a/tests/src/pcap/http-example.h b/tests/src/pcap/http-example.h new file mode 100644 index 0000000..edbcb4b --- /dev/null +++ b/tests/src/pcap/http-example.h @@ -0,0 +1,126 @@ +/* generated from: http-example.pcap */ + +#include "dp_test_lib_tcp.h" + +struct dpt_tcp_flow_pkt http_example_pkt[] = { + {DPT_FORW, TH_SYN, 0, NULL, 0, NULL}, + {DPT_BACK, TH_SYN | TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_PUSH | TH_ACK, 75, + "\x47\x45\x54\x20\x2f\x20\x48\x54\x54\x50\x2f\x31\x2e\x31\x0d\x0a\x48" + "\x6f\x73\x74\x3a\x20\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d\x0d" + "\x0a\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x63\x75\x72\x6c" + "\x2f\x37\x2e\x34\x37\x2e\x30\x0d\x0a\x41\x63\x63\x65\x70\x74\x3a\x20" + "\x2a\x2f\x2a\x0d\x0a\x0d\x0a", + 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_PUSH | TH_ACK, 17, + "\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d\x0a", + 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_PUSH | TH_ACK, 337, + "\x41\x67\x65\x3a\x20\x35\x36\x35\x37\x35\x37\x0d\x0a\x43\x61\x63\x68" + "\x65\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x3a\x20\x6d\x61\x78\x2d\x61\x67" + "\x65\x3d\x36\x30\x34\x38\x30\x30\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74" + "\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x3b" + "\x20\x63\x68\x61\x72\x73\x65\x74\x3d\x55\x54\x46\x2d\x38\x0d\x0a\x44" + "\x61\x74\x65\x3a\x20\x53\x61\x74\x2c\x20\x30\x33\x20\x41\x70\x72\x20" + "\x32\x30\x32\x31\x20\x30\x35\x3a\x35\x31\x3a\x32\x39\x20\x47\x4d\x54" + "\x0d\x0a\x45\x74\x61\x67\x3a\x20\x22\x33\x31\x34\x37\x35\x32\x36\x39" + "\x34\x37\x2b\x69\x64\x65\x6e\x74\x22\x0d\x0a\x45\x78\x70\x69\x72\x65" + "\x73\x3a\x20\x53\x61\x74\x2c\x20\x31\x30\x20\x41\x70\x72\x20\x32\x30" + "\x32\x31\x20\x30\x35\x3a\x35\x31\x3a\x32\x39\x20\x47\x4d\x54\x0d\x0a" + "\x4c\x61\x73\x74\x2d\x4d\x6f\x64\x69\x66\x69\x65\x64\x3a\x20\x54\x68" + "\x75\x2c\x20\x31\x37\x20\x4f\x63\x74\x20\x32\x30\x31\x39\x20\x30\x37" + "\x3a\x31\x38\x3a\x32\x36\x20\x47\x4d\x54\x0d\x0a\x53\x65\x72\x76\x65" + "\x72\x3a\x20\x45\x43\x53\x20\x28\x6f\x78\x72\x2f\x38\x33\x32\x34\x29" + "\x0d\x0a\x56\x61\x72\x79\x3a\x20\x41\x63\x63\x65\x70\x74\x2d\x45\x6e" + "\x63\x6f\x64\x69\x6e\x67\x0d\x0a\x58\x2d\x43\x61\x63\x68\x65\x3a\x20" + "\x48\x49\x54\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c\x65\x6e\x67" + "\x74\x68\x3a\x20\x31\x32\x35\x36\x0d\x0a\x43\x6f\x6e\x6e\x65\x63\x74" + "\x69\x6f\x6e\x3a\x20\x63\x6c\x6f\x73\x65\x0d\x0a\x0d\x0a", + 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_PUSH | TH_ACK, 1256, + "\x3c\x21\x64\x6f\x63\x74\x79\x70\x65\x20\x68\x74\x6d\x6c\x3e\x0a\x3c" + "\x68\x74\x6d\x6c\x3e\x0a\x3c\x68\x65\x61\x64\x3e\x0a\x20\x20\x20\x20" + "\x3c\x74\x69\x74\x6c\x65\x3e\x45\x78\x61\x6d\x70\x6c\x65\x20\x44\x6f" + "\x6d\x61\x69\x6e\x3c\x2f\x74\x69\x74\x6c\x65\x3e\x0a\x0a\x20\x20\x20" + "\x20\x3c\x6d\x65\x74\x61\x20\x63\x68\x61\x72\x73\x65\x74\x3d\x22\x75" + "\x74\x66\x2d\x38\x22\x20\x2f\x3e\x0a\x20\x20\x20\x20\x3c\x6d\x65\x74" + "\x61\x20\x68\x74\x74\x70\x2d\x65\x71\x75\x69\x76\x3d\x22\x43\x6f\x6e" + "\x74\x65\x6e\x74\x2d\x74\x79\x70\x65\x22\x20\x63\x6f\x6e\x74\x65\x6e" + "\x74\x3d\x22\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x3b\x20\x63\x68\x61" + "\x72\x73\x65\x74\x3d\x75\x74\x66\x2d\x38\x22\x20\x2f\x3e\x0a\x20\x20" + "\x20\x20\x3c\x6d\x65\x74\x61\x20\x6e\x61\x6d\x65\x3d\x22\x76\x69\x65" + "\x77\x70\x6f\x72\x74\x22\x20\x63\x6f\x6e\x74\x65\x6e\x74\x3d\x22\x77" + "\x69\x64\x74\x68\x3d\x64\x65\x76\x69\x63\x65\x2d\x77\x69\x64\x74\x68" + "\x2c\x20\x69\x6e\x69\x74\x69\x61\x6c\x2d\x73\x63\x61\x6c\x65\x3d\x31" + "\x22\x20\x2f\x3e\x0a\x20\x20\x20\x20\x3c\x73\x74\x79\x6c\x65\x20\x74" + "\x79\x70\x65\x3d\x22\x74\x65\x78\x74\x2f\x63\x73\x73\x22\x3e\x0a\x20" + "\x20\x20\x20\x62\x6f\x64\x79\x20\x7b\x0a\x20\x20\x20\x20\x20\x20\x20" + "\x20\x62\x61\x63\x6b\x67\x72\x6f\x75\x6e\x64\x2d\x63\x6f\x6c\x6f\x72" + "\x3a\x20\x23\x66\x30\x66\x30\x66\x32\x3b\x0a\x20\x20\x20\x20\x20\x20" + "\x20\x20\x6d\x61\x72\x67\x69\x6e\x3a\x20\x30\x3b\x0a\x20\x20\x20\x20" + "\x20\x20\x20\x20\x70\x61\x64\x64\x69\x6e\x67\x3a\x20\x30\x3b\x0a\x20" + "\x20\x20\x20\x20\x20\x20\x20\x66\x6f\x6e\x74\x2d\x66\x61\x6d\x69\x6c" + "\x79\x3a\x20\x2d\x61\x70\x70\x6c\x65\x2d\x73\x79\x73\x74\x65\x6d\x2c" + "\x20\x73\x79\x73\x74\x65\x6d\x2d\x75\x69\x2c\x20\x42\x6c\x69\x6e\x6b" + "\x4d\x61\x63\x53\x79\x73\x74\x65\x6d\x46\x6f\x6e\x74\x2c\x20\x22\x53" + "\x65\x67\x6f\x65\x20\x55\x49\x22\x2c\x20\x22\x4f\x70\x65\x6e\x20\x53" + "\x61\x6e\x73\x22\x2c\x20\x22\x48\x65\x6c\x76\x65\x74\x69\x63\x61\x20" + "\x4e\x65\x75\x65\x22\x2c\x20\x48\x65\x6c\x76\x65\x74\x69\x63\x61\x2c" + "\x20\x41\x72\x69\x61\x6c\x2c\x20\x73\x61\x6e\x73\x2d\x73\x65\x72\x69" + "\x66\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x7d" + "\x0a\x20\x20\x20\x20\x64\x69\x76\x20\x7b\x0a\x20\x20\x20\x20\x20\x20" + "\x20\x20\x77\x69\x64\x74\x68\x3a\x20\x36\x30\x30\x70\x78\x3b\x0a\x20" + "\x20\x20\x20\x20\x20\x20\x20\x6d\x61\x72\x67\x69\x6e\x3a\x20\x35\x65" + "\x6d\x20\x61\x75\x74\x6f\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x70" + "\x61\x64\x64\x69\x6e\x67\x3a\x20\x32\x65\x6d\x3b\x0a\x20\x20\x20\x20" + "\x20\x20\x20\x20\x62\x61\x63\x6b\x67\x72\x6f\x75\x6e\x64\x2d\x63\x6f" + "\x6c\x6f\x72\x3a\x20\x23\x66\x64\x66\x64\x66\x66\x3b\x0a\x20\x20\x20" + "\x20\x20\x20\x20\x20\x62\x6f\x72\x64\x65\x72\x2d\x72\x61\x64\x69\x75" + "\x73\x3a\x20\x30\x2e\x35\x65\x6d\x3b\x0a\x20\x20\x20\x20\x20\x20\x20" + "\x20\x62\x6f\x78\x2d\x73\x68\x61\x64\x6f\x77\x3a\x20\x32\x70\x78\x20" + "\x33\x70\x78\x20\x37\x70\x78\x20\x32\x70\x78\x20\x72\x67\x62\x61\x28" + "\x30\x2c\x30\x2c\x30\x2c\x30\x2e\x30\x32\x29\x3b\x0a\x20\x20\x20\x20" + "\x7d\x0a\x20\x20\x20\x20\x61\x3a\x6c\x69\x6e\x6b\x2c\x20\x61\x3a\x76" + "\x69\x73\x69\x74\x65\x64\x20\x7b\x0a\x20\x20\x20\x20\x20\x20\x20\x20" + "\x63\x6f\x6c\x6f\x72\x3a\x20\x23\x33\x38\x34\x38\x38\x66\x3b\x0a\x20" + "\x20\x20\x20\x20\x20\x20\x20\x74\x65\x78\x74\x2d\x64\x65\x63\x6f\x72" + "\x61\x74\x69\x6f\x6e\x3a\x20\x6e\x6f\x6e\x65\x3b\x0a\x20\x20\x20\x20" + "\x7d\x0a\x20\x20\x20\x20\x40\x6d\x65\x64\x69\x61\x20\x28\x6d\x61\x78" + "\x2d\x77\x69\x64\x74\x68\x3a\x20\x37\x30\x30\x70\x78\x29\x20\x7b\x0a" + "\x20\x20\x20\x20\x20\x20\x20\x20\x64\x69\x76\x20\x7b\x0a\x20\x20\x20" + "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x6d\x61\x72\x67\x69\x6e\x3a\x20" + "\x30\x20\x61\x75\x74\x6f\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20" + "\x20\x20\x20\x77\x69\x64\x74\x68\x3a\x20\x61\x75\x74\x6f\x3b\x0a\x20" + "\x20\x20\x20\x20\x20\x20\x20\x7d\x0a\x20\x20\x20\x20\x7d\x0a\x20\x20" + "\x20\x20\x3c\x2f\x73\x74\x79\x6c\x65\x3e\x20\x20\x20\x20\x0a\x3c\x2f" + "\x68\x65\x61\x64\x3e\x0a\x0a\x3c\x62\x6f\x64\x79\x3e\x0a\x3c\x64\x69" + "\x76\x3e\x0a\x20\x20\x20\x20\x3c\x68\x31\x3e\x45\x78\x61\x6d\x70\x6c" + "\x65\x20\x44\x6f\x6d\x61\x69\x6e\x3c\x2f\x68\x31\x3e\x0a\x20\x20\x20" + "\x20\x3c\x70\x3e\x54\x68\x69\x73\x20\x64\x6f\x6d\x61\x69\x6e\x20\x69" + "\x73\x20\x66\x6f\x72\x20\x75\x73\x65\x20\x69\x6e\x20\x69\x6c\x6c\x75" + "\x73\x74\x72\x61\x74\x69\x76\x65\x20\x65\x78\x61\x6d\x70\x6c\x65\x73" + "\x20\x69\x6e\x20\x64\x6f\x63\x75\x6d\x65\x6e\x74\x73\x2e\x20\x59\x6f" + "\x75\x20\x6d\x61\x79\x20\x75\x73\x65\x20\x74\x68\x69\x73\x0a\x20\x20" + "\x20\x20\x64\x6f\x6d\x61\x69\x6e\x20\x69\x6e\x20\x6c\x69\x74\x65\x72" + "\x61\x74\x75\x72\x65\x20\x77\x69\x74\x68\x6f\x75\x74\x20\x70\x72\x69" + "\x6f\x72\x20\x63\x6f\x6f\x72\x64\x69\x6e\x61\x74\x69\x6f\x6e\x20\x6f" + "\x72\x20\x61\x73\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x70\x65\x72\x6d" + "\x69\x73\x73\x69\x6f\x6e\x2e\x3c\x2f\x70\x3e\x0a\x20\x20\x20\x20\x3c" + "\x70\x3e\x3c\x61\x20\x68\x72\x65\x66\x3d\x22\x68\x74\x74\x70\x73\x3a" + "\x2f\x2f\x77\x77\x77\x2e\x69\x61\x6e\x61\x2e\x6f\x72\x67\x2f\x64\x6f" + "\x6d\x61\x69\x6e\x73\x2f\x65\x78\x61\x6d\x70\x6c\x65\x22\x3e\x4d\x6f" + "\x72\x65\x20\x69\x6e\x66\x6f\x72\x6d\x61\x74\x69\x6f\x6e\x2e\x2e\x2e" + "\x3c\x2f\x61\x3e\x3c\x2f\x70\x3e\x0a\x3c\x2f\x64\x69\x76\x3e\x0a\x3c" + "\x2f\x62\x6f\x64\x79\x3e\x0a\x3c\x2f\x68\x74\x6d\x6c\x3e\x0a", + 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_FIN, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_FIN, 0, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, +}; diff --git a/tests/src/pcap/http-example.pcap b/tests/src/pcap/http-example.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b2c231e4c15d3c2391bd37523b121246489b9897 GIT binary patch literal 2873 zcma);OKclO7{}LcN~5hTr3j@(qA+X=q{Zu9JAP$rTS=RgG;P|5xI6?@Om@fisNP3+ z$Bv^?kqbpa&5i#H`HI<)=zP;^*6vwQX_J|Ee(Z3icR z{$iILGDChy25Uez5T|mwwD923#a-9l1Nz;|PyYMezE?vsr*XQqcj9kufs@lONz!4k z#K(ZDn>*bU=J{s!AMKFdKed%O%pegdUTp zOp|ypc~CnTlVdU$H=6FcI}k`%PS>N`B^9qT>S?EILe9Nc*D{n zxXQ->5%MmGyEi57iAFyDszWU7;KYujD5dM@)bUXC__^V&a`Zblk<0Z*bZtN6=n~J- z@#RiL=Q7sbf~cprfcPntEgu_2M?MHe=YQHD`jQ9(h+ezeFB)QRpiDNC%j9D65p33o zdc<{@@74`uEme1^C2RsB+@fRCTXN5&@1!hm^{O9)j-O4GM&q$vJ>gt%hUq60xK<#`Xp!* zlKSHaCvd>jdDo&9N-P7FYmGQc=FlmVfxYAe(sM>KZ=|xJy+z_TiEp5pBa3LvZTVV$ zJe58WlV8LBih;s%Q)e6#cuqAYzoCj?7-;qwi0ycOf;d%HGf*;>$%1+2oN&oPAf6@!j zTdv6#0{7tfJ->q_v+H zi#5hPm7HtPW>M*ckegMI8J1E}*`$g#BRSY6MWso}vgi7&=lNx7v0Bk0O==QVT*MJ| zD5JQp1}3hPVzMhLU@LWkxPrD}GYFJW@RDn-p!32p?*9@t&sKf6;aIBa)?KKZeH9(P zsYC0x*x0X9$h_X2^039Lr*EzTo~jjW(>j!yialt3YOoS8V#iVVt2SsH9j;U7>^wFX z#nMrDD2|jxQgsPBeN2J#Qyy_(PdNdpwYs-=Jj@Uq;RbWNE9;J?h~1stENE86s`MyWa(xRrzK<>1 zfE}(UfZYRdTWV0lmb+}Al-EMzFmf>XxnEtvV|rYC6ME`E_*Cc&HhA>n2pdfrP)4jC z*E;DN&!_YG9wof+REwCdkHa18xDM%sPTItx7>)5R*p5$*$LBx~yg!P(a5^#5H$;rD zwJH6f3_S>s1x-|FiQg<2w3^tCa)H+-Y*H}R-dwfhz|Mpzk=KG(D%WU$EU{w|oK;*O zH39;=0?~TC5iss>lXU)v1HJ(5pkYJz4HD>0w*gM9h({QZ!fI*L98`z!0-)g&aEI00 z21A}t!G!5TYN;cFiQpOsXJIP{>mKoK8U)ZM69vs%*IB@*=95ZM;cX%?G;Mi#IYF_5 z6Ruy?LI(n^{kou(=3TH!9dO4MMiL32;gTR0G!dMF)((~UUn+^WhAUh5;y*<%&J6bA z8@E=|br)#d eJE&1n-&F literal 0 HcmV?d00001 diff --git a/tests/src/pcap/http-google.h b/tests/src/pcap/http-google.h new file mode 100644 index 0000000..84e8a9a --- /dev/null +++ b/tests/src/pcap/http-google.h @@ -0,0 +1,64 @@ +/* generated from: http-google.pcap */ + +#include "dp_test_lib_tcp.h" + +struct dpt_tcp_flow_pkt http_google_pkt[] = { + {DPT_FORW, TH_SYN, 0, NULL, 0, NULL}, + {DPT_BACK, TH_SYN | TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_PUSH | TH_ACK, 74, + "\x47\x45\x54\x20\x2f\x20\x48\x54\x54\x50\x2f\x31\x2e\x31\x0d\x0a\x48" + "\x6f\x73\x74\x3a\x20\x67\x6f\x6f\x67\x6c\x65\x2e\x63\x6f\x6d\x0d\x0a" + "\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x63\x75\x72\x6c\x2f" + "\x37\x2e\x34\x37\x2e\x30\x0d\x0a\x41\x63\x63\x65\x70\x74\x3a\x20\x2a" + "\x2f\x2a\x0d\x0a\x0d\x0a", + 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_PUSH | TH_ACK, 32, + "\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x33\x30\x31\x20\x4d\x6f\x76\x65" + "\x64\x20\x50\x65\x72\x6d\x61\x6e\x65\x6e\x74\x6c\x79\x0d\x0a", + 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_PUSH | TH_ACK, 296, + "\x4c\x6f\x63\x61\x74\x69\x6f\x6e\x3a\x20\x68\x74\x74\x70\x3a\x2f\x2f" + "\x77\x77\x77\x2e\x67\x6f\x6f\x67\x6c\x65\x2e\x63\x6f\x6d\x2f\x0d\x0a" + "\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78" + "\x74\x2f\x68\x74\x6d\x6c\x3b\x20\x63\x68\x61\x72\x73\x65\x74\x3d\x55" + "\x54\x46\x2d\x38\x0d\x0a\x44\x61\x74\x65\x3a\x20\x57\x65\x64\x2c\x20" + "\x33\x31\x20\x4d\x61\x72\x20\x32\x30\x32\x31\x20\x30\x37\x3a\x34\x32" + "\x3a\x34\x36\x20\x47\x4d\x54\x0d\x0a\x45\x78\x70\x69\x72\x65\x73\x3a" + "\x20\x46\x72\x69\x2c\x20\x33\x30\x20\x41\x70\x72\x20\x32\x30\x32\x31" + "\x20\x30\x37\x3a\x34\x32\x3a\x34\x36\x20\x47\x4d\x54\x0d\x0a\x43\x61" + "\x63\x68\x65\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x3a\x20\x70\x75\x62\x6c" + "\x69\x63\x2c\x20\x6d\x61\x78\x2d\x61\x67\x65\x3d\x32\x35\x39\x32\x30" + "\x30\x30\x0d\x0a\x53\x65\x72\x76\x65\x72\x3a\x20\x67\x77\x73\x0d\x0a" + "\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c\x65\x6e\x67\x74\x68\x3a\x20\x32" + "\x31\x39\x0d\x0a\x58\x2d\x58\x53\x53\x2d\x50\x72\x6f\x74\x65\x63\x74" + "\x69\x6f\x6e\x3a\x20\x30\x0d\x0a\x58\x2d\x46\x72\x61\x6d\x65\x2d\x4f" + "\x70\x74\x69\x6f\x6e\x73\x3a\x20\x53\x41\x4d\x45\x4f\x52\x49\x47\x49" + "\x4e\x0d\x0a\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x63\x6c" + "\x6f\x73\x65\x0d\x0a\x0d\x0a", + 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_PUSH | TH_ACK, 219, + "\x3c\x48\x54\x4d\x4c\x3e\x3c\x48\x45\x41\x44\x3e\x3c\x6d\x65\x74\x61" + "\x20\x68\x74\x74\x70\x2d\x65\x71\x75\x69\x76\x3d\x22\x63\x6f\x6e\x74" + "\x65\x6e\x74\x2d\x74\x79\x70\x65\x22\x20\x63\x6f\x6e\x74\x65\x6e\x74" + "\x3d\x22\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x3b\x63\x68\x61\x72\x73" + "\x65\x74\x3d\x75\x74\x66\x2d\x38\x22\x3e\x0a\x3c\x54\x49\x54\x4c\x45" + "\x3e\x33\x30\x31\x20\x4d\x6f\x76\x65\x64\x3c\x2f\x54\x49\x54\x4c\x45" + "\x3e\x3c\x2f\x48\x45\x41\x44\x3e\x3c\x42\x4f\x44\x59\x3e\x0a\x3c\x48" + "\x31\x3e\x33\x30\x31\x20\x4d\x6f\x76\x65\x64\x3c\x2f\x48\x31\x3e\x0a" + "\x54\x68\x65\x20\x64\x6f\x63\x75\x6d\x65\x6e\x74\x20\x68\x61\x73\x20" + "\x6d\x6f\x76\x65\x64\x0a\x3c\x41\x20\x48\x52\x45\x46\x3d\x22\x68\x74" + "\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x67\x6f\x6f\x67\x6c\x65\x2e\x63" + "\x6f\x6d\x2f\x22\x3e\x68\x65\x72\x65\x3c\x2f\x41\x3e\x2e\x0d\x0a\x3c" + "\x2f\x42\x4f\x44\x59\x3e\x3c\x2f\x48\x54\x4d\x4c\x3e\x0d\x0a", + 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_FIN, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, + {DPT_FORW, TH_FIN, 0, NULL, 0, NULL}, + {DPT_FORW, TH_ACK, 0, NULL, 0, NULL}, + {DPT_BACK, TH_ACK, 0, NULL, 0, NULL}, +}; diff --git a/tests/src/pcap/http-google.pcap b/tests/src/pcap/http-google.pcap new file mode 100644 index 0000000000000000000000000000000000000000..8f4d4fc45c277f0e68d2ed9e67437293929ec887 GIT binary patch literal 1809 zcma)+Z)h839LJyhSsh1jcD}H!IC+{EPR1^G$)erPOXzJ)n@Y20>y32~!RzHQi6pt~ za%ox=3HWNZQ(yT~Cx{l`>AHz9!J&h~iu1)Lg6!pBPFE%}*sJ01ch@9qE*1k1wej_KUA~lO!QZ_U;%N z>$A@Nu*wbpCa)jAEs@OQ*MsjP>4M)HXud~?Ke%fx=->uF=Tc_PmTBHJ^CcEG%reiNsxeDY^Q;2%M%^ljqv6sx#VKCXtA11C#)i@lc-wlx$c;56qtZpTV_e7)%tv?XdI+veNoW! zEFOLNNK}&G)XXw#fmv|G8nuqnX;#VG1(`-8M|f^dn46syGL~sG!!-(jn-eB1z08D} zDo%l%Sv8%UIXN{sb=<*JT5FAxS!1p9cyH$}|8lxK@9px^1L*Sp(5K!mckSCl_Cb$0 zJY7D$)#WGKyS((E)#W?Q?OiG