add cache for route forwarding

Author: ThisSeanZhang

landscape-ebpf/src/bin/land.rs

@@ -1,3 +1,4 @@
+// cargo run --package landscape-ebpf --bin land
 pub fn main() {
     landscape_ebpf::landscape::test();
 }

landscape-ebpf/src/bpf/firewall.bpf.c

@@ -453,7 +453,9 @@ static int timer_clean_callback(void *map_mapping_timer_, struct firewall_conntr
         // bpf_log_info("call back remove conn");
         ret = bpf_map_delete_elem(&fire2_conn_map, key);
         if (ret) {
-            bpf_log_error("call back remove conn error: %pI4:%d->%pI4:%d", &key->local_addr, bpf_ntohs(key->local_port), &value->trigger_addr, bpf_ntohs(value->trigger_port));
+            bpf_log_error("call back remove conn error: %pI4:%d->%pI4:%d", &key->local_addr,
+                          bpf_ntohs(key->local_port), &value->trigger_addr,
+                          bpf_ntohs(value->trigger_port));
         }
         return 0;
     }
@@ -1061,6 +1063,10 @@ int ipv4_ingress_firewall(struct __sk_buff *skb) {
         //     "packet ip:%pI4:%d->%pI4:%d, ip_protocol: %d", &packet_info.ip_hdr.pair_ip.src_addr,
         //     bpf_ntohs(packet_info.ip_hdr.pair_ip.src_port), &packet_info.ip_hdr.pair_ip.dst_addr,
         //     bpf_ntohs(packet_info.ip_hdr.pair_ip.dst_port), packet_info.ip_hdr.ip_protocol);
+        u32 mark = skb->mark;
+        barrier_var(mark);
+        skb->mark = replace_cache_mask(mark, INGRESS_STATIC_MARK);
+        // bpf_log_info("set wan ingress mark: %u", skb->mark);
         return TC_ACT_UNSPEC;
     }
     return TC_ACT_SHOT;
@@ -1241,6 +1247,10 @@ int ipv6_ingress_firewall(struct __sk_buff *skb) {
         //     "packet ip:%pI4:%d->%pI4:%d, ip_protocol: %d", &packet_info.ip_hdr.pair_ip.src_addr,
         //     bpf_ntohs(packet_info.ip_hdr.pair_ip.src_port), &packet_info.ip_hdr.pair_ip.dst_addr,
         //     bpf_ntohs(packet_info.ip_hdr.pair_ip.dst_port), packet_info.ip_hdr.ip_protocol);
+        u32 mark = skb->mark;
+        barrier_var(mark);
+        skb->mark = replace_cache_mask(mark, INGRESS_STATIC_MARK);
+        // bpf_log_info("set wan ingress mark: %u", skb->mark);
         return TC_ACT_UNSPEC;
     }
     return TC_ACT_SHOT;

landscape-ebpf/src/bpf/flow.h

@@ -50,7 +50,6 @@ struct {
     __uint(max_entries, 2048);
 } flow_target_map SEC(".maps");
 
-
 // struct each_flow_target {
 //     __uint(type, BPF_MAP_TYPE_HASH);
 //     __uint(map_flags, BPF_F_NO_PREALLOC);
@@ -202,22 +201,126 @@ struct {
     __uint(pinning, LIBBPF_PIN_BY_NAME);
 } rt_target_map SEC(".maps");
 
-// struct lan_mac_cache_key {
-//     u8 ip[16];
-//     u8 l3_protocol;
-//     u8 _pad[3];
-// };
+struct rt_cache_key {
+    struct in6_addr local_addr;
+    struct in6_addr remote_addr;
+} __rt_cache_key;
 
-// struct lan_mac_cache {
-//     u8 mac[6];
-//     u8 _pad[2];
-// };
+struct rt_cache_value {
+    union {
+        __u32 mark_value;
+        __u32 ifindex;
+    };
+} __rt_cache_value;
 
-// struct {
-//     __uint(type, BPF_MAP_TYPE_LRU_HASH);
-//     __type(key, struct lan_mac_cache_key);
-//     __type(value, struct lan_mac_cache);
-//     __uint(max_entries, 65535);
-// } ip_mac_tab SEC(".maps");
+#define WAN_CACHE 0
+#define LAN_CACHE 1
+
+// 缓存
+struct each_cache_hash {
+    __uint(type, BPF_MAP_TYPE_LRU_HASH);
+    __type(key, struct rt_cache_key);
+    __type(value, struct rt_cache_value);
+    __uint(max_entries, 65536);
+} __each_cache_map SEC(".maps");
+
+// flow <-> 对应规则 map
+struct {
+    __uint(type, BPF_MAP_TYPE_ARRAY_OF_MAPS);
+    __type(key, u32);
+    __uint(max_entries, 4);
+    __uint(pinning, LIBBPF_PIN_BY_NAME);
+    __array(values, struct each_cache_hash);
+} rt_cache_map SEC(".maps");
+
+static __always_inline int setting_cache_in_wan(const struct route_context *context, u32 ifindex) {
+#define BPF_LOG_TOPIC "setting_cache_in_wan"
+    struct rt_cache_key search_key = {0};
+    u32 key = LAN_CACHE;
+    COPY_ADDR_FROM(search_key.local_addr.in6_u.u6_addr8, context->daddr.in6_u.u6_addr8);
+    COPY_ADDR_FROM(search_key.remote_addr.in6_u.u6_addr8, context->saddr.in6_u.u6_addr8);
+
+    void *lan_cache = bpf_map_lookup_elem(&rt_cache_map, &key);
+    if (lan_cache) {
+        struct rt_cache_value *target = bpf_map_lookup_elem(lan_cache, &search_key);
+        if (target) {
+            // if (context->l3_protocol == LANDSCAPE_IPV4_TYPE) {
+            //     bpf_log_info("Already cached %pI4 -> %pI4", search_key.local_addr.in6_u.u6_addr8,
+            //                 search_key.remote_addr.in6_u.u6_addr8);
+            // } else {
+            //     bpf_log_info("Already cached %pI6 -> %pI6", search_key.local_addr.in6_u.u6_addr8,
+            //                 search_key.remote_addr.in6_u.u6_addr8);
+            // }
+            return TC_ACT_OK;
+        }
+    }
+
+    key = WAN_CACHE;
+    void *wan_cache = bpf_map_lookup_elem(&rt_cache_map, &key);
+    if (wan_cache) {
+        struct rt_cache_value *target = bpf_map_lookup_elem(wan_cache, &search_key);
+        if (target) {
+            target->ifindex = ifindex;
+        } else {
+            struct rt_cache_value new_target_cache = {0};
+            new_target_cache.ifindex = ifindex;
+            bpf_map_update_elem(wan_cache, &search_key, &new_target_cache, BPF_ANY);
+        }
+
+        // if (context->l3_protocol == LANDSCAPE_IPV4_TYPE) {
+        //     bpf_log_info("cache %pI4 -> %pI4", search_key.local_addr.in6_u.u6_addr8,
+        //                  search_key.remote_addr.in6_u.u6_addr8);
+        // } else {
+        //     bpf_log_info("cache %pI6 -> %pI6", search_key.local_addr.in6_u.u6_addr8,
+        //                  search_key.remote_addr.in6_u.u6_addr8);
+        // }
+    } else {
+        bpf_log_info("could not find wan_cache: %d", key);
+    }
+
+    return TC_ACT_OK;
+#undef BPF_LOG_TOPIC
+}
+
+static __always_inline int setting_cache_in_lan(const struct route_context *context,
+                                                u32 flow_mark) {
+#define BPF_LOG_TOPIC "setting_cache_in_lan"
+    struct rt_cache_key search_key = {0};
+    u32 key = WAN_CACHE;
+    COPY_ADDR_FROM(search_key.local_addr.in6_u.u6_addr8, context->saddr.in6_u.u6_addr8);
+    COPY_ADDR_FROM(search_key.remote_addr.in6_u.u6_addr8, context->daddr.in6_u.u6_addr8);
+
+    void *wan_cache = bpf_map_lookup_elem(&rt_cache_map, &key);
+    if (wan_cache) {
+        struct rt_cache_value *target = bpf_map_lookup_elem(wan_cache, &search_key);
+        if (target) {
+            return TC_ACT_OK;
+        }
+    }
+
+    key = LAN_CACHE;
+    void *lan_cache = bpf_map_lookup_elem(&rt_cache_map, &key);
+    if (lan_cache) {
+        struct rt_cache_value *target = bpf_map_lookup_elem(lan_cache, &search_key);
+        if (target) {
+            target->mark_value = flow_mark;
+        } else {
+            struct rt_cache_value new_target_cache = {0};
+            new_target_cache.mark_value = flow_mark;
+            bpf_map_update_elem(lan_cache, &search_key, &new_target_cache, BPF_ANY);
+        }
+
+        // if (context->l3_protocol == LANDSCAPE_IPV4_TYPE) {
+        //     bpf_log_info("cache %pI4 -> %pI4", search_key.local_addr.in6_u.u6_addr8,
+        //                  search_key.remote_addr.in6_u.u6_addr8);
+        // } else {
+        //     bpf_log_info("cache %pI6 -> %pI6", search_key.local_addr.in6_u.u6_addr8,
+        //                  search_key.remote_addr.in6_u.u6_addr8);
+        // }
+    }
+
+    return TC_ACT_OK;
+#undef BPF_LOG_TOPIC
+}
 
 #endif /* __LD_FLOW_H__ */

landscape-ebpf/src/bpf/flow_lan.bpf.c

@@ -14,13 +14,13 @@ char LICENSE[] SEC("license") = "Dual BSD/GPL";
 const volatile int current_eth_net_offset = 14;
 
 // todo: 将 flow_target_info 独立出来维护
-struct {
-    __uint(type, BPF_MAP_TYPE_LRU_HASH);
-    __uint(map_flags, BPF_F_NO_COMMON_LRU);
-    __type(key, struct old_flow_cache_key);
-    __type(value, struct flow_target_info);
-    __uint(max_entries, 4096);
-} flow_cache_map SEC(".maps");
+// struct {
+//     __uint(type, BPF_MAP_TYPE_LRU_HASH);
+//     __uint(map_flags, BPF_F_NO_COMMON_LRU);
+//     __type(key, struct old_flow_cache_key);
+//     __type(value, struct flow_target_info);
+//     __uint(max_entries, 4096);
+// } flow_cache_map SEC(".maps");
 
 static __always_inline int is_broadcast_mac(struct __sk_buff *skb) {
     u8 mac[6];
@@ -480,6 +480,58 @@ static __always_inline int pick_wan_and_send_by_flow_id(struct __sk_buff *skb,
 #undef BPF_LOG_TOPIC
 }
 
+static __always_inline int search_route_in_lan(struct __sk_buff *skb,
+                                               const int current_eth_net_offset,
+                                               const struct route_context *context,
+                                               u32 *flow_mark) {
+#define BPF_LOG_TOPIC "search_route_in_lan"
+    int ret = 0;
+    u32 key = WAN_CACHE;
+    struct rt_cache_key search_key = {0};
+    COPY_ADDR_FROM(search_key.local_addr.in6_u.u6_addr8, context->saddr.in6_u.u6_addr8);
+    COPY_ADDR_FROM(search_key.remote_addr.in6_u.u6_addr8, context->daddr.in6_u.u6_addr8);
+
+    // Fist WAN
+    void *wan_cache = bpf_map_lookup_elem(&rt_cache_map, &key);
+    if (wan_cache) {
+        struct rt_cache_value *target = bpf_map_lookup_elem(wan_cache, &search_key);
+        if (target) {
+            struct wan_ip_info_key wan_search_key = {0};
+            wan_search_key.ifindex = target->ifindex;
+            wan_search_key.l3_protocol = context->l3_protocol;
+
+            struct wan_ip_info_value *wan_ip_info =
+                bpf_map_lookup_elem(&wan_ipv4_binding, &wan_search_key);
+            if (wan_ip_info != NULL) {
+                struct bpf_redir_neigh param;
+                if (context->l3_protocol == LANDSCAPE_IPV4_TYPE) {
+                    param.nh_family = AF_INET;
+                } else {
+                    param.nh_family = AF_INET6;
+                }
+
+                COPY_ADDR_FROM(param.ipv6_nh, wan_ip_info->gateway.bits);
+                ret = bpf_redirect_neigh(target->ifindex, &param, sizeof(param), 0);
+                return ret;
+            }
+        }
+    }
+
+    key = LAN_CACHE;
+    void *lan_cache = bpf_map_lookup_elem(&rt_cache_map, &key);
+    if (lan_cache) {
+        struct rt_cache_value *target = bpf_map_lookup_elem(lan_cache, &search_key);
+        if (target) {
+            *flow_mark = target->mark_value;
+            return pick_wan_and_send_by_flow_id(skb, current_eth_net_offset, context,
+                                                target->mark_value);
+        }
+    }
+
+    return TC_ACT_OK;
+#undef BPF_LOG_TOPIC
+}
+
 // ================================
 // LAN Route Egress
 // ================================
@@ -533,6 +585,12 @@ int lan_route_ingress(struct __sk_buff *skb) {
     //     }
     // }
 
+    ret = search_route_in_lan(skb, current_eth_net_offset, &context, &flow_mark);
+    if (ret != TC_ACT_OK) {
+        skb->mark = replace_flow_source(flow_mark, FLOW_FROM_LAN);
+        return ret;
+    }
+
     ret = lan_redirect_check(skb, current_eth_net_offset, &context);
     if (ret != TC_ACT_OK) {
         return ret;
@@ -547,8 +605,11 @@ int lan_route_ingress(struct __sk_buff *skb) {
     skb->mark = replace_flow_source(flow_mark, FLOW_FROM_LAN);
 
     ret = pick_wan_and_send_by_flow_id(skb, current_eth_net_offset, &context, flow_mark);
-    return ret;
 
+    if (ret == TC_ACT_REDIRECT) {
+        setting_cache_in_lan(&context, flow_mark);
+    }
+    return ret;
 #undef BPF_LOG_TOPIC
 }
 
@@ -583,11 +644,15 @@ int wan_route_ingress(struct __sk_buff *skb) {
     }
 
     ret = lan_redirect_check(skb, current_eth_net_offset, &context);
-    if (ret != TC_ACT_OK) {
-        return ret;
+    if (ret == TC_ACT_REDIRECT) {
+        u8 mark = get_cache_mask(skb->mark);
+        if (mark == INGRESS_STATIC_MARK) {
+            // bpf_log_info("get wan ingress mark: %u", mark);
+            setting_cache_in_wan(&context, skb->ifindex);
+        }
     }
 
-    return TC_ACT_UNSPEC;
+    return ret == TC_ACT_OK ? TC_ACT_UNSPEC : ret;
 #undef BPF_LOG_TOPIC
 }
 

landscape-ebpf/src/bpf/landscape.bpf.c

@@ -184,17 +184,76 @@ int xdp_pass(struct xdp_md *ctx) {
 #undef BPF_LOG_TOPIC
 }
 
+// struct test_item {
+//     u64 key;
+// };
+
+// struct {
+//     __uint(type, BPF_MAP_TYPE_LRU_HASH);
+//     __type(key, u32);
+//     __type(value, struct test_item);
+//     __uint(max_entries, 1024);
+// } test_map SEC(".maps");
+
 SEC("tc")
 int mark_egress(struct __sk_buff *skb) {
 #define BPF_LOG_TOPIC "<< mark_egress"
-
+    u64 time1, time2, time3;
     struct ethhdr *eth;
     if (VALIDATE_READ_DATA(skb, &eth, 0, sizeof(*eth))) {
         return TC_ACT_UNSPEC;
     }
-
     bpf_log_info("h_proto: %x", bpf_ntohs(eth->h_proto));
 
+    // time1 = bpf_ktime_get_ns();
+    // time2 = bpf_ktime_get_ns();
+    // time3 = time2 - time1;
+    
+    // bpf_log_info("bpf_ktime_get_ns time: %u", time3);
+
+
+    // struct test_item item = {0};
+    // struct test_item *item2;
+    // u32 key = 0;
+    // u64 index = 0;
+    // u32 num = 3;
+    
+    // time1 = bpf_ktime_get_ns();
+    // item2 = bpf_map_lookup_elem(&test_map, &key);
+    // if (item2 != NULL) {
+    //     __sync_fetch_and_add(&item2->key, 1);
+    //     index = item2->key;
+    // }
+    
+
+    // if (index %num == 0) {
+    //     time1 = bpf_ktime_get_ns();
+    //     bpf_map_update_elem(&test_map, &key, &item, BPF_ANY);
+    //     time2 = bpf_ktime_get_ns();
+
+    //     bpf_log_info("insert1 time: %u", time2 - time1 - time3);
+    // } else if (index %num ==1) {
+    //     time1 = bpf_ktime_get_ns();
+    //     item2 = bpf_map_lookup_elem(&test_map, &key);
+    //     if (item2 == NULL) {
+    //         bpf_map_update_elem(&test_map, &key, &item, BPF_ANY);
+    //     }
+    //     time2 = bpf_ktime_get_ns();
+
+    //     bpf_log_info("insert2 time: %u", time2 - time1 - time3);
+    // } else if (index %num ==2) {
+    //     time1 = bpf_ktime_get_ns();
+    //     bpf_map_update_elem(&test_map, &key, &item, BPF_NOEXIST );
+    //     time2 = bpf_ktime_get_ns();
+
+    //     bpf_log_info("insert BPF_NOEXIST  time: %u", time2 - time1 - time3);
+
+    // }
+    
+    // time2 = bpf_ktime_get_ns();
+    // bpf_log_info("__sync_fetch_and_add time: %u", time2 - time1 - time3);
+    
+
     return TC_ACT_UNSPEC;
 #undef BPF_LOG_TOPIC
 }