route: remove fragile implementation of strategy routing codes for snat

Signed-off-by: ywc689 <[email protected]>
iqiyi · Dec 8, 2023 · 6b23bdc · 6b23bdc
1 parent ab6dd16
commit 6b23bdc
Show file tree

Hide file tree

Showing 17 changed files with 38 additions and 114 deletions.
diff --git a/include/conf/flow.h b/include/conf/flow.h
@@ -46,7 +46,6 @@
 #define RTF_LOCALIN     0x0800
 #define RTF_DEFAULT     0x1000
 #define RTF_KNI         0X2000
-#define RTF_OUTWALL     0x4000
 
 typedef struct rt_addr {
     union inet_addr addr;

diff --git a/include/conf/route.h b/include/conf/route.h
@@ -60,7 +60,6 @@ struct dp_vs_route_conf {
     uint8_t         metric;
     uint8_t         proto;  /* routing protocol */
     uint32_t        flags;
-    int32_t         outwalltb;
 } __attribute__((__packed__));
 
 typedef struct dp_vs_route_detail {

diff --git a/include/ipvs/conn.h b/include/ipvs/conn.h
@@ -58,7 +58,6 @@ struct dp_vs_conn_param {
     uint16_t            cport;
     uint16_t            vport;
     uint16_t            ct_dport; /* RS port for template connection */
-    bool                outwall;
 };
 
 struct conn_tuple_hash {
@@ -165,9 +164,6 @@ struct dp_vs_conn {
     /* connection redirect in fnat/snat/nat modes */
     struct dp_vs_redirect  *redirect;
 
-    /* flag for gfwip */
-    bool outwall;
-
 } __rte_cache_aligned;
 
 /* for syn-proxy to save all ack packet in conn before rs's syn-ack arrives */

diff --git a/include/ipvs/ipvs.h b/include/ipvs/ipvs.h
@@ -53,7 +53,6 @@ struct dp_vs_service;
 struct dp_vs_conn *dp_vs_schedule(struct dp_vs_service *svc,
                                   const struct dp_vs_iphdr *iph,
                                   struct rte_mbuf *mbuf,
-                                  bool is_synproxy_on,
-                                  bool outwall);
+                                  bool is_synproxy_on);
 
 #endif /* __DPVS_IPVS_H__ */
diff --git a/include/ipvs/service.h b/include/ipvs/service.h
@@ -102,7 +102,7 @@ dp_vs_service_lookup(int af, uint16_t protocol,
                      uint16_t vport, uint32_t fwmark,
                      const struct rte_mbuf *mbuf,
                      const struct dp_vs_match *match,
-                     bool *outwall, lcoreid_t cid);
+                     lcoreid_t cid);
 
 void dp_vs_service_bind(struct dp_vs_dest *dest, struct dp_vs_service *svc);
 

diff --git a/include/route.h b/include/route.h
@@ -105,5 +105,4 @@ int route_del(struct in_addr* dest,uint8_t netmask, uint32_t flag,
               struct in_addr* gw, struct netif_port *port,
               struct in_addr* src, unsigned long mtu,short metric);
 
-struct route_entry *route_gfw_net_lookup(const struct in_addr *dest);
 #endif
diff --git a/src/ipvs/ip_vs_conn.c b/src/ipvs/ip_vs_conn.c
@@ -879,7 +879,6 @@ struct dp_vs_conn *dp_vs_conn_new(struct rte_mbuf *mbuf,
     else
         new->daddr  = dest->addr;
     new->dport  = rport;
-    new->outwall = param->outwall;
 
     /* neighbour confirm cache */
     if (AF_INET == tuplehash_in(new).af) {

diff --git a/src/ipvs/ip_vs_core.c b/src/ipvs/ip_vs_core.c
@@ -182,8 +182,7 @@ static struct dp_vs_conn *dp_vs_sched_persist(struct dp_vs_service *svc,
 static struct dp_vs_conn *dp_vs_snat_schedule(struct dp_vs_dest *dest,
                                        const struct dp_vs_iphdr *iph,
                                        uint16_t *ports,
-                                       struct rte_mbuf *mbuf,
-                                       bool outwall)
+                                       struct rte_mbuf *mbuf)
 {
     int err;
     struct dp_vs_conn *conn;
@@ -263,7 +262,6 @@ static struct dp_vs_conn *dp_vs_snat_schedule(struct dp_vs_dest *dest,
                     ports[1], saddr6->sin6_port, 0, &param);
         }
     }
-    param.outwall = outwall;
     conn = dp_vs_conn_new(mbuf, iph, &param, dest, 0);
     if (!conn) {
         sa_release(NULL, &daddr, &saddr);
@@ -278,8 +276,7 @@ static struct dp_vs_conn *dp_vs_snat_schedule(struct dp_vs_dest *dest,
 struct dp_vs_conn *dp_vs_schedule(struct dp_vs_service *svc,
                                   const struct dp_vs_iphdr *iph,
                                   struct rte_mbuf *mbuf,
-                                  bool is_synproxy_on,
-                                  bool outwall)
+                                  bool is_synproxy_on)
 {
     uint16_t _ports[2], *ports; /* sport, dport */
     struct dp_vs_dest *dest;
@@ -307,7 +304,7 @@ struct dp_vs_conn *dp_vs_schedule(struct dp_vs_service *svc,
     }
 
     if (dest->fwdmode == DPVS_FWD_MODE_SNAT)
-        return dp_vs_snat_schedule(dest, iph, ports, mbuf, outwall);
+        return dp_vs_snat_schedule(dest, iph, ports, mbuf);
 
     if (unlikely(iph->proto == IPPROTO_ICMP)) {
         struct icmphdr *ich, _icmph;

diff --git a/src/ipvs/ip_vs_dest.c b/src/ipvs/ip_vs_dest.c
@@ -439,7 +439,7 @@ static struct dp_vs_dest *get_dest_from_notification(const struct dest_notificat
     struct dp_vs_service *svc;
 
     svc = dp_vs_service_lookup(notice->svc_af, notice->proto, &notice->vaddr, notice->vport,
-            0, NULL, NULL, NULL, rte_lcore_id());
+            0, NULL, NULL, rte_lcore_id());
     if (!svc)
         return NULL;
     return dp_vs_dest_lookup(notice->af, svc, &notice->daddr, notice->dport);
@@ -770,7 +770,7 @@ static int dp_vs_dest_set(sockoptid_t opt, const void *user, size_t len)
         msg_destroy(&msg);
     }
 
-    getsvc = dp_vs_service_lookup(insvc->af, insvc->proto, &insvc->addr, insvc->port, insvc->fwmark, NULL, &insvc->match, NULL, cid);
+    getsvc = dp_vs_service_lookup(insvc->af, insvc->proto, &insvc->addr, insvc->port, insvc->fwmark, NULL, &insvc->match, cid);
     if (!getsvc || getsvc->proto != insvc->proto) {
         return EDPVS_INVAL;
     }
@@ -839,7 +839,7 @@ static int dp_vs_dest_get(sockoptid_t opt, const void *user, size_t len, void **
             }
 
             if (cid == rte_get_main_lcore()) {
-                getsvc = dp_vs_service_lookup(insvc->af, insvc->proto, &insvc->addr, insvc->port, insvc->fwmark, NULL, &insvc->match, NULL, cid);
+                getsvc = dp_vs_service_lookup(insvc->af, insvc->proto, &insvc->addr, insvc->port, insvc->fwmark, NULL, &insvc->match, cid);
                 if (!getsvc) {
                     msg_destroy(&msg);
                     return EDPVS_NOTEXIST;
@@ -950,7 +950,7 @@ static int dp_vs_dests_get_uc_cb(struct dpvs_msg *msg)
     struct dp_vs_service *svc;
 
     get = (struct dp_vs_dest_front*)msg->data;
-    svc = dp_vs_service_lookup(get->af, get->proto, &get->addr, get->port, get->fwmark, NULL, &get->match, NULL, cid);
+    svc = dp_vs_service_lookup(get->af, get->proto, &get->addr, get->port, get->fwmark, NULL, &get->match, cid);
     if (!svc)
         return EDPVS_NOTEXIST;
 

diff --git a/src/ipvs/ip_vs_laddr.c b/src/ipvs/ip_vs_laddr.c
@@ -542,10 +542,8 @@ static int laddr_sockopt_set(sockoptid_t opt, const void *conf, size_t size)
     }
 #endif
 
-    svc = dp_vs_service_lookup(af, proto,
-                               addr, port,
-                               fwmark, NULL, match, 
-                               NULL, rte_lcore_id());
+    svc = dp_vs_service_lookup(af, proto, addr, port,
+            fwmark, NULL, match, rte_lcore_id());
     if (!svc)
         return EDPVS_NOSERV;
 
@@ -609,8 +607,7 @@ static int agent_get_msg_cb(struct dpvs_msg *msg)
 
     svc = dp_vs_service_lookup(laddr_conf->af, laddr_conf->proto,
                                &laddr_conf->addr, laddr_conf->port,
-                               laddr_conf->fwmark, NULL, &laddr_conf->match, 
-                               NULL, cid);
+                               laddr_conf->fwmark, NULL, &laddr_conf->match, cid);
     if (!svc) {
         return EDPVS_NOSERV;
     } 
@@ -662,8 +659,7 @@ static int get_msg_cb(struct dpvs_msg *msg)
 
     svc = dp_vs_service_lookup(laddr_conf->af_s, laddr_conf->proto,
                                &laddr_conf->vaddr, laddr_conf->vport,
-                               laddr_conf->fwmark, NULL, &laddr_conf->match, 
-                               NULL, cid);
+                               laddr_conf->fwmark, NULL, &laddr_conf->match, cid);
     if (!svc) {
         return EDPVS_NOSERV;
     } 
@@ -755,7 +751,7 @@ static int laddr_sockopt_get(sockoptid_t opt, const void *conf, size_t size,
             if (cid == rte_get_main_lcore()) {
                 svc = dp_vs_service_lookup(laddr_conf->af_s, laddr_conf->proto,
                                            &laddr_conf->vaddr, laddr_conf->vport,
-                                           laddr_conf->fwmark, NULL, &laddr_conf->match, NULL, cid);
+                                           laddr_conf->fwmark, NULL, &laddr_conf->match, cid);
                 if (!svc) {
                     msg_destroy(&msg);
                     return EDPVS_NOSERV;
@@ -845,7 +841,9 @@ static int laddr_sockopt_get(sockoptid_t opt, const void *conf, size_t size,
                 return EDPVS_MSG_FAIL;
             }
 
-            svc = dp_vs_service_lookup(laddr_front->af, laddr_front->proto, &laddr_front->addr, laddr_front->port, laddr_front->fwmark, NULL, &laddr_front->match, NULL, rte_get_main_lcore());
+            svc = dp_vs_service_lookup(laddr_front->af, laddr_front->proto,
+                    &laddr_front->addr, laddr_front->port, laddr_front->fwmark,
+                    NULL, &laddr_front->match, rte_get_main_lcore());
             if (!svc) {
                 msg_destroy(&msg);
                 return EDPVS_NOSERV;

diff --git a/src/ipvs/ip_vs_proto_icmp.c b/src/ipvs/ip_vs_proto_icmp.c
@@ -81,7 +81,6 @@ static int icmp_conn_sched(struct dp_vs_proto *proto,
     void *ich = NULL;
     struct dp_vs_service *svc;
     int af = iph->af;
-    bool outwall = false;
     assert(proto && iph && mbuf && conn && verdict);
 
     if (AF_INET6 == af) {
@@ -100,14 +99,14 @@ static int icmp_conn_sched(struct dp_vs_proto *proto,
     }
 
     svc = dp_vs_service_lookup(iph->af, iph->proto, &iph->daddr, 0, 0,
-                               mbuf, NULL, &outwall, rte_lcore_id());
+                               mbuf, NULL, rte_lcore_id());
     if (!svc) {
         *verdict = INET_ACCEPT;
         return EDPVS_NOSERV;
     }
 
     /* schedule RS and create new connection */
-    *conn = dp_vs_schedule(svc, iph, mbuf, false, outwall);
+    *conn = dp_vs_schedule(svc, iph, mbuf, false);
     if (!*conn) {
         *verdict = INET_DROP;
         return EDPVS_RESOURCE;

diff --git a/src/ipvs/ip_vs_proto_tcp.c b/src/ipvs/ip_vs_proto_tcp.c
@@ -612,7 +612,6 @@ static int tcp_conn_sched(struct dp_vs_proto *proto,
 {
     struct tcphdr *th, _tcph;
     struct dp_vs_service *svc;
-    bool outwall = false;
 
     assert(proto && iph && mbuf && conn && verdict);
 
@@ -661,7 +660,7 @@ static int tcp_conn_sched(struct dp_vs_proto *proto,
     }
 
     svc = dp_vs_service_lookup(iph->af, iph->proto, &iph->daddr, th->dest,
-                               0, mbuf, NULL, &outwall, rte_lcore_id());
+                               0, mbuf, NULL, rte_lcore_id());
     if (!svc) {
         /* Drop tcp packet which is send to vip and !vport */
         if (g_defence_tcp_drop &&
@@ -675,7 +674,7 @@ static int tcp_conn_sched(struct dp_vs_proto *proto,
         return EDPVS_NOSERV;
     }
 
-    *conn = dp_vs_schedule(svc, iph, mbuf, false, outwall);
+    *conn = dp_vs_schedule(svc, iph, mbuf, false);
     if (!*conn) {
         *verdict = INET_DROP;
         return EDPVS_RESOURCE;

diff --git a/src/ipvs/ip_vs_proto_udp.c b/src/ipvs/ip_vs_proto_udp.c
@@ -156,7 +156,6 @@ static int udp_conn_sched(struct dp_vs_proto *proto,
 {
     struct rte_udp_hdr *uh, _udph;
     struct dp_vs_service *svc;
-    bool outwall = false;
     assert(proto && iph && mbuf && conn && verdict);
 
     uh = mbuf_header_pointer(mbuf, iph->len, sizeof(_udph), &_udph);
@@ -167,14 +166,14 @@ static int udp_conn_sched(struct dp_vs_proto *proto,
 
     /* lookup service <vip:vport> */
     svc = dp_vs_service_lookup(iph->af, iph->proto, &iph->daddr, 
-                     uh->dst_port, 0, mbuf, NULL, &outwall, rte_lcore_id());
+                     uh->dst_port, 0, mbuf, NULL, rte_lcore_id());
     if (!svc) {
         *verdict = INET_ACCEPT;
         return EDPVS_NOSERV;
     }
 
     /* schedule RS and create new connection */
-    *conn = dp_vs_schedule(svc, iph, mbuf, false, outwall);
+    *conn = dp_vs_schedule(svc, iph, mbuf, false);
     if (!*conn) {
         *verdict = INET_DROP;
         return EDPVS_RESOURCE;

diff --git a/src/ipvs/ip_vs_service.c b/src/ipvs/ip_vs_service.c
@@ -196,7 +196,7 @@ static inline bool __service_in_range(int af,
 }
 
 static struct dp_vs_service *
-__dp_vs_service_match_get4(const struct rte_mbuf *mbuf, bool *outwall, lcoreid_t cid)
+__dp_vs_service_match_get4(const struct rte_mbuf *mbuf, lcoreid_t cid)
 {
     struct route_entry *rt = MBUF_USERDATA_CONST(mbuf, struct route_entry *, MBUF_FIELD_ROUTE);
     struct rte_ipv4_hdr *iph = ip4_hdr(mbuf); /* ipv4 only */
@@ -217,10 +217,6 @@ __dp_vs_service_match_get4(const struct rte_mbuf *mbuf, bool *outwall, lcoreid_t
         if ((rt->flag & RTF_KNI) || (rt->flag & RTF_LOCALIN))
             return NULL;
         oif = rt->port->id;
-    } else if (outwall != NULL && (rt = route_gfw_net_lookup(&daddr.in))) {
-        oif = rt->port->id;
-        route4_put(rt);
-        *outwall = true;
     } else {
         rt = route4_input(mbuf, &daddr.in, &saddr.in,
                           iph->type_of_service,
@@ -331,10 +327,10 @@ __dp_vs_service_match_get6(const struct rte_mbuf *mbuf, lcoreid_t cid)
 }
 
 static struct dp_vs_service *
-__dp_vs_service_match_get(int af, const struct rte_mbuf *mbuf, bool *outwall, lcoreid_t cid)
+__dp_vs_service_match_get(int af, const struct rte_mbuf *mbuf, lcoreid_t cid)
 {
     if (af == AF_INET)
-        return __dp_vs_service_match_get4(mbuf, outwall, cid);
+        return __dp_vs_service_match_get4(mbuf, cid);
     else if (af == AF_INET6)
         return __dp_vs_service_match_get6(mbuf, cid);
     else
@@ -367,7 +363,7 @@ struct dp_vs_service *dp_vs_service_lookup(int af, uint16_t protocol,
                                         uint16_t vport, uint32_t fwmark,
                                         const struct rte_mbuf *mbuf,
                                         const struct dp_vs_match *match,
-                                        bool *outwall, lcoreid_t cid)
+                                        lcoreid_t cid)
 {
     struct dp_vs_service *svc = NULL;
 
@@ -382,7 +378,7 @@ struct dp_vs_service *dp_vs_service_lookup(int af, uint16_t protocol,
             goto out;
 
     if (mbuf) /* lowest priority */
-        svc = __dp_vs_service_match_get(af, mbuf, outwall, cid);
+        svc = __dp_vs_service_match_get(af, mbuf, cid);
 
 out:
 #ifdef CONFIG_DPVS_MBUF_DEBUG

diff --git a/src/ipvs/ip_vs_synproxy.c b/src/ipvs/ip_vs_synproxy.c
@@ -726,8 +726,7 @@ int dp_vs_synproxy_syn_rcv(int af, struct rte_mbuf *mbuf,
 
     if (th->syn && !th->ack && !th->rst && !th->fin &&
             (svc = dp_vs_service_lookup(af, iph->proto, &iph->daddr, th->dest, 0,
-                                        NULL, NULL, NULL, rte_lcore_id())) &&
-            (svc->flags & DP_VS_SVC_F_SYNPROXY)) {
+                NULL, NULL, rte_lcore_id())) && (svc->flags & DP_VS_SVC_F_SYNPROXY)) {
         /* if service's weight is zero (non-active realserver),
          * do noting and drop the packet */
         if (svc->weight == 0) {
@@ -1178,7 +1177,7 @@ int dp_vs_synproxy_ack_rcv(int af, struct rte_mbuf *mbuf,
     /* Do not check svc syn-proxy flag, as it may be changed after syn-proxy step 1. */
     if (!th->syn && th->ack && !th->rst && !th->fin &&
             (svc = dp_vs_service_lookup(af, iph->proto, &iph->daddr,
-                           th->dest, 0, NULL, NULL, NULL, rte_lcore_id()))) {
+                           th->dest, 0, NULL, NULL, rte_lcore_id()))) {
         if (dp_vs_synproxy_ctrl_defer &&
                 !syn_proxy_ack_has_data(mbuf, iph, th)) {
             /* Update statistics */
@@ -1214,7 +1213,7 @@ int dp_vs_synproxy_ack_rcv(int af, struct rte_mbuf *mbuf,
 
         /* Let the virtual server select a real server for the incoming connetion,
          * and create a connection entry */
-        *cpp = dp_vs_schedule(svc, iph, mbuf, 1, 0);
+        *cpp = dp_vs_schedule(svc, iph, mbuf, 1);
         if (unlikely(!*cpp)) {
             RTE_LOG(WARNING, IPVS, "%s: ip_vs_schedule failed\n", __func__);
             /* FIXME: What to do when virtual service is available but no destination

diff --git a/src/ipvs/ip_vs_xmit.c b/src/ipvs/ip_vs_xmit.c
@@ -1520,20 +1520,11 @@ static int __dp_vs_out_xmit_snat4(struct dp_vs_proto *proto,
         fl4.fl4_daddr = conn->caddr.in;
         fl4.fl4_saddr = conn->vaddr.in;
         fl4.fl4_tos = iph->type_of_service;
-
 
-        if (conn->outwall) {
-	    rt = route_gfw_net_lookup(&conn->caddr.in);
-            if (!rt) {
-                err = EDPVS_NOROUTE;
-                goto errout;
-            }
-        } else {
-            rt = route4_output(&fl4);
-            if (!rt) {
-                err = EDPVS_NOROUTE;
-                goto errout;
-            }
+        rt = route4_output(&fl4);
+        if (!rt) {
+            err = EDPVS_NOROUTE;
+            goto errout;
         }
         MBUF_USERDATA(mbuf, struct route_entry *, MBUF_FIELD_ROUTE) = rt;