linuxkerneltravel · chenamy2017 · Sep 6, 2024 · Jul 19, 2024 · Jul 19, 2024 · Jul 26, 2024
@@ -41,9 +41,8 @@ jobs:
           cd testenv
           sudo ./testenv.sh setup --name veth-basic02
           cd ..
-          cd net_manager
-          sudo timeout -s SIGINT 5 ./xdp_loader -d eth0 -S || if [[ $? != 124 && $? != 0 ]];then exit $?;fi
-          sudo ./xdp_loader -d eth0 -S
+          sudo timeout -s SIGINT 5 ./netmanager -d eth0 -S || if [[ $? != 124 && $? != 0 ]];then exit $?;fi
+          sudo ./netmanager -d eth0 -S
 
 
 

@@ -1,36 +1,152 @@
 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
 
+# Compiler and Tools
+LLC ?= llc
+CLANG ?= clang
+CC ?= gcc
+
+# Targets
+XDP_TARGETS  := netmanager_kern
+USER_TARGETS := netmanager
+
+XDP_C = ${XDP_TARGETS:=.c}
+XDP_OBJ = ${XDP_C:.c=.o}
+USER_C := ${USER_TARGETS:=.c}
+USER_OBJ := ${USER_C:.c=.o}
+
+# Directories
+COMMON_DIR = ./common
+LIB_DIR ?= ./lib
+LOADER_DIR ?= $(LIB_DIR)/xdp-tools/xdp-loader
+STATS_DIR ?= $(COMMON_DIR)/../basic-solutions
+
+# Common Objects and Dependencies
+COMMON_OBJS += $(COMMON_DIR)/common_user_bpf_xdp.o $(COMMON_DIR)/common_params.o
+EXTRA_DEPS := $(COMMON_DIR)/parsing_helpers.h
+COMMON_H := ${COMMON_OBJS:.o=.h}
+
+include $(LIB_DIR)/defines.mk
+KERN_USER_H ?= $(wildcard common_kern_user.h)
+COMMON_MK = $(COMMON_DIR)/common.mk
+
+# Extra Linker/Compiler Flags
+CFLAGS += -I$(LIB_DIR)/install/include $(EXTRA_CFLAGS) -g 
+BPF_CFLAGS += -I$(LIB_DIR)/install/include $(EXTRA_CFLAGS) -g
+LDFLAGS += -L$(LIB_DIR)/install/lib
+
+# Verbosity Control
 ifeq ("$(origin V)", "command line")
-VERBOSE = $(V)
+	VERBOSE = $(V)
 endif
 ifndef VERBOSE
-VERBOSE = 0
+	VERBOSE = 0
 endif
 
 ifeq ($(VERBOSE),0)
-MAKEFLAGS += --no-print-directory -s
-Q = @
+	MAKEFLAGS += --no-print-directory -s
+	Q = @
 endif
 
-PROJ := xacl_ip router xacl_mac xstate net_manager
-
-
-
+# Projects and Cleaning
+PROJ := xacl_ip router xacl_mac xstate
 PROJ_CLEAN = $(addsuffix _clean,$(PROJ))
 
-.PHONY: clean clobber distclean $(PROJ) $(PROJ_CLEAN)
+.PHONY: clean clobber distclean $(PROJ) $(PROJ_CLEAN) $(CLANG) $(LLC)
+
+# Default Target
+all: lib $(PROJ) net_manager
 
-all: lib $(PROJ)
+# Clean Target
 clean: $(PROJ_CLEAN)
 	@echo; echo common; $(MAKE) -C common clean
 	@echo; echo lib; $(MAKE) -C lib clean
-
+	$(Q)rm -f $(USER_TARGETS) $(XDP_OBJ) $(USER_OBJ) $(COPY_LOADER) $(COPY_STATS) *.ll $(XLB_OBJS)
+
+# Build Library
 lib: config.mk check_submodule
 	@echo; echo $@; $(MAKE) -C $@
 
+# Project Build Targets
 $(PROJ):
 	@echo; echo $@; $(MAKE) -C $@
 
+# Main Target
+net_manager: llvm-check $(USER_TARGETS) $(XDP_OBJ) $(COPY_LOADER) $(COPY_STATS)
+
+# Copy Loader
+ifdef COPY_LOADER
+$(LOADER_DIR)/$(COPY_LOADER):
+	$(Q)make -C $(LOADER_DIR)
+
+$(COPY_LOADER): $(LOADER_DIR)/$(COPY_LOADER)
+	$(QUIET_COPY)cp $(LOADER_DIR)/$(COPY_LOADER) $(COPY_LOADER)
+endif
+
+# Copy Stats
+ifdef COPY_STATS
+$(STATS_DIR)/$(COPY_STATS):	$(STATS_DIR)/${COPY_STATS:=.c} $(COMMON_H)
+	$(Q)make -C $(STATS_DIR) $(COPY_STATS)
+
+$(COPY_STATS):	$(STATS_DIR)/$(COPY_STATS)
+	$(QUIET_COPY)cp $(STATS_DIR)/$(COPY_STATS) $(COPY_STATS)
+EXTRA_DEPS += $(COMMON_DIR)/xdp_stats_kern.h $(COMMON_DIR)/xdp_stats_kern_user.h
+endif
+
+# LLVM Tool Check
+llvm-check: $(CLANG) $(LLC)
+	@for TOOL in $^ ; do \
+		if [ ! $$(command -v $${TOOL} 2>/dev/null) ]; then \
+			echo "*** ERROR: Cannot find tool $${TOOL}" ;\
+			exit 1; \
+		else true; fi; \
+	done
+
+$(OBJECT_LIBBPF):
+	@if [ ! -d $(LIBBPF_DIR) ]; then \
+		echo "Error: Need libbpf submodule" $(LIBBPF_DIR); \
+		echo "May need to run git submodule update --init"; \
+		exit 1; \
+	else \
+		cd $(LIBBPF_DIR) && $(MAKE) all OBJDIR=.; \
+		mkdir -p build; $(MAKE) install_headers DESTDIR=build OBJDIR=.; \
+	fi
+
+$(OBJECT_LIBXDP):
+	@if [ ! -d $(LIBXDP_DIR) ]; then \
+		echo "Error: Need libxdp submodule" $(LIBXDP_DIR); \
+		echo "May need to run git submodule update --init"; \
+		exit 1; \
+	else \
+		cd $(LIBXDP_DIR) && $(MAKE) all OBJDIR=.; \
+	fi
+
+# Create dependency: detect if C-file change and touch H-file, to trigger
+# target $(COMMON_OBJS)
+$(COMMON_H): %.h: %.c
+	touch $@
+
+# Detect if any of common obj changed and create dependency on .h-files
+$(COMMON_OBJS):	%.o: %.h
+	$(Q)$(MAKE) -C $(COMMON_DIR)
+
+$(USER_TARGETS): %: %.c  $(OBJECT_LIBBPF) $(OBJECT_LIBXDP) Makefile $(COMMON_MK) $(COMMON_OBJS) $(KERN_USER_H) $(EXTRA_DEPS) $(XLB_OBJS)
+	$(QUIET_CC)$(CC) -Wall $(CFLAGS) $(LDFLAGS) -o $@ $(COMMON_OBJS) $(XLB_OBJS) $(LIB_OBJS) \
+	 $< $(LDLIBS)
+
+$(XDP_OBJ): %.o: %.c  Makefile $(COMMON_MK) $(KERN_USER_H) $(EXTRA_DEPS) $(OBJECT_LIBBPF)
+	$(QUIET_CLANG)$(CLANG) -S \
+	    -target bpf \
+	    -D __BPF_TRACING__ \
+	    $(BPF_CFLAGS) \
+	    -Wall \
+	    -Wno-unused-value \
+	    -Wno-pointer-sign \
+	    -Wno-compare-distinct-pointer-types \
+	    -Werror \
+	    -O2 -emit-llvm -c -g -o ${@:.o=.ll} $<
+	$(QUIET_LLC)$(LLC) -march=bpf -filetype=obj -o $@ ${@:.o=.ll}
+
+
 $(PROJ_CLEAN):
 	@echo; echo $@; $(MAKE) -C $(subst _clean,,$@) clean
 
@@ -51,4 +167,3 @@ check_submodule:
 		echo " consider running: git submodule update"  ;\
 		echo "" ;\
 	fi\
-
@@ -213,7 +213,7 @@ void parse_cmdline_args(int argc, char **argv,
 				goto error;
 			}
 			// 设置文件路径
-			cfg->mac_filter_file = (char *)&cfg->mac_filter_file_buf; //初始化ip_filter_file
+			cfg->mac_filter_file = (char *)&cfg->mac_filter_file_buf; //初始化mac_filter_file
 			strncpy(cfg->mac_filter_file, optarg, FILE_MAXSIZE);
 			break;
 		case 'k':
@@ -224,7 +224,7 @@ void parse_cmdline_args(int argc, char **argv,
 				goto error;
 			}
 			// 设置文件路径
-			cfg->router_file = (char *)&cfg->router_file_buf; //初始化ip_filter_file
+			cfg->router_file = (char *)&cfg->router_file_buf; //初始化router_file
 			strncpy(cfg->router_file, optarg, FILE_MAXSIZE);
 			break;
 		case 'g':

@@ -46,7 +46,18 @@ struct rules_ipv4 {
 	__u16 next_rule;
 };
 
+struct conn_mac {
+	unsigned char dest[ETH_ALEN];
+	unsigned char source[ETH_ALEN];
+};
 
+struct rules_mac {
+	unsigned char dest[ETH_ALEN];
+	unsigned char source[ETH_ALEN];
+	__u16 action;
+	__u16 prev_rule;
+	__u16 next_rule;
+};
 // 转发表项
 struct rt_item {
 	__u32 saddr;

@@ -0,0 +1,3 @@
+00:0c:29:57:00:4d 00:00:00:00:00:00 ALLOW
+00:0c:29:00:00:00 00:00:00:00:00:00 DENY
+00:00:00:00:00:00 00:00:00:00:00:00 ALLOW
@@ -6,7 +6,7 @@
 
 ### 实现
 
-![image-20240726104526418](./pic/ip_filter1.png)
+![image-20240726104526418](./image/ip_filter1.png)
 
 #### 输入参数优化
 
@@ -25,7 +25,7 @@
 因此其使用的方法十分固定，要求路径必须在相应的位置，如：
 
 ```
-sudo ./xdp_loader -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.conf -t
+sudo ./netmanager -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.conf -t
 ```
 
 将其绑定到-i参数上
@@ -40,7 +40,7 @@ strncpy(cfg->ip_filter_file, optarg, FILE_MAXSIZE);
 去掉这种限制
 
 ```
-sudo ./xdp_loader -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.conf -t
+sudo ./netmanager -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.conf -t
 ```
 
 #### 增添输出格式
@@ -52,7 +52,7 @@ sudo ./xdp_loader -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.con
 本功能的使用命令为
 
 ```
-sudo ./xdp_loader -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.conf
+sudo ./netmanager -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.conf
 ```
 
 也可以在其中加入-t/T选项，t参数会定时统计所有策略对应的报文数，T参数会输出所有匹配条目与策略
@@ -63,7 +63,7 @@ sudo ./xdp_loader -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.con
 sudo xdp-loader status
 ```
 
-![image-20240726114124092](./pic/ip_filter2.png)
+![image-20240726114124092](./image/ip_filter2.png)
 
 其中可以看到对应网卡上挂载的XDP程序
 
@@ -131,7 +131,7 @@ sudo ./xdp_loader -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.con
 
 可以发现已经drop了所有报文
 
-![image-20240726110021447](./pic/ip_filter3.png)
+![image-20240726110021447](./image/ip_filter3.png)
 
 
 ### 输出分析
@@ -144,6 +144,6 @@ sudo ./xdp_loader -d ens33 -S --progname=xdp_entry_ipv4 -i conf.d/black_ipv4.con
 sudo cat /sys/kernel/debug/tracing/trace_pipe
 ```
 
-![image-20240726153912838](./pic/ip_filter4.png)
+![image-20240726153912838](./image/ip_filter4.png)
 
 其中可以看到符合匹配的相关报文信息，其中包括四元组、协议类型、XDP策略行为以及匹配条目的序号。