From 81c0084acbcceaf5bb85efeb248b3550e1594e6e Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Tue, 19 Nov 2024 02:05:07 +0900 Subject: [PATCH 1/8] loxilb-io/loxilb#864 Initail support for lb source ranges --- api/models/loadbalance_entry.go | 2 +- api/restapi/embedded_spec.go | 6 +- api/restapi/handler/firewall.go | 5 +- api/restapi/handler/loadbalancer.go | 6 +- api/swagger.yml | 2 +- common/common.go | 10 +- pkg/loxinet/apiclient.go | 2 +- pkg/loxinet/dpbroker.go | 5 +- pkg/loxinet/dpebpf_linux.go | 13 +- pkg/loxinet/loxinettest.go | 2 +- pkg/loxinet/rules.go | 201 ++++++++++++++++++++++------ pkg/loxinet/xsync_server.go | 2 +- 12 files changed, 195 insertions(+), 61 deletions(-) diff --git a/api/models/loadbalance_entry.go b/api/models/loadbalance_entry.go index a7920530e..18ae1a1b8 100644 --- a/api/models/loadbalance_entry.go +++ b/api/models/loadbalance_entry.go @@ -313,7 +313,7 @@ type LoadbalanceEntryServiceArguments struct { Bgp bool `json:"bgp,omitempty"` // block-number if any of this LB entry - Block uint16 `json:"block,omitempty"` + Block uint32 `json:"block,omitempty"` // IP address for external access ExternalIP string `json:"externalIP,omitempty"` diff --git a/api/restapi/embedded_spec.go b/api/restapi/embedded_spec.go index 2e824087e..6349ab66f 100644 --- a/api/restapi/embedded_spec.go +++ b/api/restapi/embedded_spec.go @@ -5117,7 +5117,7 @@ func init() { "block": { "description": "block-number if any of this LB entry", "type": "integer", - "format": "uint16" + "format": "uint32" }, "externalIP": { "description": "IP address for external access", @@ -11374,7 +11374,7 @@ func init() { "block": { "description": "block-number if any of this LB entry", "type": "integer", - "format": "uint16" + "format": "uint32" }, "externalIP": { "description": "IP address for external access", @@ -11509,7 +11509,7 @@ func init() { "block": { "description": "block-number if any of this LB entry", "type": "integer", - "format": "uint16" + "format": "uint32" }, "externalIP": { "description": "IP address for external access", diff --git a/api/restapi/handler/firewall.go b/api/restapi/handler/firewall.go index 8a128fd2b..93cb5a843 100644 --- a/api/restapi/handler/firewall.go +++ b/api/restapi/handler/firewall.go @@ -35,7 +35,7 @@ func ConfigPostFW(params operations.PostConfigFirewallParams) middleware.Respond Rules.DstPortMax = uint16(params.Attr.RuleArguments.MaxDestinationPort) Rules.DstPortMin = uint16(params.Attr.RuleArguments.MinDestinationPort) Rules.InPort = params.Attr.RuleArguments.PortName - Rules.Pref = uint16(params.Attr.RuleArguments.Preference) + Rules.Pref = uint32(params.Attr.RuleArguments.Preference) Rules.Proto = uint8(params.Attr.RuleArguments.Protocol) Rules.SrcIP = params.Attr.RuleArguments.SourceIP Rules.SrcPortMax = uint16(params.Attr.RuleArguments.MaxSourcePort) @@ -102,7 +102,7 @@ func ConfigDeleteFW(params operations.DeleteConfigFirewallParams) middleware.Res Rules.InPort = *params.PortName } if params.Preference != nil { - Rules.Pref = uint16(*params.Preference) + Rules.Pref = uint32(*params.Preference) } if params.Protocol != nil { Rules.Proto = uint8(*params.Protocol) @@ -175,7 +175,6 @@ func ConfigGetFW(params operations.GetConfigFirewallAllParams) middleware.Respon tmpOpts.ToIP = FW.Opts.ToIP tmpOpts.ToPort = int64(FW.Opts.ToPort) tmpOpts.Counter = FW.Opts.Counter - tmpResult.RuleArguments = &tmpRule tmpResult.Opts = &tmpOpts diff --git a/api/restapi/handler/loadbalancer.go b/api/restapi/handler/loadbalancer.go index bcc14fbb3..81bf36924 100644 --- a/api/restapi/handler/loadbalancer.go +++ b/api/restapi/handler/loadbalancer.go @@ -93,7 +93,7 @@ func ConfigDeleteLoadbalancer(params operations.DeleteConfigLoadbalancerHosturlH lbServ.HostUrl = params.Hosturl } if params.Block != nil { - lbServ.BlockNum = uint16(*params.Block) + lbServ.BlockNum = uint32(*params.Block) } if params.Bgp != nil { lbServ.Bgp = *params.Bgp @@ -119,7 +119,7 @@ func ConfigDeleteLoadbalancerWithoutPath(params operations.DeleteConfigLoadbalan lbServ.Proto = params.Proto lbServ.HostUrl = "" if params.Block != nil { - lbServ.BlockNum = uint16(*params.Block) + lbServ.BlockNum = uint32(*params.Block) } if params.Bgp != nil { lbServ.Bgp = *params.Bgp @@ -155,7 +155,7 @@ func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) mid tmpSvc.Bgp = lb.Serv.Bgp tmpSvc.Port = int64(lb.Serv.ServPort) tmpSvc.Protocol = lb.Serv.Proto - tmpSvc.Block = uint16(lb.Serv.BlockNum) + tmpSvc.Block = uint32(lb.Serv.BlockNum) tmpSvc.Sel = int64(lb.Serv.Sel) tmpSvc.Mode = int32(lb.Serv.Mode) tmpSvc.Security = int32(lb.Serv.Security) diff --git a/api/swagger.yml b/api/swagger.yml index e098f569b..eace2bbef 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -3011,7 +3011,7 @@ definitions: description: value for Security mode (0-Plain, 1-HTTPs) block: type: integer - format: uint16 + format: uint32 description: block-number if any of this LB entry inactiveTimeOut: type: integer diff --git a/common/common.go b/common/common.go index c00227a05..1f5069dcd 100644 --- a/common/common.go +++ b/common/common.go @@ -431,7 +431,7 @@ type FwRuleArg struct { // InPort - the incoming port InPort string `json:"portName"` // Pref - User preference for ordering - Pref uint16 `json:"preference"` + Pref uint32 `json:"preference"` } // FwRuleMod - Info related to a firewall entry @@ -544,7 +544,7 @@ type LbServiceArg struct { // Proto - the service protocol of the load-balancer rule Proto string `json:"protocol"` // BlockNum - An arbitrary block num to further segregate a service - BlockNum uint16 `json:"block"` + BlockNum uint32 `json:"block"` // Sel - one of LbSelRr,LbSelHash, or LbSelHash Sel EpSelect `json:"sel"` // Bgp - export this rule with goBGP @@ -604,6 +604,12 @@ type LbSecIPArg struct { SecIP string `json:"secondaryIP"` } +// LbAllowedSrcIPArg - Allowed Src IPs +type LbAllowedSrcIPArg struct { + // Prefix - Allowed Prefix + Prefix string `json:"prefix"` +} + // LbRuleMod - Info related to a load-balancer entry type LbRuleMod struct { // Serv - service argument of type LbServiceArg diff --git a/pkg/loxinet/apiclient.go b/pkg/loxinet/apiclient.go index cfaf068b3..16691ad4b 100644 --- a/pkg/loxinet/apiclient.go +++ b/pkg/loxinet/apiclient.go @@ -332,7 +332,7 @@ func (na *NetAPIStruct) NetLbRuleAdd(lm *cmn.LbRuleMod) (int, error) { mh.mtx.Lock() defer mh.mtx.Unlock() var ips []string - ret, err := mh.zr.Rules.AddLbRule(lm.Serv, lm.SecIPs[:], lm.Eps[:]) + ret, err := mh.zr.Rules.AddLbRule(lm.Serv, lm.SecIPs[:], nil, lm.Eps[:]) if err == nil && lm.Serv.Bgp { if mh.bgp != nil { ips = append(ips, lm.Serv.ServIP) diff --git a/pkg/loxinet/dpbroker.go b/pkg/loxinet/dpbroker.go index db7b6847a..df5763fcb 100644 --- a/pkg/loxinet/dpbroker.go +++ b/pkg/loxinet/dpbroker.go @@ -293,9 +293,10 @@ type LBDpWorkQ struct { ZoneNum int ServiceIP net.IP L4Port uint16 - BlockNum uint16 + BlockNum uint32 DsrMode bool CsumDis bool + SrcCheck bool SecMode SecT HostURL string Proto uint8 @@ -333,7 +334,7 @@ type DpCtInfo struct { ServiceIP net.IP `json:"serviceip"` ServProto string `json:"servproto"` L4ServPort uint16 `json:"l4servproto"` - BlockNum uint16 `json:"blocknum"` + BlockNum uint32 `json:"blocknum"` RuleID uint32 `json:"ruleid"` } diff --git a/pkg/loxinet/dpebpf_linux.go b/pkg/loxinet/dpebpf_linux.go index cec184550..2fb301a0c 100644 --- a/pkg/loxinet/dpebpf_linux.go +++ b/pkg/loxinet/dpebpf_linux.go @@ -952,10 +952,10 @@ func DpLBRuleMod(w *LBDpWorkQ) int { key := new(natKey) - key.mark = C.ushort(w.BlockNum) + key.mark = C.uint(w.BlockNum) if w.NatType == DpSnat { - key.mark |= 0x1000 + key.mark |= SrcChkFwMark } else { key.daddr = [4]C.uint{0, 0, 0, 0} if tk.IsNetIPv4(w.ServiceIP.String()) { @@ -965,9 +965,9 @@ func DpLBRuleMod(w *LBDpWorkQ) int { convNetIP2DPv6Addr(unsafe.Pointer(&key.daddr[0]), w.ServiceIP) key.v6 = 1 } - key.mark = C.ushort(w.BlockNum) + key.mark = C.uint(w.BlockNum) key.dport = C.ushort(tk.Htons(w.L4Port)) - key.l4proto = C.uchar(w.Proto) + key.l4proto = C.ushort(w.Proto) key.zone = C.ushort(w.ZoneNum) } @@ -1020,6 +1020,9 @@ func DpLBRuleMod(w *LBDpWorkQ) int { if w.DsrMode { dat.ca.oaux = 1 } + if w.SrcCheck { + dat.chksrc = 1 + } nxfa := (*nxfrmAct)(unsafe.Pointer(&dat.nxfrms[0])) @@ -1053,7 +1056,7 @@ func DpLBRuleMod(w *LBDpWorkQ) int { nxfa.inactive = 1 } - dat.nxfrm = C.ushort(len(w.endPoints)) + dat.nxfrm = C.uchar(len(w.endPoints)) if w.CsumDis { dat.cdis = 1 } else { diff --git a/pkg/loxinet/loxinettest.go b/pkg/loxinet/loxinettest.go index 0b98318c6..e9541f8e8 100644 --- a/pkg/loxinet/loxinettest.go +++ b/pkg/loxinet/loxinettest.go @@ -289,7 +289,7 @@ func TestLoxinet(t *testing.T) { Weight: 2, }, } - _, err = mh.zr.Rules.AddLbRule(lbServ, nil, lbEps[:]) + _, err = mh.zr.Rules.AddLbRule(lbServ, nil, nil, lbEps[:]) if err != nil { t.Errorf("failed to add nat lb rule for 10.10.10.1\n") } diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go index 0b137701d..a656a9846 100644 --- a/pkg/loxinet/rules.go +++ b/pkg/loxinet/rules.go @@ -79,20 +79,22 @@ const ( // constants const ( MaxLBEndPoints = 32 - DflLbaInactiveTries = 2 // Default number of inactive tries before LB arm is turned off - MaxDflLbaInactiveTries = 100 // Max number of inactive tries before LB arm is turned off - DflLbaCheckTimeout = 10 // Default timeout for checking LB arms - DflHostProbeTimeout = 60 // Default probe timeout for end-point host - InitHostProbeTimeout = 15 // Initial probe timeout for end-point host - MaxHostProbeTime = 24 * 3600 // Max possible host health check duration - LbDefaultInactiveTimeout = 4 * 60 // Default inactive timeout for established sessions - LbDefaultInactiveNSTimeout = 20 // Default inactive timeout for non-session oriented protocols - LbMaxInactiveTimeout = 24 * 3600 // Maximum inactive timeout for established sessions - MaxEndPointCheckers = 4 // Maximum helpers to check endpoint health - EndPointCheckerDuration = 2 // Duration at which ep-helpers will run - MaxEndPointSweeps = 20 // Maximum end-point sweeps per round - VIPSweepDuration = 30 // Duration of periodic VIP maintenance - DefaultPersistTimeOut = 10800 // Default persistent LB session timeout + DflLbaInactiveTries = 2 // Default number of inactive tries before LB arm is turned off + MaxDflLbaInactiveTries = 100 // Max number of inactive tries before LB arm is turned off + DflLbaCheckTimeout = 10 // Default timeout for checking LB arms + DflHostProbeTimeout = 60 // Default probe timeout for end-point host + InitHostProbeTimeout = 15 // Initial probe timeout for end-point host + MaxHostProbeTime = 24 * 3600 // Max possible host health check duration + LbDefaultInactiveTimeout = 4 * 60 // Default inactive timeout for established sessions + LbDefaultInactiveNSTimeout = 20 // Default inactive timeout for non-session oriented protocols + LbMaxInactiveTimeout = 24 * 3600 // Maximum inactive timeout for established sessions + MaxEndPointCheckers = 4 // Maximum helpers to check endpoint health + EndPointCheckerDuration = 2 // Duration at which ep-helpers will run + MaxEndPointSweeps = 20 // Maximum end-point sweeps per round + VIPSweepDuration = 30 // Duration of periodic VIP maintenance + DefaultPersistTimeOut = 10800 // Default persistent LB session timeout + SnatFwMark = 0x80000000 // Snat Marker + SrcChkFwMark = 0x40000000 // Src check Marker ) type ruleTType uint @@ -154,7 +156,7 @@ type ruleTuples struct { inL4Prot rule8Tuple inL4Src rule16Tuple inL4Dst rule16Tuple - pref uint16 + pref uint32 path string } @@ -290,6 +292,7 @@ type ruleEnt struct { name string inst string secMode cmn.LBSec + srcList []*allowedSrcElem locIPs map[string]struct{} } @@ -299,7 +302,7 @@ type ruleTable struct { eMap map[string]*ruleEnt rArr [RtMaximumLbs]*ruleEnt pMap []*ruleEnt - Mark *tk.Counter + Mark *utils.Marker } type ruleTableType uint @@ -334,6 +337,13 @@ type vipElem struct { inst string } +type allowedSrcElem struct { + ref int + srcPref *net.IPNet + mark uint64 + lbmark uint32 +} + // RuleH - context container type RuleH struct { zone *Zone @@ -341,6 +351,8 @@ type RuleH struct { tables [RtMax]ruleTable epMap map[string]*epHost vipMap map[string]*vipElem + srcMark *tk.Counter + lbSrcMap map[string]*allowedSrcElem epCs [MaxEndPointCheckers]epChecker wg sync.WaitGroup lepHID uint8 @@ -360,15 +372,17 @@ func RulesInit(zone *Zone) *RuleH { nRh.vipMap = make(map[string]*vipElem) nRh.epMap = make(map[string]*epHost) + nRh.lbSrcMap = make(map[string]*allowedSrcElem) + nRh.srcMark = tk.NewCounter(1, RtMaximumFw4s) nRh.tables[RtFw].tableMatch = RmMax - 1 nRh.tables[RtFw].tableType = RtMf nRh.tables[RtFw].eMap = make(map[string]*ruleEnt) - nRh.tables[RtFw].Mark = tk.NewCounter(1, RtMaximumFw4s) + nRh.tables[RtFw].Mark = utils.NewMarker(1, RtMaximumFw4s) nRh.tables[RtLB].tableMatch = RmL3Dst | RmL4Dst | RmL4Prot nRh.tables[RtLB].tableType = RtEm nRh.tables[RtLB].eMap = make(map[string]*ruleEnt) - nRh.tables[RtLB].Mark = tk.NewCounter(1, RtMaximumLbs) + nRh.tables[RtLB].Mark = utils.NewMarker(1, RtMaximumLbs) for i := 0; i < MaxEndPointCheckers; i++ { nRh.epCs[i].tD = make(chan bool) @@ -764,8 +778,6 @@ func (R *RuleH) Rules2Json() ([]byte, error) { return nil, err } bret = append(bret, js...) - fmt.Printf("js: %v\n", js) - fmt.Println(string(js)) } return bret, nil @@ -983,7 +995,7 @@ func (R *RuleH) GetLBRuleByServArgs(serv cmn.LbServiceArg) *ruleEnt { return R.tables[RtLB].eMap[rt.ruleKey()] } -// GetLBRuleSecIPs - Get secondary IPs for SCTP LB rule by its service args +// GetLBRuleSecIPs - Get secondary IPs for LB rule by its service args func (R *RuleH) GetLBRuleSecIPs(serv cmn.LbServiceArg) []string { var ipProto uint8 var ips []string @@ -1016,6 +1028,93 @@ func (R *RuleH) GetLBRuleSecIPs(serv cmn.LbServiceArg) []string { return ips } +func (R *RuleH) addAllowedLbSrc(CIDR string, lbMark uint32) *allowedSrcElem { + + _, srcPref, err := net.ParseCIDR(CIDR) + if err != nil { + tk.LogIt(tk.LogError, "allowed-cidr parse failed\n") + return nil + } + + if lbMark >= 14 { + tk.LogIt(tk.LogError, "allowed-src lbmark out-of-range\n") + return nil + } + + added := false + srcElem := R.lbSrcMap[CIDR] + if srcElem != nil { + srcElem.lbmark |= 1 << lbMark + srcElem.ref++ + added = true + goto addFw + } + + srcElem = new(allowedSrcElem) + srcElem.ref = 1 + srcElem.srcPref = srcPref + srcElem.lbmark = 1 << lbMark + srcElem.mark, err = R.srcMark.GetCounter() + if err != nil { + tk.LogIt(tk.LogError, "allowed-cidr failed to alloc id\n") + return nil + } + +addFw: + fwarg := cmn.FwRuleArg{SrcIP: srcPref.String(), DstIP: "0.0.0.0/0"} + fwOpts := cmn.FwOptArg{Allow: true, Mark: srcElem.lbmark | SrcChkFwMark} + _, err = R.AddFwRule(fwarg, fwOpts) + if err != nil { + if !strings.Contains(err.Error(), "fwrule-exists") { + R.srcMark.PutCounter(srcElem.mark) + tk.LogIt(tk.LogError, "allowed-src failed to add fw %s\n", err) + return nil + } + } + + if !added { + R.lbSrcMap[CIDR] = srcElem + } + + tk.LogIt(tk.LogInfo, "added allowed-cidr %s: 0x%x\n", srcPref.String(), srcElem.lbmark) + + return srcElem +} + +func (R *RuleH) deleteAllowedLbSrc(CIDR string, lbMark uint32) error { + srcElem := R.lbSrcMap[CIDR] + if srcElem == nil { + return errors.New("no such allowed src prefix") + } + + if lbMark >= 14 { + tk.LogIt(tk.LogError, "allowed-src lbmark out-of-range\n") + return nil + } + + srcElem.ref-- + + if srcElem.ref == 0 { + fwarg := cmn.FwRuleArg{SrcIP: srcElem.srcPref.String(), DstIP: "0.0.0.0/0"} + _, err := R.DeleteFwRule(fwarg) + if err != nil { + tk.LogIt(tk.LogError, "Failed to delete allowedSRC %s\n", srcElem.srcPref.String()) + } + R.srcMark.PutCounter(srcElem.mark) + delete(R.lbSrcMap, CIDR) + tk.LogIt(tk.LogInfo, "delete allowed-cidr %s\n", srcElem.srcPref.String()) + } else { + srcElem.lbmark &= ^(1 << lbMark) + fwarg := cmn.FwRuleArg{SrcIP: srcElem.srcPref.String()} + fwOpts := cmn.FwOptArg{Allow: true, Mark: srcElem.lbmark | SrcChkFwMark} + R.AddFwRule(fwarg, fwOpts) + tk.LogIt(tk.LogInfo, "updated allowed-cidr %s : 0x%x\n", srcElem.srcPref.String(), srcElem.lbmark) + + } + + return nil +} + func (R *RuleH) electEPSrc(r *ruleEnt) bool { var sip net.IP var e int @@ -1378,7 +1477,7 @@ func getLBConsolidatedEPs(oldEps []ruleLBEp, newEps []ruleLBEp, oper cmn.LBOp) ( // AddLbRule - Add a service LB rule. The service details are passed in serv argument, // and end-point information is passed in the slice servEndPoints. On success, // it will return 0 and nil error, else appropriate return code and error string will be set -func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, servEndPoints []cmn.LbEndPointArg) (int, error) { +func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, allowedSources []cmn.LbAllowedSrcIPArg, servEndPoints []cmn.LbEndPointArg) (int, error) { var lBActs ruleLBActs var nSecIP []ruleLBSIP var ipProto uint8 @@ -1396,6 +1495,8 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, se return RuleUnknownServiceErr, errors.New("malformed-service error") } + allowedSources = append(allowedSources, cmn.LbAllowedSrcIPArg{Prefix: "10.10.10.1/32"}) + privIP = nil if serv.PrivateIP != "" { privIP = net.ParseIP(serv.PrivateIP) @@ -1641,6 +1742,7 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, se r.managed = serv.Managed r.secIP = nSecIP r.secMode = serv.Security + // Per LB end-point health-check is supposed to be handled at kube-loxilb/CCM, // but it certain cases like stand-alone mode, loxilb can do its own // lb end-point health monitoring @@ -1653,11 +1755,23 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, se r.hChk.actChk = serv.Monitor r.act.action = &lBActs - r.ruleNum, err = R.tables[RtLB].Mark.GetCounter() + r.ruleNum, err = R.tables[RtLB].Mark.GetMarker() if err != nil { tk.LogIt(tk.LogError, "nat lb-rule - %s:%s hwm error\n", r.tuples.String(), r.act.String()) return RuleAllocErr, errors.New("rule-hwm error") } + for _, allowedSource := range allowedSources { + srcElem := R.addAllowedLbSrc(allowedSource.Prefix, uint32(r.ruleNum)) + if srcElem == nil { + R.tables[RtLB].Mark.ReleaseMarker(r.ruleNum) + for _, src := range r.srcList { + R.deleteAllowedLbSrc(src.srcPref.String(), uint32(r.ruleNum)) + } + tk.LogIt(tk.LogError, "nat lb-rule - %s:%s allowedSRC error\n", r.tuples.String(), r.act.String()) + return RuleAllocErr, errors.New("rule-allowed-src error") + } + r.srcList = append(r.srcList, srcElem) + } r.sT = time.Now() r.iTO = serv.InactiveTimeout r.bgp = serv.Bgp @@ -1682,14 +1796,13 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, se } } - tk.LogIt(tk.LogDebug, "lb-rule added - %d:%s-%s\n", r.ruleNum, r.tuples.String(), r.act.String()) - R.tables[RtLB].eMap[rt.ruleKey()] = r if r.ruleNum < RtMaximumLbs { R.tables[RtLB].rArr[r.ruleNum] = r } R.addVIPSys(r) r.DP(DpCreate) + tk.LogIt(tk.LogDebug, "lb-rule added - %d:%s-%s\n", r.ruleNum, r.tuples.String(), r.act.String()) return 0, nil } @@ -1747,7 +1860,7 @@ func (R *RuleH) DeleteLbRule(serv cmn.LbServiceArg) (int, error) { return RuleNotExistsErr, errors.New("no-rule error") } - defer R.tables[RtLB].Mark.PutCounter(rule.ruleNum) + defer R.tables[RtLB].Mark.ReleaseMarker(rule.ruleNum) eEps := rule.act.action.(*ruleLBActs).endPoints activatedProbe := false @@ -1759,6 +1872,11 @@ func (R *RuleH) DeleteLbRule(serv cmn.LbServiceArg) (int, error) { R.unFoldRecursiveEPs(rule) } + for _, srcElem := range rule.srcList { + R.deleteAllowedLbSrc(srcElem.srcPref.String(), uint32(rule.ruleNum)) + } + rule.srcList = nil + delete(R.tables[RtLB].eMap, rt.ruleKey()) if rule.ruleNum < RtMaximumLbs { R.tables[RtLB].rArr[rule.ruleNum] = nil @@ -1841,12 +1959,13 @@ func (R *RuleH) AddFwRule(fwRule cmn.FwRuleArg, fwOptArgs cmn.FwOptArg) (int, er // Validate rule args _, dNetAddr, err := net.ParseCIDR(fwRule.DstIP) if err != nil { - return RuleTupleErr, errors.New("malformed-rule error") + return RuleTupleErr, errors.New("malformed-rule dst error") } _, sNetAddr, err := net.ParseCIDR(fwRule.SrcIP) if err != nil { - return RuleTupleErr, errors.New("malformed-rule error") + fmt.Printf("src parse failure %s\n", err) + return RuleTupleErr, errors.New("malformed-rule src error") } l3dst := ruleIPTuple{*dNetAddr} @@ -1883,6 +2002,10 @@ func (R *RuleH) AddFwRule(fwRule cmn.FwRuleArg, fwOptArgs cmn.FwOptArg) (int, er eFw := R.tables[RtFw].eMap[rt.ruleKey()] if eFw != nil { + if fwOpts.opt.fwMark != fwOptArgs.Mark { + fwOpts.opt.fwMark = fwOptArgs.Mark + eFw.Fw2DP(DpCreate) + } // If a FW rule already exists return RuleExistsErr, errors.New("fwrule-exists error") } @@ -1925,7 +2048,7 @@ func (R *RuleH) AddFwRule(fwRule cmn.FwRuleArg, fwOptArgs cmn.FwOptArg) (int, er } r.act.action = &fwOpts - r.ruleNum, err = R.tables[RtFw].Mark.GetCounter() + r.ruleNum, err = R.tables[RtFw].Mark.GetMarker() if err != nil { tk.LogIt(tk.LogError, "fw-rule - %s:%s mark error\n", r.tuples.String(), r.act.String()) return RuleAllocErr, errors.New("rule-mark error") @@ -1938,7 +2061,7 @@ func (R *RuleH) AddFwRule(fwRule cmn.FwRuleArg, fwOptArgs cmn.FwOptArg) (int, er servArg.ServIP = "0.0.0.0" servArg.ServPort = 0 servArg.Proto = "none" - servArg.BlockNum = uint16(r.ruleNum) | 0x1000 + servArg.BlockNum = uint32(r.ruleNum) | SnatFwMark servArg.Sel = cmn.LbSelRr servArg.Mode = cmn.LBModeDefault servArg.Snat = true @@ -1947,13 +2070,13 @@ func (R *RuleH) AddFwRule(fwRule cmn.FwRuleArg, fwOptArgs cmn.FwOptArg) (int, er snatEP := []cmn.LbEndPointArg{{EpIP: fwOpts.opt.snatIP, EpPort: fwOpts.opt.snatPort}} - _, err := R.AddLbRule(servArg, nil, snatEP) + _, err := R.AddLbRule(servArg, nil, nil, snatEP) if err != nil { tk.LogIt(tk.LogError, "fw-rule - %s:%s (%s) snat create error\n", r.tuples.String(), r.act.String(), err) return RuleArgsErr, errors.New("rule-snat error") } - fwOpts.opt.fwMark = uint32(uint16((r.ruleNum) | 0x1000)) + fwOpts.opt.fwMark = uint32(uint16((r.ruleNum) | SnatFwMark)) } @@ -1977,12 +2100,12 @@ func (R *RuleH) DeleteFwRule(fwRule cmn.FwRuleArg) (int, error) { // Vaildate rule args _, dNetAddr, err := net.ParseCIDR(fwRule.DstIP) if err != nil { - return RuleTupleErr, errors.New("malformed-rule error") + return RuleTupleErr, errors.New("malformed-rule dst error") } _, sNetAddr, err := net.ParseCIDR(fwRule.SrcIP) if err != nil { - return RuleTupleErr, errors.New("malformed-rule error") + return RuleTupleErr, errors.New("malformed-rule src error") } l3dst := ruleIPTuple{*dNetAddr} @@ -2027,7 +2150,7 @@ func (R *RuleH) DeleteFwRule(fwRule cmn.FwRuleArg) (int, error) { servArg.ServIP = "0.0.0.0" servArg.ServPort = 0 servArg.Proto = "none" - servArg.BlockNum = uint16(rule.ruleNum) | 0x1000 + servArg.BlockNum = uint32(rule.ruleNum) | SnatFwMark servArg.Sel = cmn.LbSelRr servArg.Mode = cmn.LBModeDefault servArg.Snat = true @@ -2043,7 +2166,7 @@ func (R *RuleH) DeleteFwRule(fwRule cmn.FwRuleArg) (int, error) { } } - defer R.tables[RtFw].Mark.PutCounter(rule.ruleNum) + defer R.tables[RtFw].Mark.ReleaseMarker(rule.ruleNum) delete(R.tables[RtFw].eMap, rt.ruleKey()) @@ -2579,7 +2702,6 @@ func (R *RuleH) RuleDestructAll() { R.DeleteFwRule(fwr) } - return } // VIP2DP - Sync state of nat-rule for local sock VIP-port rewrite @@ -2634,6 +2756,9 @@ func (r *ruleEnt) LB2DP(work DpWorkT) int { nWork.InActTo = uint64(r.iTO) nWork.PersistTo = uint64(r.pTO) nWork.HostURL = r.tuples.path + if len(r.srcList) > 0 { + nWork.SrcCheck = true + } if r.act.actType == RtActDnat { nWork.NatType = DpDnat @@ -2838,7 +2963,7 @@ func (r *ruleEnt) Fw2DP(work DpWorkT) int { } nWork.Proto = r.tuples.l4Prot.val nWork.Mark = int(r.ruleNum) - nWork.Pref = r.tuples.pref + nWork.Pref = uint16(r.tuples.pref) switch at := r.act.action.(type) { case *ruleFwOpts: diff --git a/pkg/loxinet/xsync_server.go b/pkg/loxinet/xsync_server.go index fd118caaf..02fca6508 100644 --- a/pkg/loxinet/xsync_server.go +++ b/pkg/loxinet/xsync_server.go @@ -154,7 +154,7 @@ func (ci *CtInfo) ConvertToDpCtInfo() DpCtInfo { Packets: uint64(ci.Packets), Bytes: uint64(ci.Bytes), Deleted: int(ci.Deleted), PKey: ci.Pkey, PVal: ci.Pval, XSync: ci.Xsync, ServiceIP: ci.Serviceip, ServProto: ci.Servproto, - L4ServPort: uint16(ci.L4Servport), BlockNum: uint16(ci.Blocknum), + L4ServPort: uint16(ci.L4Servport), BlockNum: uint32(ci.Blocknum), } return cti } From d0cea4d2e8a90ce2909bb99a35a24e4c36603233 Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Tue, 19 Nov 2024 23:47:55 +0900 Subject: [PATCH 2/8] loxilb-io/loxilb#864 Initial support for lb source ranges --- api/models/loadbalance_entry.go | 94 +++++++++++++++++++++++++++++ api/restapi/embedded_spec.go | 27 +++++++++ api/restapi/handler/cluster.go | 2 +- api/restapi/handler/loadbalancer.go | 12 ++++ api/restapi/handler/prometheus.go | 6 +- api/swagger.yml | 9 +++ common/common.go | 2 + loxilb-ebpf | 2 +- pkg/loxinet/apiclient.go | 3 +- pkg/loxinet/dpebpf_linux.go | 8 ++- pkg/loxinet/rules.go | 9 +-- 11 files changed, 160 insertions(+), 14 deletions(-) diff --git a/api/models/loadbalance_entry.go b/api/models/loadbalance_entry.go index 18ae1a1b8..4932c8470 100644 --- a/api/models/loadbalance_entry.go +++ b/api/models/loadbalance_entry.go @@ -19,6 +19,9 @@ import ( // swagger:model LoadbalanceEntry type LoadbalanceEntry struct { + // values of allowed source IP + AllowedSources []*LoadbalanceEntryAllowedSourcesItems0 `json:"allowedSources"` + // values of End point servers Endpoints []*LoadbalanceEntryEndpointsItems0 `json:"endpoints"` @@ -33,6 +36,10 @@ type LoadbalanceEntry struct { func (m *LoadbalanceEntry) Validate(formats strfmt.Registry) error { var res []error + if err := m.validateAllowedSources(formats); err != nil { + res = append(res, err) + } + if err := m.validateEndpoints(formats); err != nil { res = append(res, err) } @@ -51,6 +58,32 @@ func (m *LoadbalanceEntry) Validate(formats strfmt.Registry) error { return nil } +func (m *LoadbalanceEntry) validateAllowedSources(formats strfmt.Registry) error { + if swag.IsZero(m.AllowedSources) { // not required + return nil + } + + for i := 0; i < len(m.AllowedSources); i++ { + if swag.IsZero(m.AllowedSources[i]) { // not required + continue + } + + if m.AllowedSources[i] != nil { + if err := m.AllowedSources[i].Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("allowedSources" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("allowedSources" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + func (m *LoadbalanceEntry) validateEndpoints(formats strfmt.Registry) error { if swag.IsZero(m.Endpoints) { // not required return nil @@ -126,6 +159,10 @@ func (m *LoadbalanceEntry) validateServiceArguments(formats strfmt.Registry) err func (m *LoadbalanceEntry) ContextValidate(ctx context.Context, formats strfmt.Registry) error { var res []error + if err := m.contextValidateAllowedSources(ctx, formats); err != nil { + res = append(res, err) + } + if err := m.contextValidateEndpoints(ctx, formats); err != nil { res = append(res, err) } @@ -144,6 +181,26 @@ func (m *LoadbalanceEntry) ContextValidate(ctx context.Context, formats strfmt.R return nil } +func (m *LoadbalanceEntry) contextValidateAllowedSources(ctx context.Context, formats strfmt.Registry) error { + + for i := 0; i < len(m.AllowedSources); i++ { + + if m.AllowedSources[i] != nil { + if err := m.AllowedSources[i].ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("allowedSources" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("allowedSources" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + func (m *LoadbalanceEntry) contextValidateEndpoints(ctx context.Context, formats strfmt.Registry) error { for i := 0; i < len(m.Endpoints); i++ { @@ -218,6 +275,43 @@ func (m *LoadbalanceEntry) UnmarshalBinary(b []byte) error { return nil } +// LoadbalanceEntryAllowedSourcesItems0 loadbalance entry allowed sources items0 +// +// swagger:model LoadbalanceEntryAllowedSourcesItems0 +type LoadbalanceEntryAllowedSourcesItems0 struct { + + // IP address for allowed source access + Prefix string `json:"prefix,omitempty"` +} + +// Validate validates this loadbalance entry allowed sources items0 +func (m *LoadbalanceEntryAllowedSourcesItems0) Validate(formats strfmt.Registry) error { + return nil +} + +// ContextValidate validates this loadbalance entry allowed sources items0 based on context it is used +func (m *LoadbalanceEntryAllowedSourcesItems0) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *LoadbalanceEntryAllowedSourcesItems0) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *LoadbalanceEntryAllowedSourcesItems0) UnmarshalBinary(b []byte) error { + var res LoadbalanceEntryAllowedSourcesItems0 + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} + // LoadbalanceEntryEndpointsItems0 loadbalance entry endpoints items0 // // swagger:model LoadbalanceEntryEndpointsItems0 diff --git a/api/restapi/embedded_spec.go b/api/restapi/embedded_spec.go index 6349ab66f..1270a0b55 100644 --- a/api/restapi/embedded_spec.go +++ b/api/restapi/embedded_spec.go @@ -5067,6 +5067,18 @@ func init() { "LoadbalanceEntry": { "type": "object", "properties": { + "allowedSources": { + "description": "values of allowed source IP", + "type": "array", + "items": { + "properties": { + "prefix": { + "description": "IP address for allowed source access", + "type": "string" + } + } + } + }, "endpoints": { "description": "values of End point servers", "type": "array", @@ -11350,6 +11362,13 @@ func init() { "LoadbalanceEntry": { "type": "object", "properties": { + "allowedSources": { + "description": "values of allowed source IP", + "type": "array", + "items": { + "$ref": "#/definitions/LoadbalanceEntryAllowedSourcesItems0" + } + }, "endpoints": { "description": "values of End point servers", "type": "array", @@ -11467,6 +11486,14 @@ func init() { } } }, + "LoadbalanceEntryAllowedSourcesItems0": { + "properties": { + "prefix": { + "description": "IP address for allowed source access", + "type": "string" + } + } + }, "LoadbalanceEntryEndpointsItems0": { "properties": { "counter": { diff --git a/api/restapi/handler/cluster.go b/api/restapi/handler/cluster.go index 28927fe11..e04cb436e 100644 --- a/api/restapi/handler/cluster.go +++ b/api/restapi/handler/cluster.go @@ -28,7 +28,7 @@ import ( func ConfigGetCIState(params operations.GetConfigCistateAllParams) middleware.Responder { var result []*models.CIStatusGetEntry result = make([]*models.CIStatusGetEntry, 0) - tk.LogIt(tk.LogDebug, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) hasMod, err := ApiHooks.NetCIStateGet() if err != nil { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", err) diff --git a/api/restapi/handler/loadbalancer.go b/api/restapi/handler/loadbalancer.go index 81bf36924..3ac644e1c 100644 --- a/api/restapi/handler/loadbalancer.go +++ b/api/restapi/handler/loadbalancer.go @@ -58,6 +58,12 @@ func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) midd } } + for _, data := range params.Attr.AllowedSources { + lbRules.SrcIPs = append(lbRules.SrcIPs, cmn.LbAllowedSrcIPArg{ + Prefix: data.Prefix, + }) + } + for _, data := range params.Attr.Endpoints { lbRules.Eps = append(lbRules.Eps, cmn.LbEndPointArg{ EpIP: data.EndpointIP, @@ -176,6 +182,12 @@ func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) mid tmpLB.SecondaryIPs = append(tmpLB.SecondaryIPs, tmpSIP) } + for _, src := range lb.SrcIPs { + tmpSIP := new(models.LoadbalanceEntryAllowedSourcesItems0) + tmpSIP.Prefix = src.Prefix + tmpLB.AllowedSources = append(tmpLB.AllowedSources, tmpSIP) + } + // Endpoints match for _, ep := range lb.Eps { tmpEp := new(models.LoadbalanceEntryEndpointsItems0) diff --git a/api/restapi/handler/prometheus.go b/api/restapi/handler/prometheus.go index 5d0788898..c642e4a22 100644 --- a/api/restapi/handler/prometheus.go +++ b/api/restapi/handler/prometheus.go @@ -29,7 +29,7 @@ import ( ) func ConfigGetPrometheusCounter(params operations.GetMetricsParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Prometheus %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Prometheus %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) if !options.Opts.Prometheus { return operations.NewGetMetricsOK().WithPayload("Prometheus option is disabled.") } @@ -39,7 +39,7 @@ func ConfigGetPrometheusCounter(params operations.GetMetricsParams) middleware.R } func ConfigGetPrometheusOption(params operations.GetConfigMetricsParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "[API] Prometheus %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "[API] Prometheus %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) return operations.NewGetConfigMetricsOK().WithPayload(&models.MetricsConfig{Prometheus: &options.Opts.Prometheus}) } @@ -54,7 +54,7 @@ func ConfigPostPrometheus(params operations.PostConfigMetricsParams) middleware. } func ConfigDeletePrometheus(params operations.DeleteConfigMetricsParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "[API] Prometheus %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "[API] Prometheus %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) err := prometheus.Off() if err != nil { tk.LogIt(tk.LogDebug, "[API] Error occur : %v\n", err) diff --git a/api/swagger.yml b/api/swagger.yml index eace2bbef..a2a7843f1 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -3068,6 +3068,15 @@ definitions: secondaryIP: type: string description: IP address for secondary access + + allowedSources: + type: array + description: values of allowed source IP + items: + properties: + prefix: + type: string + description: IP address for allowed source access RouteEntry: type: object diff --git a/common/common.go b/common/common.go index 1f5069dcd..2c6b2a091 100644 --- a/common/common.go +++ b/common/common.go @@ -616,6 +616,8 @@ type LbRuleMod struct { Serv LbServiceArg `json:"serviceArguments"` // SecIPs - Secondary IPs for SCTP multi-homed service SecIPs []LbSecIPArg `json:"secondaryIPs"` + // SrcIPs - Allowed Source IPs + SrcIPs []LbAllowedSrcIPArg `json:"allowedSources"` // Eps - slice containing LbEndPointArg Eps []LbEndPointArg `json:"endpoints"` } diff --git a/loxilb-ebpf b/loxilb-ebpf index fb08f59fc..2f8fa81f8 160000 --- a/loxilb-ebpf +++ b/loxilb-ebpf @@ -1 +1 @@ -Subproject commit fb08f59fcdd21b9f5a918d3c42e7763cafaae112 +Subproject commit 2f8fa81f8b6c397c3afd4d5034e806f8d4301fd7 diff --git a/pkg/loxinet/apiclient.go b/pkg/loxinet/apiclient.go index 16691ad4b..d168092a5 100644 --- a/pkg/loxinet/apiclient.go +++ b/pkg/loxinet/apiclient.go @@ -18,7 +18,6 @@ package loxinet import ( "errors" - cmn "github.com/loxilb-io/loxilb/common" tk "github.com/loxilb-io/loxilib" ) @@ -332,7 +331,7 @@ func (na *NetAPIStruct) NetLbRuleAdd(lm *cmn.LbRuleMod) (int, error) { mh.mtx.Lock() defer mh.mtx.Unlock() var ips []string - ret, err := mh.zr.Rules.AddLbRule(lm.Serv, lm.SecIPs[:], nil, lm.Eps[:]) + ret, err := mh.zr.Rules.AddLbRule(lm.Serv, lm.SecIPs[:], lm.SrcIPs[:], lm.Eps[:]) if err == nil && lm.Serv.Bgp { if mh.bgp != nil { ips = append(ips, lm.Serv.ServIP) diff --git a/pkg/loxinet/dpebpf_linux.go b/pkg/loxinet/dpebpf_linux.go index 2fb301a0c..0d8a0595c 100644 --- a/pkg/loxinet/dpebpf_linux.go +++ b/pkg/loxinet/dpebpf_linux.go @@ -955,7 +955,7 @@ func DpLBRuleMod(w *LBDpWorkQ) int { key.mark = C.uint(w.BlockNum) if w.NatType == DpSnat { - key.mark |= SrcChkFwMark + key.mark |= SnatFwMark } else { key.daddr = [4]C.uint{0, 0, 0, 0} if tk.IsNetIPv4(w.ServiceIP.String()) { @@ -969,6 +969,7 @@ func DpLBRuleMod(w *LBDpWorkQ) int { key.dport = C.ushort(tk.Htons(w.L4Port)) key.l4proto = C.ushort(w.Proto) key.zone = C.ushort(w.ZoneNum) + } dat := new(proxyActs) @@ -1823,10 +1824,11 @@ func (e *DpEbpfH) DpFwRuleMod(w *FwDpWorkQ) int { } else if w.FwType == DpFwTrap { fwe.fwa.ca.act_type = C.DP_SET_TOCP } - fwe.fwa.ca.mark = C.ushort(w.FwVal2) + fwe.fwa.ca.mark = C.uint(w.FwVal2) if w.FwRecord { fwe.fwa.ca.record = C.ushort(1) } + ret := C.llb_add_map_elem(C.LL_DP_FW4_MAP, unsafe.Pointer(fwe), unsafe.Pointer(nil)) if ret != 0 { tk.LogIt(tk.LogError, "ebpf fw error\n") @@ -1986,7 +1988,7 @@ func dpCTMapNotifierWorker(cti *DpCtInfo) { mh.dpEbpf.mtx.Lock() defer mh.dpEbpf.mtx.Unlock() - if addOp == false { + if !addOp { cti = mh.dpEbpf.ctMap[cti.Key()] if cti == nil || cti.Deleted > 0 { return diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go index a656a9846..62f2715a8 100644 --- a/pkg/loxinet/rules.go +++ b/pkg/loxinet/rules.go @@ -827,6 +827,10 @@ func (R *RuleH) GetLBRule() ([]cmn.LbRuleMod, error) { ret.SecIPs = append(ret.SecIPs, cmn.LbSecIPArg{SecIP: sip.sIP.String()}) } + for _, src := range data.srcList { + ret.SrcIPs = append(ret.SrcIPs, cmn.LbAllowedSrcIPArg{Prefix: src.srcPref.String()}) + } + data.DP(DpStatsGetImm) // Make Endpoints @@ -1495,8 +1499,6 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, al return RuleUnknownServiceErr, errors.New("malformed-service error") } - allowedSources = append(allowedSources, cmn.LbAllowedSrcIPArg{Prefix: "10.10.10.1/32"}) - privIP = nil if serv.PrivateIP != "" { privIP = net.ParseIP(serv.PrivateIP) @@ -2076,8 +2078,7 @@ func (R *RuleH) AddFwRule(fwRule cmn.FwRuleArg, fwOptArgs cmn.FwOptArg) (int, er return RuleArgsErr, errors.New("rule-snat error") } - fwOpts.opt.fwMark = uint32(uint16((r.ruleNum) | SnatFwMark)) - + fwOpts.opt.fwMark = uint32(r.ruleNum) | SnatFwMark } tk.LogIt(tk.LogDebug, "fw-rule added - %d:%s-%s\n", r.ruleNum, r.tuples.String(), r.act.String()) From 7cc726d10924a23e379adb8f15fb7a605c86e7c3 Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Tue, 19 Nov 2024 23:55:31 +0900 Subject: [PATCH 3/8] loxilb-io/loxilb#864 Initial support for lb source ranges --- loxilb-ebpf | 2 +- pkg/utils/marker.go | 62 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 pkg/utils/marker.go diff --git a/loxilb-ebpf b/loxilb-ebpf index fb08f59fc..2f8fa81f8 160000 --- a/loxilb-ebpf +++ b/loxilb-ebpf @@ -1 +1 @@ -Subproject commit fb08f59fcdd21b9f5a918d3c42e7763cafaae112 +Subproject commit 2f8fa81f8b6c397c3afd4d5034e806f8d4301fd7 diff --git a/pkg/utils/marker.go b/pkg/utils/marker.go new file mode 100644 index 000000000..6576b86c3 --- /dev/null +++ b/pkg/utils/marker.go @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: Apache 2.0 +// Copyright (c) 2024 NetLOX Inc + +package utils + +import ( + "errors" +) + +// Marker - context container +type Marker struct { + begin uint64 + end uint64 + start uint64 + len uint64 + cap uint64 + markers []uint64 +} + +// NewMarker - Allocate a set of markers +func NewMarker(begin uint64, length uint64) *Marker { + marker := new(Marker) + marker.markers = make([]uint64, length) + marker.begin = begin + marker.start = 0 + marker.end = length - 1 + marker.len = length + marker.cap = length + for i := uint64(0); i < length; i++ { + marker.markers[i] = i + 1 + } + marker.markers[length-1] = ^uint64(0) + return marker +} + +// GetMarker - Get next available marker +func (M *Marker) GetMarker() (uint64, error) { + if M.cap <= 0 || M.start == ^uint64(0) { + return ^uint64(0), errors.New("Overflow") + } + + M.cap-- + var rid = M.start + M.start = M.markers[rid] + M.markers[rid] = ^uint64(0) + return rid + M.begin, nil +} + +// ReleaseMarker - Return a marker to the available list +func (M *Marker) ReleaseMarker(id uint64) error { + if id < M.begin || id >= M.begin+M.len { + return errors.New("Range") + } + rid := id - M.begin + M.markers[rid] = M.start + M.start = rid + M.cap++ + if M.start == ^uint64(0) { + M.start = M.end + } + return nil +} From 6ffa2a1a644c1c37fc7e2a082915e2e309212166 Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Wed, 20 Nov 2024 10:49:47 +0900 Subject: [PATCH 4/8] loxilb-io/loxilb#864 Initial support for lb source ranges --- api/restapi/handler/firewall.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/api/restapi/handler/firewall.go b/api/restapi/handler/firewall.go index 93cb5a843..f0905863d 100644 --- a/api/restapi/handler/firewall.go +++ b/api/restapi/handler/firewall.go @@ -152,6 +152,11 @@ func ConfigGetFW(params operations.GetConfigFirewallAllParams) middleware.Respon var tmpResult models.FirewallEntry var tmpRule models.FirewallRuleEntry var tmpOpts models.FirewallOptionEntry + + if FW.Opts.Mark&0x40000000 != 0 { + continue + } + // Rule tmpRule.DestinationIP = FW.Rule.DstIP tmpRule.MaxDestinationPort = int64(FW.Rule.DstPortMax) From 320b3c1f65ed27c995ea142411253578555b47ce Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Wed, 20 Nov 2024 11:09:57 +0900 Subject: [PATCH 5/8] loxilb-io/loxilb#829 API invocation logs moved under trace level --- api/restapi/handler/cluster.go | 8 ++++---- api/restapi/handler/conntrack.go | 2 +- api/restapi/handler/endpoint.go | 6 +++--- api/restapi/handler/fdb.go | 6 +++--- api/restapi/handler/firewall.go | 6 +++--- api/restapi/handler/gobgp.go | 22 +++++++++++----------- api/restapi/handler/ipv4address.go | 6 +++--- api/restapi/handler/loadbalancer.go | 8 ++++---- api/restapi/handler/mirror.go | 6 +++--- api/restapi/handler/neighbor.go | 6 +++--- api/restapi/handler/params.go | 4 ++-- api/restapi/handler/policy.go | 6 +++--- api/restapi/handler/port.go | 2 +- api/restapi/handler/route.go | 6 +++--- api/restapi/handler/session.go | 12 ++++++------ api/restapi/handler/status.go | 6 +++--- api/restapi/handler/vlan.go | 10 +++++----- api/restapi/handler/vxlan.go | 10 +++++----- 18 files changed, 66 insertions(+), 66 deletions(-) diff --git a/api/restapi/handler/cluster.go b/api/restapi/handler/cluster.go index e04cb436e..ae9d20d7a 100644 --- a/api/restapi/handler/cluster.go +++ b/api/restapi/handler/cluster.go @@ -46,7 +46,7 @@ func ConfigGetCIState(params operations.GetConfigCistateAllParams) middleware.Re } func ConfigPostCIState(params operations.PostConfigCistateParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: HA %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: HA %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var hasMod cmn.HASMod @@ -67,7 +67,7 @@ func ConfigPostCIState(params operations.PostConfigCistateParams) middleware.Res func ConfigGetBFDSession(params operations.GetConfigBfdAllParams) middleware.Responder { var result []*models.BfdGetEntry result = make([]*models.BfdGetEntry, 0) - tk.LogIt(tk.LogDebug, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) bfdMod, err := ApiHooks.NetBFDGet() if err != nil { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", err) @@ -90,7 +90,7 @@ func ConfigGetBFDSession(params operations.GetConfigBfdAllParams) middleware.Res } func ConfigPostBFDSession(params operations.PostConfigBfdParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: HA %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: HA %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bfdMod cmn.BFDMod @@ -112,7 +112,7 @@ func ConfigPostBFDSession(params operations.PostConfigBfdParams) middleware.Resp } func ConfigDeleteBFDSession(params operations.DeleteConfigBfdRemoteIPRemoteIPParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: HA %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: HA %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bfdMod cmn.BFDMod diff --git a/api/restapi/handler/conntrack.go b/api/restapi/handler/conntrack.go index 9f993f565..6edaa3102 100644 --- a/api/restapi/handler/conntrack.go +++ b/api/restapi/handler/conntrack.go @@ -23,7 +23,7 @@ import ( ) func ConfigGetConntrack(params operations.GetConfigConntrackAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Conntrack %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Conntrack %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) // Get Conntrack informations res, err := ApiHooks.NetCtInfoGet() if err != nil { diff --git a/api/restapi/handler/endpoint.go b/api/restapi/handler/endpoint.go index 3707c839f..ad339dca6 100644 --- a/api/restapi/handler/endpoint.go +++ b/api/restapi/handler/endpoint.go @@ -25,7 +25,7 @@ import ( func ConfigGetEndPoint(params operations.GetConfigEndpointAllParams) middleware.Responder { // Get endpoint rules - tk.LogIt(tk.LogDebug, "api: EndPoint %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: EndPoint %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetEpHostGet() if err != nil { @@ -58,7 +58,7 @@ func ConfigGetEndPoint(params operations.GetConfigEndpointAllParams) middleware. } func ConfigPostEndPoint(params operations.PostConfigEndpointParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: EndPoint %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: EndPoint %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) EP := cmn.EndPointMod{} EP.HostName = params.Attr.HostName @@ -78,7 +78,7 @@ func ConfigPostEndPoint(params operations.PostConfigEndpointParams) middleware.R } func ConfigDeleteEndPoint(params operations.DeleteConfigEndpointEpipaddressIPAddressParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: EndPoint %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: EndPoint %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) EP := cmn.EndPointMod{} EP.HostName = params.IPAddress diff --git a/api/restapi/handler/fdb.go b/api/restapi/handler/fdb.go index ffcd33cf9..bc1b60aa1 100644 --- a/api/restapi/handler/fdb.go +++ b/api/restapi/handler/fdb.go @@ -24,7 +24,7 @@ import ( ) func ConfigPostFDB(params operations.PostConfigFdbParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: FDB %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: FDB %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.AddFDBNoHook(params.Attr.MacAddress, params.Attr.Dev) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -33,7 +33,7 @@ func ConfigPostFDB(params operations.PostConfigFdbParams) middleware.Responder { } func ConfigDeleteFDB(params operations.DeleteConfigFdbMacAddressDevIfNameParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: FDB %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: FDB %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.DelFDBNoHook(params.MacAddress, params.IfName) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -42,7 +42,7 @@ func ConfigDeleteFDB(params operations.DeleteConfigFdbMacAddressDevIfNameParams) } func ConfigGetFDB(params operations.GetConfigFdbAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: FDB %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: FDB %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) fdbs, _ := loxinlp.GetFDBNoHook() var result []*models.FDBEntry result = make([]*models.FDBEntry, 0) diff --git a/api/restapi/handler/firewall.go b/api/restapi/handler/firewall.go index f0905863d..009ab9f01 100644 --- a/api/restapi/handler/firewall.go +++ b/api/restapi/handler/firewall.go @@ -26,7 +26,7 @@ import ( ) func ConfigPostFW(params operations.PostConfigFirewallParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL) Opts := cmn.FwOptArg{} Rules := cmn.FwRuleArg{} FW := cmn.FwRuleMod{} @@ -80,7 +80,7 @@ func ConfigPostFW(params operations.PostConfigFirewallParams) middleware.Respond } func ConfigDeleteFW(params operations.DeleteConfigFirewallParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL) Rules := cmn.FwRuleArg{} FW := cmn.FwRuleMod{} @@ -144,7 +144,7 @@ func ConfigDeleteFW(params operations.DeleteConfigFirewallParams) middleware.Res } func ConfigGetFW(params operations.GetConfigFirewallAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL) res, _ := ApiHooks.NetFwRuleGet() var result []*models.FirewallEntry result = make([]*models.FirewallEntry, 0) diff --git a/api/restapi/handler/gobgp.go b/api/restapi/handler/gobgp.go index ccd00498a..64c03fc2e 100644 --- a/api/restapi/handler/gobgp.go +++ b/api/restapi/handler/gobgp.go @@ -26,7 +26,7 @@ import ( ) func ConfigGetBGPNeigh(params operations.GetConfigBgpNeighAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetGoBGPNeighGet() if err != nil { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", err) @@ -47,7 +47,7 @@ func ConfigGetBGPNeigh(params operations.GetConfigBgpNeighAllParams) middleware. return operations.NewGetConfigBgpNeighAllOK().WithPayload(&operations.GetConfigBgpNeighAllOKBody{BgpNeiAttr: result}) } func ConfigPostBGPNeigh(params operations.PostConfigBgpNeighParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bgpNeighMod cmn.GoBGPNeighMod // IP address @@ -72,7 +72,7 @@ func ConfigPostBGPNeigh(params operations.PostConfigBgpNeighParams) middleware.R } func ConfigDeleteBGPNeigh(params operations.DeleteConfigBgpNeighIPAddressParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bgpNeighMod cmn.GoBGPNeighMod // IP address @@ -91,7 +91,7 @@ func ConfigDeleteBGPNeigh(params operations.DeleteConfigBgpNeighIPAddressParams) } func ConfigPostBGPGlobal(params operations.PostConfigBgpGlobalParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Global Config %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Global Config %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bgpG cmn.GoBGPGlobalConfig // Router ID @@ -119,7 +119,7 @@ func ConfigPostBGPGlobal(params operations.PostConfigBgpGlobalParams) middleware } func ConfigPostBGPPolicyDefinedsets(params operations.PostConfigBgpPolicyDefinedsetsDefinesetTypeParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Policy DefinedSet %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Policy DefinedSet %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bgpPolicyDefinedSet cmn.GoBGPPolicyDefinedSetMod // name @@ -148,7 +148,7 @@ func ConfigPostBGPPolicyDefinedsets(params operations.PostConfigBgpPolicyDefined } func ConfigDeleteBGPPolicyDefinedsets(params operations.DeleteConfigBgpPolicyDefinedsetsDefinesetTypeTypeNameParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Policy DefinedSet %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Policy DefinedSet %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bgpPolicyConfig cmn.GoBGPPolicyDefinedSetMod bgpPolicyConfig.Name = params.TypeName @@ -164,7 +164,7 @@ func ConfigDeleteBGPPolicyDefinedsets(params operations.DeleteConfigBgpPolicyDef } func ConfigGetBGPPolicyDefinedSetGet(params operations.GetConfigBgpPolicyDefinedsetsDefinesetTypeTypeNameParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP DefinedSet %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP DefinedSet %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetGoBGPPolicyDefinedSetGet(params.TypeName, params.DefinesetType) if err != nil { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", err) @@ -194,7 +194,7 @@ func ConfigGetBGPPolicyDefinedSetGet(params operations.GetConfigBgpPolicyDefined } func ConfigPostBGPPolicyDefinitions(params operations.PostConfigBgpPolicyDefinitionsParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Policy Definitions %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Policy Definitions %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bgpPolicyConfig cmn.GoBGPPolicyDefinitionsMod // name @@ -302,7 +302,7 @@ func ConfigDeleteBGPPolicyDefinitions(params operations.DeleteConfigBgpPolicyDef } func ConfigGetBGPPolicyDefinitions(params operations.GetConfigBgpPolicyDefinitionsAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Policy Definitions %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Policy Definitions %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetGoBGPPolicyDefinitionsGet() if err != nil { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", err) @@ -400,7 +400,7 @@ func ConfigGetBGPPolicyDefinitions(params operations.GetConfigBgpPolicyDefinitio } func ConfigPostBGPPolicyApply(params operations.PostConfigBgpPolicyApplyParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Policy Apply %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Policy Apply %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bgpPolicyConfig cmn.GoBGPPolicyApply bgpPolicyConfig.NeighIPAddress = params.Attr.IPAddress @@ -417,7 +417,7 @@ func ConfigPostBGPPolicyApply(params operations.PostConfigBgpPolicyApplyParams) } func ConfigDeleteBGPPolicyApply(params operations.DeleteConfigBgpPolicyApplyParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: BGP Policy Apply %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: BGP Policy Apply %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var bgpPolicyConfig cmn.GoBGPPolicyApply bgpPolicyConfig.NeighIPAddress = params.Attr.IPAddress diff --git a/api/restapi/handler/ipv4address.go b/api/restapi/handler/ipv4address.go index 79c42edf7..c2d490a33 100644 --- a/api/restapi/handler/ipv4address.go +++ b/api/restapi/handler/ipv4address.go @@ -26,7 +26,7 @@ import ( ) func ConfigPostIPv4Address(params operations.PostConfigIpv4addressParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: IPv4 address %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: IPv4 address %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.AddAddrNoHook(params.Attr.IPAddress, params.Attr.Dev) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -35,7 +35,7 @@ func ConfigPostIPv4Address(params operations.PostConfigIpv4addressParams) middle } func ConfigDeleteIPv4Address(params operations.DeleteConfigIpv4addressIPAddressMaskDevIfNameParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: IPv4 address %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: IPv4 address %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ipNet := fmt.Sprintf("%s/%s", params.IPAddress, params.Mask) ret := loxinlp.DelAddrNoHook(ipNet, params.IfName) if ret != 0 { @@ -45,7 +45,7 @@ func ConfigDeleteIPv4Address(params operations.DeleteConfigIpv4addressIPAddressM } func ConfigGetIPv4Address(params operations.GetConfigIpv4addressAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: IPv4 address %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: IPv4 address %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, _ := ApiHooks.NetAddrGet() var result []*models.IPV4AddressGetEntry result = make([]*models.IPV4AddressGetEntry, 0) diff --git a/api/restapi/handler/loadbalancer.go b/api/restapi/handler/loadbalancer.go index 3ac644e1c..90f2398a4 100644 --- a/api/restapi/handler/loadbalancer.go +++ b/api/restapi/handler/loadbalancer.go @@ -24,7 +24,7 @@ import ( ) func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var lbRules cmn.LbRuleMod @@ -86,7 +86,7 @@ func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) midd } func ConfigDeleteLoadbalancer(params operations.DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var lbServ cmn.LbServiceArg var lbRules cmn.LbRuleMod @@ -116,7 +116,7 @@ func ConfigDeleteLoadbalancer(params operations.DeleteConfigLoadbalancerHosturlH } func ConfigDeleteLoadbalancerWithoutPath(params operations.DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var lbServ cmn.LbServiceArg var lbRules cmn.LbRuleMod @@ -143,7 +143,7 @@ func ConfigDeleteLoadbalancerWithoutPath(params operations.DeleteConfigLoadbalan func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) middleware.Responder { // Get LB rules - tk.LogIt(tk.LogDebug, "api: Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetLbRuleGet() if err != nil { diff --git a/api/restapi/handler/mirror.go b/api/restapi/handler/mirror.go index 79c75cc53..f152d775d 100644 --- a/api/restapi/handler/mirror.go +++ b/api/restapi/handler/mirror.go @@ -27,7 +27,7 @@ import ( ) func ConfigPostMirror(params operations.PostConfigMirrorParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Mirror %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Mirror %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var MirrMod cmn.MirrMod @@ -62,7 +62,7 @@ func ConfigPostMirror(params operations.PostConfigMirrorParams) middleware.Respo } func ConfigDeleteMirror(params operations.DeleteConfigMirrorIdentIdentParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Mirror %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Mirror %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var MirrMod cmn.MirrMod MirrMod.Ident = params.Ident @@ -77,7 +77,7 @@ func ConfigDeleteMirror(params operations.DeleteConfigMirrorIdentIdentParams) mi } func ConfigGetMirror(params operations.GetConfigMirrorAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Mirror %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Mirror %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetMirrorGet() if err != nil { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", err) diff --git a/api/restapi/handler/neighbor.go b/api/restapi/handler/neighbor.go index 1343e4bb0..b01850537 100644 --- a/api/restapi/handler/neighbor.go +++ b/api/restapi/handler/neighbor.go @@ -25,7 +25,7 @@ import ( ) func ConfigPostNeighbor(params operations.PostConfigNeighborParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: IPv4 Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: IPv4 Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.AddNeighNoHook(params.Attr.IPAddress, params.Attr.Dev, params.Attr.MacAddress) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -34,7 +34,7 @@ func ConfigPostNeighbor(params operations.PostConfigNeighborParams) middleware.R } func ConfigDeleteNeighbor(params operations.DeleteConfigNeighborIPAddressDevIfNameParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: IPv4 Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: IPv4 Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.DelNeighNoHook(params.IPAddress, params.IfName) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -43,7 +43,7 @@ func ConfigDeleteNeighbor(params operations.DeleteConfigNeighborIPAddressDevIfNa } func ConfigGetNeighbor(params operations.GetConfigNeighborAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: IPv4 Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: IPv4 Neighbor %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, _ := ApiHooks.NetNeighGet() var result []*models.NeighborEntry result = make([]*models.NeighborEntry, 0) diff --git a/api/restapi/handler/params.go b/api/restapi/handler/params.go index 59e13aa0a..a4c4363c0 100644 --- a/api/restapi/handler/params.go +++ b/api/restapi/handler/params.go @@ -25,7 +25,7 @@ import ( ) func ConfigPostParams(params operations.PostConfigParamsParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Params %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Params %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var param cmn.ParamMod @@ -41,7 +41,7 @@ func ConfigPostParams(params operations.PostConfigParamsParams) middleware.Respo } func ConfigGetParams(params operations.GetConfigParamsParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var param cmn.ParamMod var payload models.OperParams diff --git a/api/restapi/handler/policy.go b/api/restapi/handler/policy.go index a0d3d5b59..85af88a9d 100644 --- a/api/restapi/handler/policy.go +++ b/api/restapi/handler/policy.go @@ -25,7 +25,7 @@ import ( ) func ConfigPostPolicy(params operations.PostConfigPolicyParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Policy %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Policy %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var polMod cmn.PolMod @@ -60,7 +60,7 @@ func ConfigPostPolicy(params operations.PostConfigPolicyParams) middleware.Respo } func ConfigDeletePolicy(params operations.DeleteConfigPolicyIdentIdentParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Policy %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Policy %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var polMod cmn.PolMod polMod.Ident = params.Ident @@ -75,7 +75,7 @@ func ConfigDeletePolicy(params operations.DeleteConfigPolicyIdentIdentParams) mi } func ConfigGetPolicy(params operations.GetConfigPolicyAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Policy %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Policy %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetPolicerGet() if err != nil { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", err) diff --git a/api/restapi/handler/port.go b/api/restapi/handler/port.go index 699405a66..2d5c9c4a3 100644 --- a/api/restapi/handler/port.go +++ b/api/restapi/handler/port.go @@ -24,7 +24,7 @@ import ( ) func ConfigGetPort(params operations.GetConfigPortAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Port %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Port %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) // Get Port informations ports, err := ApiHooks.NetPortGet() diff --git a/api/restapi/handler/route.go b/api/restapi/handler/route.go index c7f7af2ce..128617014 100644 --- a/api/restapi/handler/route.go +++ b/api/restapi/handler/route.go @@ -28,7 +28,7 @@ import ( ) func ConfigPostRoute(params operations.PostConfigRouteParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Route %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Route %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.AddRouteNoHook(params.Attr.DestinationIPNet, params.Attr.Gateway, params.Attr.Protocol) if ret != 0 { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", ret) @@ -38,7 +38,7 @@ func ConfigPostRoute(params operations.PostConfigRouteParams) middleware.Respond } func ConfigDeleteRoute(params operations.DeleteConfigRouteDestinationIPNetIPAddressMaskParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Route %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Route %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) DstIP := fmt.Sprintf("%s/%d", params.IPAddress, params.Mask) ret := loxinlp.DelRouteNoHook(DstIP) if ret != 0 { @@ -49,7 +49,7 @@ func ConfigDeleteRoute(params operations.DeleteConfigRouteDestinationIPNetIPAddr } func ConfigGetRoute(params operations.GetConfigRouteAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Route %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Route %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, _ := ApiHooks.NetRouteGet() var result []*models.RouteGetEntry result = make([]*models.RouteGetEntry, 0) diff --git a/api/restapi/handler/session.go b/api/restapi/handler/session.go index 854b91eea..5a4b4b871 100644 --- a/api/restapi/handler/session.go +++ b/api/restapi/handler/session.go @@ -28,7 +28,7 @@ import ( ) func ConfigPostSession(params operations.PostConfigSessionParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Session %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Session %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var sessionMod cmn.SessionMod // Default Setting @@ -51,7 +51,7 @@ func ConfigPostSession(params operations.PostConfigSessionParams) middleware.Res } func ConfigDeleteSession(params operations.DeleteConfigSessionIdentIdentParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Session %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Session %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var sessionMod cmn.SessionMod // Default Setting @@ -66,7 +66,7 @@ func ConfigDeleteSession(params operations.DeleteConfigSessionIdentIdentParams) } func ConfigPostSessionUlCl(params operations.PostConfigSessionulclParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Session UlCl %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Session UlCl %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var sessionulclMod cmn.SessionUlClMod // Default Setting @@ -85,7 +85,7 @@ func ConfigPostSessionUlCl(params operations.PostConfigSessionulclParams) middle } func ConfigDeleteSessionUlCl(params operations.DeleteConfigSessionulclIdentIdentUlclAddressIPAddressParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Session UlCl %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Session UlCl %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) var sessionulclMod cmn.SessionUlClMod @@ -105,7 +105,7 @@ func ConfigDeleteSessionUlCl(params operations.DeleteConfigSessionulclIdentIdent func ConfigGetSession(params operations.GetConfigSessionAllParams) middleware.Responder { // Get Session rules - tk.LogIt(tk.LogDebug, "api: Session %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Session %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetSessionGet() if err != nil { @@ -142,7 +142,7 @@ func ConfigGetSession(params operations.GetConfigSessionAllParams) middleware.Re func ConfigGetSessionUlCl(params operations.GetConfigSessionulclAllParams) middleware.Responder { // Get Ulcl rules - tk.LogIt(tk.LogDebug, "api: Session UlCl %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Session UlCl %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := ApiHooks.NetSessionUlClGet() if err != nil { diff --git a/api/restapi/handler/status.go b/api/restapi/handler/status.go index 24c6a3a8c..02e7770fa 100644 --- a/api/restapi/handler/status.go +++ b/api/restapi/handler/status.go @@ -24,7 +24,7 @@ import ( ) func ConfigGetProcess(params operations.GetStatusProcessParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) //var result []*models.ProcessInfoEntry process := status.ProcessInfoGet() @@ -32,7 +32,7 @@ func ConfigGetProcess(params operations.GetStatusProcessParams) middleware.Respo } func ConfigGetDevice(params operations.GetStatusDeviceParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) // Get Conntrack informations res, err := status.DeviceInfoGet() if err != nil { @@ -43,7 +43,7 @@ func ConfigGetDevice(params operations.GetStatusDeviceParams) middleware.Respond } func ConfigGetFileSystem(params operations.GetStatusFilesystemParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Status %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, err := status.FileSystemInfoGet() if err != nil { tk.LogIt(tk.LogDebug, "api: Error occur : %v\n", err) diff --git a/api/restapi/handler/vlan.go b/api/restapi/handler/vlan.go index 8715f1df5..02d7b2ecd 100644 --- a/api/restapi/handler/vlan.go +++ b/api/restapi/handler/vlan.go @@ -24,7 +24,7 @@ import ( ) func ConfigPostVLAN(params operations.PostConfigVlanParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.AddVLANNoHook(int(params.Attr.Vid)) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -33,7 +33,7 @@ func ConfigPostVLAN(params operations.PostConfigVlanParams) middleware.Responder } func ConfigDeleteVLAN(params operations.DeleteConfigVlanVlanIDParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.DelVLANNoHook(int(params.VlanID)) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -42,7 +42,7 @@ func ConfigDeleteVLAN(params operations.DeleteConfigVlanVlanIDParams) middleware } func ConfigPostVLANMember(params operations.PostConfigVlanVlanIDMemberParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.AddVLANMemberNoHook(int(params.VlanID), params.Attr.Dev, params.Attr.Tagged) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -51,7 +51,7 @@ func ConfigPostVLANMember(params operations.PostConfigVlanVlanIDMemberParams) mi } func ConfigDeleteVLANMember(params operations.DeleteConfigVlanVlanIDMemberIfNameTaggedTaggedParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.DelVLANMemberNoHook(int(params.VlanID), params.IfName, params.Tagged) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -60,7 +60,7 @@ func ConfigDeleteVLANMember(params operations.DeleteConfigVlanVlanIDMemberIfName } func ConfigGetVLAN(params operations.GetConfigVlanAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: Vlan %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) res, _ := ApiHooks.NetVlanGet() var result []*models.VlanGetEntry result = make([]*models.VlanGetEntry, 0) diff --git a/api/restapi/handler/vxlan.go b/api/restapi/handler/vxlan.go index 58a89d044..07bca7676 100644 --- a/api/restapi/handler/vxlan.go +++ b/api/restapi/handler/vxlan.go @@ -24,7 +24,7 @@ import ( ) func ConfigPostVxLAN(params operations.PostConfigTunnelVxlanParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.AddVxLANBridgeNoHook(int(params.Attr.VxlanID), params.Attr.EpIntf) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -33,7 +33,7 @@ func ConfigPostVxLAN(params operations.PostConfigTunnelVxlanParams) middleware.R } func ConfigDeleteVxLAN(params operations.DeleteConfigTunnelVxlanVxlanIDParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.DelVxLANNoHook(int(params.VxlanID)) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -42,7 +42,7 @@ func ConfigDeleteVxLAN(params operations.DeleteConfigTunnelVxlanVxlanIDParams) m } func ConfigPostVxLANPeer(params operations.PostConfigTunnelVxlanVxlanIDPeerParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.AddVxLANPeerNoHook(int(params.VxlanID), params.Attr.PeerIP) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -51,7 +51,7 @@ func ConfigPostVxLANPeer(params operations.PostConfigTunnelVxlanVxlanIDPeerParam } func ConfigDeleteVxLANPeer(params operations.DeleteConfigTunnelVxlanVxlanIDPeerPeerIPParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) ret := loxinlp.DelVxLANPeerNoHook(int(params.VxlanID), params.PeerIP) if ret != 0 { return &ResultResponse{Result: "fail"} @@ -60,7 +60,7 @@ func ConfigDeleteVxLANPeer(params operations.DeleteConfigTunnelVxlanVxlanIDPeerP } func ConfigGetVxLAN(params operations.GetConfigTunnelVxlanAllParams) middleware.Responder { - tk.LogIt(tk.LogDebug, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) + tk.LogIt(tk.LogTrace, "api: VxLAN %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL) peers, _ := loxinlp.GetVxLANPeerNoHook() ports, err := ApiHooks.NetPortGet() From d5d8528f7d1a7be2094ffcfa216b1f022d5031dd Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Wed, 20 Nov 2024 11:52:44 +0900 Subject: [PATCH 6/8] loxilb-io/loxilb#864 Initial support for lb source ranges --- loxilb-ebpf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/loxilb-ebpf b/loxilb-ebpf index 2f8fa81f8..4bf6e3e36 160000 --- a/loxilb-ebpf +++ b/loxilb-ebpf @@ -1 +1 @@ -Subproject commit 2f8fa81f8b6c397c3afd4d5034e806f8d4301fd7 +Subproject commit 4bf6e3e36ae7de560fe2cfe6811cb635333af979 From 739a3b6b8c5a68254201ee3a2dc569b42c3b09dc Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Wed, 20 Nov 2024 14:48:07 +0900 Subject: [PATCH 7/8] loxilb-io/loxilb#864 Allow modifications for allowed source for LB --- loxilb-ebpf | 2 +- pkg/loxinet/rules.go | 50 ++++++++++++++++++++++++++++++++++++++------ 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/loxilb-ebpf b/loxilb-ebpf index 4bf6e3e36..a3edc2fdf 160000 --- a/loxilb-ebpf +++ b/loxilb-ebpf @@ -1 +1 @@ -Subproject commit 4bf6e3e36ae7de560fe2cfe6811cb635333af979 +Subproject commit a3edc2fdf2906f0bcd4a0131af839f184802dd48 diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go index 62f2715a8..9be090f2e 100644 --- a/pkg/loxinet/rules.go +++ b/pkg/loxinet/rules.go @@ -1040,7 +1040,7 @@ func (R *RuleH) addAllowedLbSrc(CIDR string, lbMark uint32) *allowedSrcElem { return nil } - if lbMark >= 14 { + if lbMark >= 30 { tk.LogIt(tk.LogError, "allowed-src lbmark out-of-range\n") return nil } @@ -1080,7 +1080,7 @@ addFw: R.lbSrcMap[CIDR] = srcElem } - tk.LogIt(tk.LogInfo, "added allowed-cidr %s: 0x%x\n", srcPref.String(), srcElem.lbmark) + tk.LogIt(tk.LogInfo, "added allowed-cidr %s: 0x%x(%v)\n", srcPref.String(), srcElem.lbmark, srcElem.ref) return srcElem } @@ -1091,7 +1091,7 @@ func (R *RuleH) deleteAllowedLbSrc(CIDR string, lbMark uint32) error { return errors.New("no such allowed src prefix") } - if lbMark >= 14 { + if lbMark >= 30 { tk.LogIt(tk.LogError, "allowed-src lbmark out-of-range\n") return nil } @@ -1660,10 +1660,27 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, al if eRule.hChk.prbType != serv.ProbeType || eRule.hChk.prbPort != serv.ProbePort || eRule.hChk.prbReq != serv.ProbeReq || eRule.hChk.prbResp != serv.ProbeResp || eRule.pTO != serv.PersistTimeout || eRule.act.action.(*ruleLBActs).sel != lBActs.sel || - eRule.act.action.(*ruleLBActs).mode != lBActs.mode { + eRule.act.action.(*ruleLBActs).mode != lBActs.mode || + len(allowedSources) != len(eRule.srcList) { ruleChg = true } + if len(allowedSources) == len(eRule.srcList) { + for _, newSrc := range allowedSources { + srcMatch := false + for _, src := range eRule.srcList { + if src.srcPref.String() != newSrc.Prefix { + srcMatch = true + break + } + } + if !srcMatch { + ruleChg = true + break + } + } + } + if !ruleChg { return RuleExistsErr, errors.New("lbrule-exists error") } @@ -1691,6 +1708,26 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, al } } + eSrcList := eRule.srcList + eRule.srcList = nil + + for _, allowedSource := range allowedSources { + srcElem := R.addAllowedLbSrc(allowedSource.Prefix, uint32(eRule.ruleNum)) + if srcElem == nil { + for _, src := range eRule.srcList { + R.deleteAllowedLbSrc(src.srcPref.String(), uint32(eRule.ruleNum)) + } + eRule.srcList = eSrcList + tk.LogIt(tk.LogError, "nat lb-rule - %s:%s allowedSRC error\n", eRule.tuples.String(), eRule.act.String()) + return RuleAllocErr, errors.New("rule-allowed-src error") + } + eRule.srcList = append(eRule.srcList, srcElem) + } + + for _, srcElem := range eSrcList { + R.deleteAllowedLbSrc(srcElem.srcPref.String(), uint32(eRule.ruleNum)) + } + // Update the rule eRule.hChk.prbType = serv.ProbeType eRule.hChk.prbPort = serv.ProbePort @@ -2004,8 +2041,9 @@ func (R *RuleH) AddFwRule(fwRule cmn.FwRuleArg, fwOptArgs cmn.FwOptArg) (int, er eFw := R.tables[RtFw].eMap[rt.ruleKey()] if eFw != nil { - if fwOpts.opt.fwMark != fwOptArgs.Mark { - fwOpts.opt.fwMark = fwOptArgs.Mark + if eFw.act.action.(*ruleFwOpts).opt.fwMark != fwOptArgs.Mark { + eFw.Fw2DP(DpRemove) + eFw.act.action.(*ruleFwOpts).opt.fwMark = fwOptArgs.Mark eFw.Fw2DP(DpCreate) } // If a FW rule already exists From 9faac0713ae45406a4170eae58b75536436cc0db Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Wed, 20 Nov 2024 14:50:54 +0900 Subject: [PATCH 8/8] loxilb-io/loxilb#864 added cicd scripts --- cicd/tcplb-src/config.sh | 42 +++++++++++++++++++++++ cicd/tcplb-src/rmconfig.sh | 18 ++++++++++ cicd/tcplb-src/validation.sh | 64 ++++++++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+) create mode 100755 cicd/tcplb-src/config.sh create mode 100755 cicd/tcplb-src/rmconfig.sh create mode 100755 cicd/tcplb-src/validation.sh diff --git a/cicd/tcplb-src/config.sh b/cicd/tcplb-src/config.sh new file mode 100755 index 000000000..fbf14d197 --- /dev/null +++ b/cicd/tcplb-src/config.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +source ../common.sh + +echo "#########################################" +echo "Spawning all hosts" +echo "#########################################" + +spawn_docker_host --dock-type loxilb --dock-name llb1 +spawn_docker_host --dock-type host --dock-name l3h1 +spawn_docker_host --dock-type host --dock-name l3ep1 +spawn_docker_host --dock-type host --dock-name l3ep2 +spawn_docker_host --dock-type host --dock-name l3ep3 + +echo "#########################################" +echo "Connecting and configuring hosts" +echo "#########################################" + + +connect_docker_hosts l3h1 llb1 +connect_docker_hosts l3ep1 llb1 +connect_docker_hosts l3ep2 llb1 +connect_docker_hosts l3ep3 llb1 + +sleep 5 + +#L3 config +config_docker_host --host1 l3h1 --host2 llb1 --ptype phy --addr 10.10.10.1/24 --gw 10.10.10.254 +config_docker_host --host1 l3ep1 --host2 llb1 --ptype phy --addr 31.31.31.1/24 --gw 31.31.31.254 +config_docker_host --host1 l3ep2 --host2 llb1 --ptype phy --addr 32.32.32.1/24 --gw 32.32.32.254 +config_docker_host --host1 l3ep3 --host2 llb1 --ptype phy --addr 33.33.33.1/24 --gw 33.33.33.254 +config_docker_host --host1 llb1 --host2 l3h1 --ptype phy --addr 10.10.10.254/24 +config_docker_host --host1 llb1 --host2 l3ep1 --ptype phy --addr 31.31.31.254/24 +config_docker_host --host1 llb1 --host2 l3ep2 --ptype phy --addr 32.32.32.254/24 +config_docker_host --host1 llb1 --host2 l3ep3 --ptype phy --addr 33.33.33.254/24 + +$dexec llb1 ip addr add 10.10.10.3/32 dev lo + +sleep 5 +create_lb_rule llb1 20.20.20.1 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 --sources=10.10.10.1/32 +create_lb_rule llb1 10.10.10.254 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 --sources=10.10.10.1/32 +create_lb_rule llb1 10.10.10.3 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 --sources=10.10.10.1/32 diff --git a/cicd/tcplb-src/rmconfig.sh b/cicd/tcplb-src/rmconfig.sh new file mode 100755 index 000000000..9ea80577f --- /dev/null +++ b/cicd/tcplb-src/rmconfig.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +source ../common.sh + +disconnect_docker_hosts l3h1 llb1 +disconnect_docker_hosts l3ep1 llb1 +disconnect_docker_hosts l3ep2 llb1 +disconnect_docker_hosts l3ep3 llb1 + +delete_docker_host llb1 +delete_docker_host l3h1 +delete_docker_host l3ep1 +delete_docker_host l3ep2 +delete_docker_host l3ep3 + +echo "#########################################" +echo "Deleted testbed" +echo "#########################################" diff --git a/cicd/tcplb-src/validation.sh b/cicd/tcplb-src/validation.sh new file mode 100755 index 000000000..e7447fb9d --- /dev/null +++ b/cicd/tcplb-src/validation.sh @@ -0,0 +1,64 @@ +#!/bin/bash +source ../common.sh +echo SCENARIO-tcplb +$hexec l3ep1 node ../common/tcp_server.js server1 & +$hexec l3ep2 node ../common/tcp_server.js server2 & +$hexec l3ep3 node ../common/tcp_server.js server3 & + +sleep 5 +code=0 +servIP=( "10.10.10.254" "20.20.20.1" "10.10.10.3" ) +servArr=( "server1" "server2" "server3" ) +ep=( "31.31.31.1" "32.32.32.1" "33.33.33.1" ) +j=0 +waitCount=0 +while [ $j -le 2 ] +do + res=$($hexec l3h1 curl --max-time 10 -s ${ep[j]}:8080) + #echo $res + if [[ $res == "${servArr[j]}" ]] + then + echo "$res UP" + j=$(( $j + 1 )) + else + echo "Waiting for ${servArr[j]}(${ep[j]})" + waitCount=$(( $waitCount + 1 )) + if [[ $waitCount == 10 ]]; + then + echo "All Servers are not UP" + echo SCENARIO-tcplb [FAILED] + sudo killall -9 node 2>&1 > /dev/null + exit 1 + fi + fi + sleep 1 +done + +for k in {0..2} +do +echo "Testing Service IP: ${servIP[k]}" +lcode=0 +for i in {1..4} +do +for j in {0..2} +do + res=$($hexec l3h1 curl --max-time 10 -s ${servIP[k]}:2020) + echo $res + if [[ $res != "${servArr[j]}" ]] + then + lcode=1 + fi + sleep 1 +done +done +if [[ $lcode == 0 ]] +then + echo SCENARIO-tcplb with ${servIP[k]} [OK] +else + echo SCENARIO-tcplb with ${servIP[k]} [FAILED] + code=1 +fi +done + +sudo killall -9 node 2>&1 > /dev/null +exit $code