loxilb-io/loxilb#675 Initial support for proxy protocol v2

loxilb-io · Nov 26, 2024 · 1cd2d8c · 1cd2d8c
1 parent 4ad8907
commit 1cd2d8c
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 23 deletions.
diff --git a/common/llb_dp_mdi.h b/common/llb_dp_mdi.h
@@ -273,7 +273,8 @@ struct dp_nat_mdi {
     __u8            sel_aid;
     __u8            nv6;
     __u8            xlate_proto;
-    __u8            dsr;
+    __u8            dsr:4;
+    __u8            ppv2:4;
     __u8            cdis;
     __u64           ito;
 };

diff --git a/common/llb_dpapi.h b/common/llb_dpapi.h
@@ -239,6 +239,7 @@ struct dp_nat_act {
   __u8 dsr;
   __u8 cdis;
   __u8 nmh;
+  __u8 ppv2;
 };
 
 #define MIN_DP_POLICER_RATE  (8*1000*1000)  /* 1 MBps = 8 Mbps */
@@ -785,18 +786,21 @@ struct dp_nat_key {
 #define SEC_MODE_HTTPS 1
 #define SEC_MODE_HTTPS_E2E 2
 
+#define NAT_LB_OP_CHKSRC 0x1
+
 struct dp_proxy_tacts {
   struct dp_cmn_act ca;
   uint64_t ito;
   uint64_t pto;
   struct bpf_spin_lock lock;
   uint8_t nxfrm;
-  uint8_t chksrc;
+  uint8_t opflags;
   uint8_t cdis;
   uint8_t npmhh;
   uint16_t sel_hint;
   uint8_t sel_type;
   uint8_t sec_mode;
+  uint8_t ppv2;
   uint32_t pmhh[LLB_MAX_MHOSTS];
   struct mf_xfrm_inf nxfrms[LLB_MAX_NXFRMS];
   uint8_t host_url[LLB_MAX_HOSTURL_LEN];

diff --git a/kernel/llb_kern_ct.c b/kernel/llb_kern_ct.c
@@ -307,17 +307,18 @@ dp_ct_tcp_sm(void *ctx, struct xfi *xf,
 
   rtd = &ts->tcp_cts[dir == CT_DIR_IN ? CT_DIR_OUT:CT_DIR_IN];
 
+  if (dir == CT_DIR_IN) {
+    if (td->ppv2) {
+      xf->pm.oppv2 = 1;
+    }
+  } else {
+    if (td->ppv2) {
+      xf->pm.ippv2 = 1;
+    }
+  }
+
   if (tcp_flags & LLB_TCP_RST) {
     nstate = CT_TCP_CW;
-    if (dir == CT_DIR_IN) {
-      if (td->ppv2) {
-        xf->pm.oppv2 = 1;
-      }
-    } else {
-      if (td->ppv2) {
-        xf->pm.ippv2 = 1;
-      }
-    }
     goto end;
   }
 
@@ -424,7 +425,10 @@ dp_ct_tcp_sm(void *ctx, struct xfi *xf,
     }
 
     td->seq = seq;
-    nstate = CT_TCP_PEST;
+    if (xf->nm.ppv2)
+      nstate = CT_TCP_PEST;
+    else
+      nstate = CT_TCP_EST;
     break;
 
   case CT_TCP_PEST:
@@ -438,12 +442,8 @@ dp_ct_tcp_sm(void *ctx, struct xfi *xf,
         if (td->ppv2 == 0) {
           xf->pm.ppv2 = 1;
           td->ppv2 = 1;
-        } else {
-          xf->pm.oppv2 = 1;
+          rtd->ppv2 = 1;
         }
-      } else {
-        if (td->ppv2)
-          xf->pm.ippv2 = 1;
       }
     }
     break;
@@ -455,9 +455,6 @@ dp_ct_tcp_sm(void *ctx, struct xfi *xf,
       td->seq = seq;
     } else {
       nstate = CT_TCP_EST;
-      if (dir == CT_DIR_IN) {
-        xf->pm.ppv2 = 1;
-      }
     }
     break;
 
@@ -1702,6 +1699,7 @@ dp_ct_in(void *ctx, struct xfi *xf)
       adat->nat_act.dsr = xf->nm.dsr;
       adat->nat_act.cdis = xf->nm.cdis;
       adat->nat_act.nmh = xf->nm.npmhh;
+      adat->nat_act.ppv2 = xf->nm.ppv2;
       adat->ito = xf->nm.ito;
     } else {
       adat->ito = 0;
@@ -1739,6 +1737,7 @@ dp_ct_in(void *ctx, struct xfi *xf)
       axdat->nat_act.dsr = xf->nm.dsr;
       axdat->nat_act.cdis = xf->nm.cdis;
       axdat->nat_act.nmh = xf->nm.npmhh;
+      axdat->nat_act.ppv2 = xf->nm.ppv2;
       axdat->ito = xf->nm.ito;
     } else {
       axdat->ito = 0;

diff --git a/kernel/llb_kern_devif.c b/kernel/llb_kern_devif.c
@@ -300,10 +300,8 @@ dp_pipe_check_res(void *ctx, struct xfi *xf, void *fa)
     }
 
     if (xf->pm.ppv2) { 
-      bpf_printk("PPPv2");
       dp_ins_ppv2(ctx, xf);
     } else if (xf->pm.oppv2 | xf->pm.ippv2) {
-      bpf_printk("PPPv2 fix %d:%d", xf->pm.oppv2, xf->pm.ippv2);
       dp_fixup_ppv2(ctx, xf);
     }
 

diff --git a/kernel/llb_kern_l3fwd.c b/kernel/llb_kern_l3fwd.c
@@ -246,6 +246,7 @@ dp_pipe_set_nat(void *ctx, struct xfi *xf,
   xf->nm.nv6 = na->nv6 ? 1 : 0;
   xf->nm.dsr = na->dsr;
   xf->nm.cdis = na->cdis;
+  xf->nm.ppv2 = na->ppv2 ? 1 : 0;
   xf->nm.npmhh = na->nmh;
   LL_DBG_PRINTK("[CT] NAT ACT %x", xf->pm.nf);
 

diff --git a/kernel/llb_kern_natlbfwd.c b/kernel/llb_kern_natlbfwd.c
@@ -171,7 +171,7 @@ dp_do_nat(void *ctx, struct xfi *xf)
   LL_DBG_PRINTK("[NAT] action %d pipe %x\n",
                  act->ca.act_type, xf->pm.pipe_act);
 
-  if (act->chksrc) {
+  if (act->opflags & NAT_LB_OP_CHKSRC) {
     __u32 bm = (1 << act->ca.cidx) & 0xffffff;
     if (!(xf->pm.dp_mark & bm)) {
       LLBS_PPLN_DROPC(xf, LLB_PIPE_RC_ACT_UNK);
@@ -185,6 +185,7 @@ dp_do_nat(void *ctx, struct xfi *xf)
 
     xf->nm.dsr = act->ca.oaux ? 1: 0;
     xf->nm.cdis = act->cdis ? 1: 0;
+    xf->nm.ppv2 = act->ppv2 ? 1: 0;
     xf->pm.nf = act->ca.act_type == DP_SET_SNAT ? LLB_NAT_SRC : LLB_NAT_DST;
     xf->nm.npmhh = act->npmhh;
     xf->nm.pmhh[0] = act->pmhh[0];