gh-1 partial fix

common/common.go

@@ -18,107 +18,113 @@ package common
 import "net"
 
 const (
-	AU_WORKQ_LEN = 1024
-	LU_WORKQ_LEN = 1024
-	NU_WORKQ_LEN = 1024
-	RU_WORKQ_LEN = 40827
+    AU_WORKQ_LEN = 1024
+    LU_WORKQ_LEN = 1024
+    NU_WORKQ_LEN = 1024
+    RU_WORKQ_LEN = 40827
 )
 
 type PortMod struct {
-	Dev       string
-	LinkIndex int
-	MacAddr   [6]byte
-	Link      bool
-	State     bool
-	Mtu       int
-	TunId     uint32
+    Dev       string
+    LinkIndex int
+    MacAddr   [6]byte
+    Link      bool
+    State     bool
+    Mtu       int
+    TunId     uint32
 }
 
 type VlanMod struct {
-	Vid       int
-	Dev       string
-	LinkIndex int
-	MacAddr   [6]byte
-	Link      bool
-	State     bool
-	Mtu       int
-	TunId     uint32
+    Vid       int
+    Dev       string
+    LinkIndex int
+    MacAddr   [6]byte
+    Link      bool
+    State     bool
+    Mtu       int
+    TunId     uint32
 }
 
 type VlanPortMod struct {
-	Vid    int
-	Dev    string
-	Tagged bool
+    Vid    int
+    Dev    string
+    Tagged bool
 }
 
 const (
-	FDB_PHY  = 0
-	FDB_TUN  = 1
-	FDB_VLAN = 2
+    FDB_PHY  = 0
+    FDB_TUN  = 1
+    FDB_VLAN = 2
 )
 
 type FdbMod struct {
-	MacAddr [6]byte
-	Vid     int
-	Dev     string
-	Type    int
+    MacAddr [6]byte
+    Vid     int
+    Dev     string
+    Type    int
 }
 
 type Ipv4AddrMod struct {
-	Dev string
-	Ip  string
+    Dev string
+    Ip  string
 }
 
 type Neighv4Mod struct {
-	Ip           net.IP
-	LinkIndex    int
-	State        int
-	HardwareAddr net.HardwareAddr
+    Ip           net.IP
+    LinkIndex    int
+    State        int
+    HardwareAddr net.HardwareAddr
 }
 
 type Routev4Mod struct {
-	Protocol  int
-	Flags     int
-	Gw        net.IP
-	LinkIndex int
-	Dst       *net.IPNet
+    Protocol  int
+    Flags     int
+    Gw        net.IP
+    LinkIndex int
+    Dst       *net.IPNet
 }
 
 type EpSelect uint
 
+const (
+    LB_SEL_RR EpSelect = iota
+    LB_SEL_HASH
+    LB_SEL_PRIO
+)
+
 type LbServiceArg struct {
-	ServIP   string
-	ServPort uint16
-	Proto    string
-	Sel      EpSelect
+    ServIP   string
+    ServPort uint16
+    Proto    string
+    Sel      EpSelect
 }
 
 type LbEndPointArg struct {
-	EpIP   string
-	EpPort uint16
-	Weight uint8
+    EpIP   string
+    EpPort uint16
+    Weight uint8
 }
 
 type LbRuleMod struct {
-	Serv LbServiceArg
-	Eps  []LbEndPointArg
+    Serv LbServiceArg
+    Eps  []LbEndPointArg
 }
 
 type NetHookInterface interface {
-	NetPortAdd(*PortMod) (int, error)
-	NetPortDel(*PortMod) (int, error)
-	NetVlanAdd(*VlanMod) (int, error)
-	NetVlanDel(*VlanMod) (int, error)
-	NetVlanPortAdd(*VlanPortMod) (int, error)
-	NetVlanPortDel(*VlanPortMod) (int, error)
-	NetFdbAdd(*FdbMod) (int, error)
-	NetFdbDel(*FdbMod) (int, error)
-	NetIpv4AddrAdd(*Ipv4AddrMod) (int, error)
-	NetIpv4AddrDel(*Ipv4AddrMod) (int, error)
-	NetNeighv4Add(*Neighv4Mod) (int, error)
-	NetNeighv4Del(*Neighv4Mod) (int, error)
-	NetRoutev4Add(*Routev4Mod) (int, error)
-	NetRoutev4Del(*Routev4Mod) (int, error)
-	NetLbRuleAdd(*LbRuleMod) (int, error)
-	NetLbRuleDel(*LbRuleMod) (int, error)
+    NetPortAdd(*PortMod) (int, error)
+    NetPortDel(*PortMod) (int, error)
+    NetVlanAdd(*VlanMod) (int, error)
+    NetVlanDel(*VlanMod) (int, error)
+    NetVlanPortAdd(*VlanPortMod) (int, error)
+    NetVlanPortDel(*VlanPortMod) (int, error)
+    NetFdbAdd(*FdbMod) (int, error)
+    NetFdbDel(*FdbMod) (int, error)
+    NetIpv4AddrAdd(*Ipv4AddrMod) (int, error)
+    NetIpv4AddrDel(*Ipv4AddrMod) (int, error)
+    NetNeighv4Add(*Neighv4Mod) (int, error)
+    NetNeighv4Del(*Neighv4Mod) (int, error)
+    NetRoutev4Add(*Routev4Mod) (int, error)
+    NetRoutev4Del(*Routev4Mod) (int, error)
+    NetLbRuleAdd(*LbRuleMod) (int, error)
+    NetLbRuleDel(*LbRuleMod) (int, error)
 }

ebpf/kernel/llb_kern_ct.c

@@ -97,6 +97,25 @@ dp_ct_proto_xfk_init(struct dp_ctv4_key *key,
     if (key->l4proto != IPPROTO_ICMP)
       xxi->nat_xport = key->dport;
   }
+  if (xi->nat_flags & LLB_NAT_HSRC) {
+    xkey->saddr = key->saddr;
+    xkey->daddr = key->daddr;
+
+    if (key->l4proto != IPPROTO_ICMP) {
+      if (xi->nat_xport)
+        xkey->dport = xi->nat_xport;
+      else
+        xi->nat_xport = key->sport;
+    }
+
+    xxi->nat_flags = LLB_NAT_HDST;
+    xxi->nat_xip = 0;
+    xi->nat_xip = 0;
+    if (key->l4proto != IPPROTO_ICMP)
+      xxi->nat_xport = key->sport;
+    bpf_printk("dport 0x%d", bpf_ntohs(xkey->dport));
+    bpf_printk("sport 0x%d", bpf_ntohs(xkey->sport));
+  }
 
   return 0;  
 }
@@ -579,6 +598,15 @@ dp_ctv4_in(void *ctx, struct xfi *F)
   xi->nat_xip   = F->l4m.nxip;
   xi->nat_xport = F->l4m.nxport;
 
+  if (xi->nat_xip == 0 &&
+      !(F->pm.nf & (LLB_NAT_HDST|LLB_NAT_HSRC))) { 
+    if (F->pm.nf == LLB_NAT_DST) {
+      xi->nat_flags = LLB_NAT_HDST;
+    } else {
+      xi->nat_flags = LLB_NAT_HSRC;
+    }
+  }
+
   dp_ct_proto_xfk_init(&key, xi, &xkey, xxi);
 
   atdat = bpf_map_lookup_elem(&acl_v4_map, &key);
@@ -590,7 +618,7 @@ dp_ctv4_in(void *ctx, struct xfi *F)
     adat->ca.oif = 0;
     adat->ca.cidx = F->pm.rule_id;
     if (xi->nat_flags) {
-      adat->ca.act_type = xi->nat_flags & LLB_NAT_DST ?
+      adat->ca.act_type = xi->nat_flags & (LLB_NAT_DST|LLB_NAT_HDST) ?
                              DP_SET_DNAT: DP_SET_SNAT;
       adat->nat_act.xip = xi->nat_xip;
       adat->nat_act.xport = xi->nat_xport;
@@ -608,7 +636,7 @@ dp_ctv4_in(void *ctx, struct xfi *F)
     axdat->ca.oif = 0;
     axdat->ca.cidx = F->pm.rule_id;
     if (xxi->nat_flags) { 
-      axdat->ca.act_type = xxi->nat_flags & LLB_NAT_DST ?
+      axdat->ca.act_type = xxi->nat_flags & (LLB_NAT_DST|LLB_NAT_HDST) ?
                              DP_SET_DNAT: DP_SET_SNAT;
       axdat->nat_act.xip = xxi->nat_xip;
       axdat->nat_act.xport = xxi->nat_xport;

ebpf/kernel/llb_kern_nat.c

@@ -95,6 +95,10 @@ dp_do_nat4_rule_lkup(void *ctx, struct xfi *F)
         F->l4m.nxport = nxfrm_act->nat_xport;
         F->pm.rule_id =  act->ca.cidx;
         LL_DBG_PRINTK("[NAT4] ACT %x\n", F->pm.nf);
+        /* Special case related to host-dnat */
+        if (F->l3m.ip.saddr == F->l4m.nxip && F->pm.nf == LLB_NAT_DST) {
+          F->l4m.nxip = 0;
+        }
       }
     }
   } else {