Remove tcp_dst_map and references

We now prefer routing_tuple_map.
jschwinger233 · Dec 31, 2023 · 50ba55e · 50ba55e
1 parent 2e95281
commit 50ba55e
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 114 deletions.
diff --git a/control/control.go b/control/control.go
@@ -5,4 +5,4 @@
 
 package control
 
-//go:generate go run -mod=mod github.com/cilium/ebpf/cmd/bpf2go -cc "$BPF_CLANG" "$BPF_STRIP_FLAG" -cflags "$BPF_CFLAGS" -target "$BPF_TARGET" bpf kern/tproxy.c -- -I./headers
+//go:generate go run -mod=mod github.com/cilium/ebpf/cmd/bpf2go -cc "$BPF_CLANG" "$BPF_STRIP_FLAG" -cflags "$BPF_CFLAGS" -target "$BPF_TARGET" -type dst_routing_result bpf kern/tproxy.c -- -I./headers
diff --git a/control/control_plane.go b/control/control_plane.go
@@ -138,6 +138,7 @@ func NewControlPlane(
 	//var bpf bpfObjects
 	var ProgramOptions = ebpf.ProgramOptions{
 		KernelTypes: nil,
+		LogSize:     ebpf.DefaultVerifierLogSize * 10,
 	}
 	if log.Level == logrus.PanicLevel {
 		ProgramOptions.LogLevel = ebpf.LogLevelBranch | ebpf.LogLevelStats
@@ -746,38 +747,10 @@ func (c *ControlPlane) Serve(readyChan chan<- bool, listener *Listener) (err err
 				pktDst := RetrieveOriginalDest(oob)
 				routingResult, err := c.core.RetrieveRoutingResult(src, pktDst, unix.IPPROTO_UDP)
 				if err != nil {
-					// WAN. Old method.
-					lastErr := err
-					addrHdr, dataOffset, err := ParseAddrHdr(data)
-					if err != nil {
-						if c.tproxyPortProtect {
-							c.log.Warnf("No AddrPort presented: %v, %v", lastErr, err)
-							return
-						} else {
-							routingResult = &bpfRoutingResult{
-								Mark:     0,
-								Must:     0,
-								Mac:      [6]uint8{},
-								Outbound: uint8(consts.OutboundControlPlaneRouting),
-								Pname:    [16]uint8{},
-								Pid:      0,
-								Dscp:     0,
-							}
-							realDst = pktDst
-							goto destRetrieved
-						}
-					}
-					data = data[dataOffset:]
-					routingResult = &addrHdr.RoutingResult
-					__ip := common.Ipv6Uint32ArrayToByteSlice(addrHdr.Ip)
-					_ip, _ := netip.AddrFromSlice(__ip)
-					// Comment it because them SHOULD equal.
-					//src = netip.AddrPortFrom(_ip, src.Port())
-					realDst = netip.AddrPortFrom(_ip, addrHdr.Port)
+					c.log.Warnf("No AddrPort presented: %v", err)
 				} else {
 					realDst = pktDst
 				}
-			destRetrieved:
 				if e := c.handlePkt(udpConn, data, common.ConvergeAddrPort(src), common.ConvergeAddrPort(pktDst), common.ConvergeAddrPort(realDst), routingResult, false); e != nil {
 					c.log.Warnln("handlePkt:", e)
 				}

diff --git a/control/kern/tproxy.c b/control/kern/tproxy.c
@@ -150,6 +150,9 @@ struct dst_routing_result {
   struct routing_result routing_result;
 };
 
+// force emitting struct into the ELF.
+const struct dst_routing_result *_ __attribute__((unused));
+
 struct tuples_key {
   union ip6 sip;
   union ip6 dip;
@@ -163,20 +166,6 @@ struct tuples {
   __u8 dscp;
 };
 
-struct {
-  __uint(type, BPF_MAP_TYPE_LRU_HASH);
-  __type(key,
-         struct ip_port); // As TCP client side [SYN, !ACK],
-                          // (source ip, source port, tcp) is
-                          // enough for identifier. And UDP client
-                          // side does not care it (full-cone).
-  __type(value, struct dst_routing_result); // Original target.
-  __uint(max_entries, MAX_DST_MAPPING_NUM);
-  /// NOTICE: It MUST be pinned, or connection may break.
-  __uint(pinning, LIBBPF_PIN_BY_NAME);
-} tcp_dst_map
-    SEC(".maps"); // This map is only for old method (redirect mode in WAN).
-
 struct {
   __uint(type, BPF_MAP_TYPE_LRU_HASH);
   __type(key,
@@ -1675,12 +1664,6 @@ int tproxy_wan_egress(struct __sk_buff *skb) {
   if (l4proto == IPPROTO_TCP) {
     // Backup for further use.
     tcp_state_syn = tcph.syn && !tcph.ack;
-    struct ip_port key_src;
-    __builtin_memset(&key_src, 0, sizeof(key_src));
-    // Use daddr as key in WAN because tproxy (control plane) also lookups the
-    // map element using income client ip (that is daddr).
-    __builtin_memcpy(&key_src.ip, &tuples.five.dip, IPV6_BYTE_LENGTH);
-    key_src.port = tcph.source;
     __u8 outbound;
     bool must;
     __u32 mark;
@@ -1732,15 +1715,15 @@ int tproxy_wan_egress(struct __sk_buff *skb) {
     } else {
       // bpf_printk("[%X]Old Connection", bpf_ntohl(tcph.seq));
       // The TCP connection exists.
-      struct dst_routing_result *dst =
-          bpf_map_lookup_elem(&tcp_dst_map, &key_src);
-      if (!dst) {
+      struct routing_result *routing_result =
+	  bpf_map_lookup_elem(&routing_tuples_map, &tuples.five);
+      if (!routing_result) {
         // Do not impact previous connections and server connections.
-        return TC_ACT_OK;
+	return TC_ACT_OK;
       }
-      outbound = dst->routing_result.outbound;
-      mark = dst->routing_result.mark;
-      must = dst->routing_result.must;
+      outbound = routing_result->outbound;
+      mark = routing_result->mark;
+      must = routing_result->must;
     }
 
     if (outbound == OUTBOUND_DIRECT &&
@@ -1767,24 +1750,20 @@ int tproxy_wan_egress(struct __sk_buff *skb) {
     }
 
     if (unlikely(tcp_state_syn)) {
-      struct dst_routing_result routing_info;
-      __builtin_memset(&routing_info, 0, sizeof(routing_info));
-      __builtin_memcpy(routing_info.ip, &tuples.five.dip, IPV6_BYTE_LENGTH);
-      routing_info.port = tcph.dest;
-      routing_info.routing_result.outbound = outbound;
-      routing_info.routing_result.mark = mark;
-      routing_info.routing_result.must = must;
-      routing_info.routing_result.dscp = tuples.dscp;
-      __builtin_memcpy(routing_info.routing_result.mac, ethh.h_source,
+      struct routing_result routing_result = {};
+      routing_result.outbound = outbound;
+      routing_result.mark = mark;
+      routing_result.must = must;
+      routing_result.dscp = tuples.dscp;
+      __builtin_memcpy(routing_result.mac, ethh.h_source,
                        sizeof(ethh.h_source));
       if (pid_pname) {
-        __builtin_memcpy(routing_info.routing_result.pname, pid_pname->pname,
+        __builtin_memcpy(routing_result.pname, pid_pname->pname,
                          TASK_COMM_LEN);
-        routing_info.routing_result.pid = pid_pname->pid;
+        routing_result.pid = pid_pname->pid;
       }
-      // bpf_printk("UPDATE: %pI6:%u", key_src.ip.u6_addr32,
-      // bpf_ntohs(key_src.port));
-      bpf_map_update_elem(&tcp_dst_map, &key_src, &routing_info, BPF_ANY);
+      bpf_map_update_elem(&routing_tuples_map, &tuples.five,
+			  &routing_result, BPF_ANY);
     }
 
     // Write mac.

diff --git a/control/tcp.go b/control/tcp.go
@@ -44,36 +44,8 @@ func (c *ControlPlane) handleConn(lConn net.Conn) (err error) {
 	dst := lConn.LocalAddr().(*net.TCPAddr).AddrPort()
 	routingResult, err := c.core.RetrieveRoutingResult(src, dst, unix.IPPROTO_TCP)
 	if err != nil {
-		// WAN. Old method.
-		var value bpfDstRoutingResult
-		ip6 := src.Addr().As16()
-		if e := c.core.bpf.TcpDstMap.Lookup(bpfIpPort{
-			Ip:   struct{ U6Addr8 [16]uint8 }{U6Addr8: ip6},
-			Port: common.Htons(src.Port()),
-		}, &value); e != nil {
-			if c.tproxyPortProtect {
-				return fmt.Errorf("failed to retrieve target info %v: %v, %v", src.String(), err, e)
-			} else {
-				routingResult = &bpfRoutingResult{
-					Mark:     0,
-					Must:     0,
-					Mac:      [6]uint8{},
-					Outbound: uint8(consts.OutboundControlPlaneRouting),
-					Pname:    [16]uint8{},
-					Pid:      0,
-				}
-				goto destRetrieved
-			}
-		}
-		routingResult = &value.RoutingResult
-
-		dstAddr, ok := netip.AddrFromSlice(common.Ipv6Uint32ArrayToByteSlice(value.Ip))
-		if !ok {
-			return fmt.Errorf("failed to parse dest ip: %v", value.Ip)
-		}
-		dst = netip.AddrPortFrom(dstAddr, common.Htons(value.Port))
+		return fmt.Errorf("failed to retrieve target info %v: %v", dst.String(), err)
 	}
-destRetrieved:
 	src = common.ConvergeAddrPort(src)
 	dst = common.ConvergeAddrPort(dst)
 

diff --git a/control/udp.go b/control/udp.go
@@ -13,7 +13,6 @@ import (
 	"net/netip"
 	"syscall"
 	"time"
-	"unsafe"
 
 	"github.com/daeuniverse/dae/common"
 	"github.com/daeuniverse/dae/common/consts"
@@ -51,19 +50,6 @@ func ChooseNatTimeout(data []byte, sniffDns bool) (dmsg *dnsmessage.Msg, timeout
 	return nil, DefaultNatTimeout
 }
 
-func ParseAddrHdr(data []byte) (hdr *bpfDstRoutingResult, dataOffset int, err error) {
-	dataOffset = int(unsafe.Sizeof(bpfDstRoutingResult{}))
-	if len(data) < dataOffset {
-		return nil, 0, fmt.Errorf("data is too short to parse AddrHdr")
-	}
-	_hdr := *(*bpfDstRoutingResult)(unsafe.Pointer(&data[0]))
-	if _hdr.Recognize != consts.Recognize {
-		return nil, 0, fmt.Errorf("bad recognize")
-	}
-	_hdr.Port = common.Ntohs(_hdr.Port)
-	return &_hdr, dataOffset, nil
-}
-
 func sendPktWithHdrWithFlag(data []byte, realFrom netip.AddrPort, lConn *net.UDPConn, to netip.AddrPort, lanWanFlag consts.LanWanFlag) error {
 	realFrom16 := realFrom.Addr().As16()
 	hdr := bpfDstRoutingResult{
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,4 +5,4 @@

		package control

		//go:generate go run -mod=mod github.com/cilium/ebpf/cmd/bpf2go -cc "$BPF_CLANG" "$BPF_STRIP_FLAG" -cflags "$BPF_CFLAGS" -target "$BPF_TARGET" bpf kern/tproxy.c -- -I./headers
		//go:generate go run -mod=mod github.com/cilium/ebpf/cmd/bpf2go -cc "$BPF_CLANG" "$BPF_STRIP_FLAG" -cflags "$BPF_CFLAGS" -target "$BPF_TARGET" -type dst_routing_result bpf kern/tproxy.c -- -I./headers