sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

IPv6 Classification is initially updated

This commit is contained in:
Sukchan Lee 2017-12-15 09:13:14 +00:00
parent cc762f3c00
commit 08b88eba73
5 changed files with 103 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
src/pgw/pgw_context.c
View File

@ -1062,8 +1062,12 @@ pgw_bearer_t* pgw_bearer_find_by_packet(pkbuf_t *pkt)
pgw_sess_t *sess = NULL;
struct ip *ip_h = NULL;
struct ip6_hdr *ip6_h = NULL;
char buf1[CORE_ADDRSTRLEN];
char buf2[CORE_ADDRSTRLEN];
c_uint32_t *src_addr = NULL;
c_uint32_t *dst_addr = NULL;
int addr_len = 0;
c_uint8_t proto = 0;
int ip_hlen = 0;
char buf[CORE_ADDRSTRLEN];
d_assert(pkt, return NULL, "pkt is NULL");
@ -1072,27 +1076,37 @@ pgw_bearer_t* pgw_bearer_find_by_packet(pkbuf_t *pkt)
{
ip_h = (struct ip *)pkt->payload;
ip6_h = NULL;
proto = ip_h->ip_p;
ip_hlen = (ip_h->ip_hl)*4;
src_addr = &ip_h->ip_src.s_addr;
dst_addr = &ip_h->ip_dst.s_addr;
addr_len = 4;
}
else if (ip_h->ip_v == 6)
{
ip_h = NULL;
ip6_h = (struct ip6_hdr *)pkt->payload;
proto = ip6_h->ip6_nxt;
ip_hlen = 40; /* TODO */
src_addr = (c_uint32_t *)ip6_h->ip6_src.s6_addr;
dst_addr = (c_uint32_t *)ip6_h->ip6_dst.s6_addr;
addr_len = 16;
}
else
{
d_error("Invalid IP version = %d\n", ip_h->ip_v);
}
if (ip_h)
d_trace(50, "[%s] -> [%s], Protocol: %d\n",
INET_NTOP(&ip_h->ip_src.s_addr,buf1),
INET_NTOP(&ip_h->ip_dst.s_addr,buf2),
ip_h->ip_p);
else if (ip6_h)
d_trace(50, "[%s]-> Dst[%s], Protocol: %d\n",
INET6_NTOP(&ip6_h->ip6_src.s6_addr,buf1),
INET6_NTOP(&ip6_h->ip6_dst.s6_addr,buf2),
ip6_h->ip6_nxt);
d_trace(50, "PROTO:%d SRC:%08x %08x %08x %08x\n",
proto, ntohl(src_addr[0]), ntohl(src_addr[1]),
ntohl(src_addr[2]), ntohl(src_addr[3]));
d_trace(50, "HLEN:%d DST:%08x %08x %08x %08x\n",
ip_hlen, ntohl(dst_addr[0]), ntohl(dst_addr[1]),
ntohl(dst_addr[2]), ntohl(dst_addr[3]));
/* TODO: Need to use the method of FAST matching algorithm and
* implementation .
@ -1104,14 +1118,12 @@ pgw_bearer_t* pgw_bearer_find_by_packet(pkbuf_t *pkt)
sess = pgw_sess_this(hi);
if (sess->ipv4)
d_trace(50, "PAA IPv4:%s, ip_h:%p\n",
INET_NTOP(&sess->ipv4->addr, buf1), ip_h);
d_trace(50, "PAA IPv4:%s\n", INET_NTOP(&sess->ipv4->addr, buf));
if (sess->ipv6)
d_trace(50, "PAA IPv6:%s, ip6_h:%p\n",
INET6_NTOP(&sess->ipv6->addr, buf1), ip6_h);
d_trace(50, "PAA IPv6:%s\n", INET6_NTOP(&sess->ipv6->addr, buf));
if (ip_h && sess->ipv4 &&
ip_h->ip_dst.s_addr == sess->ipv4->addr[0])
if ((sess->ipv4 && memcmp(dst_addr, sess->ipv4->addr, addr_len) == 0) ||
(sess->ipv6 && memcmp(dst_addr, sess->ipv6->addr, addr_len) == 0))
{
/* Found */
@ -1125,30 +1137,58 @@ pgw_bearer_t* pgw_bearer_find_by_packet(pkbuf_t *pkt)
{
pgw_pf_t *pf = NULL;
if (bearer->ebi == 0)
{
/* Create Bearer Response is not received */
continue;
}
for (pf = pgw_pf_first(bearer); pf; pf = pgw_pf_next(pf))
{
d_trace(50,"Dir:%d Proto:%d Src = 0x%x/0x%x (low:%d high:%d)"
"Dst = 0x%x/0x%x (low:%d high:%d)\n",
pf->direction,
pf->rule.proto,
ntohl(pf->rule.ipv4.local.addr),
ntohl(pf->rule.ipv4.local.mask),
int k;
c_uint32_t src_mask[4];
c_uint32_t dst_mask[4];
d_trace(50, "DIR:%d PROTO:%d SRC:%d-%d DST:%d-%d\n",
pf->direction, pf->rule.proto,
pf->rule.port.local.low,
pf->rule.port.local.high,
ntohl(pf->rule.ipv4.remote.addr),
ntohl(pf->rule.ipv4.remote.mask),
pf->rule.port.remote.low,
pf->rule.port.remote.high);
d_trace(50, "SRC:%08x %08x %08x %08x/%08x %08x %08x %08x\n",
ntohl(pf->rule.ip.local.addr[0]),
ntohl(pf->rule.ip.local.addr[1]),
ntohl(pf->rule.ip.local.addr[2]),
ntohl(pf->rule.ip.local.addr[3]),
ntohl(pf->rule.ip.local.mask[0]),
ntohl(pf->rule.ip.local.mask[1]),
ntohl(pf->rule.ip.local.mask[2]),
ntohl(pf->rule.ip.local.mask[3]));
d_trace(50, "DST:%08x %08x %08x %08x/%08x %08x %08x %08x\n",
ntohl(pf->rule.ip.remote.addr[0]),
ntohl(pf->rule.ip.remote.addr[1]),
ntohl(pf->rule.ip.remote.addr[2]),
ntohl(pf->rule.ip.remote.addr[3]),
ntohl(pf->rule.ip.remote.mask[0]),
ntohl(pf->rule.ip.remote.mask[1]),
ntohl(pf->rule.ip.remote.mask[2]),
ntohl(pf->rule.ip.remote.mask[3]));
if (pf->direction != 1)
{
continue;
}
if (((ip_h->ip_src.s_addr & pf->rule.ipv4.local.mask) ==
pf->rule.ipv4.local.addr) &&
((ip_h->ip_dst.s_addr & pf->rule.ipv4.remote.mask) ==
pf->rule.ipv4.remote.addr))
for (k = 0; k < 3; k++)
{
src_mask[k] = src_addr[k] & pf->rule.ip.local.mask[k];
dst_mask[k] = dst_addr[k] & pf->rule.ip.remote.mask[k];
}
if (memcmp(src_mask, pf->rule.ip.local.addr,
addr_len) == 0 &&
memcmp(dst_mask, pf->rule.ip.remote.addr,
addr_len) == 0)
{
/* Protocol match */
if (pf->rule.proto == 0) /* IP */
@ -1157,13 +1197,13 @@ pgw_bearer_t* pgw_bearer_find_by_packet(pkbuf_t *pkt)
break;
}
if (pf->rule.proto == ip_h->ip_p)
if (pf->rule.proto == proto)
{
if (pf->rule.proto == IPPROTO_TCP)
{
struct tcphdr *tcph =
(struct tcphdr *)
((char *)ip_h + (ip_h->ip_hl)*4);
((char *)pkt->payload + ip_hlen);
/* Source port */
if (pf->rule.port.local.low &&
@ -1202,7 +1242,7 @@ pgw_bearer_t* pgw_bearer_find_by_packet(pkbuf_t *pkt)
{
struct udphdr *udph =
(struct udphdr *)
((char *)ip_h + (ip_h->ip_hl)*4);
((char *)pkt->payload + ip_hlen);
/* Source port */
if (pf->rule.port.local.low &&
@ -1251,28 +1291,12 @@ pgw_bearer_t* pgw_bearer_find_by_packet(pkbuf_t *pkt)
if (pf)
{
bearer = pf->bearer;
d_trace(50,"Found bearer ebi = %d\n",bearer->ebi);
d_trace(50,"FOUND Bearer EBI = %d\n", bearer->ebi);
break;
}
}
return (bearer ? bearer : default_bearer);
}
else if (ip6_h && sess->ipv6 &&
memcmp(ip6_h->ip6_dst.s6_addr,
sess->ipv6->addr, sizeof sess->ipv6->addr) == 0)
{
default_bearer = pgw_default_bearer_in_sess(sess);
d_assert(default_bearer, return NULL, "No default Bearer");
bearer = pgw_bearer_next(default_bearer);
/* Find the bearer with matched */
for (; bearer; bearer = pgw_bearer_next(bearer))
{
/* TODO */
}
return (bearer ? bearer : default_bearer);
}
}

10
src/pgw/pgw_context.h
View File

@ -131,14 +131,14 @@ typedef struct _pgw_rule_t {
c_uint8_t proto;
struct {
struct {
c_uint32_t addr;
c_uint32_t mask;
c_uint32_t addr[4];
c_uint32_t mask[4];
} local;
struct {
c_uint32_t addr;
c_uint32_t mask;
c_uint32_t addr[4];
c_uint32_t mask[4];
} remote;
} ipv4;
} ip;
struct {
struct {
c_uint16_t low;

12
src/pgw/pgw_ipfw.c
View File

@ -78,11 +78,11 @@ status_t pgw_compile_packet_filter(pgw_rule_t *pgw_rule, c_int8_t *description)
case O_IP_SRC_MASK:
{
uint32_t *a = ((ipfw_insn_u32 *)cmd)->d;
pgw_rule->ipv4.local.addr = a[0];
pgw_rule->ip.local.addr[0] = a[0];
if (cmd->opcode == O_IP_SRC_MASK)
pgw_rule->ipv4.local.mask = a[1];
pgw_rule->ip.local.mask[0] = a[1];
else
pgw_rule->ipv4.local.mask = 0xffffffff;
pgw_rule->ip.local.mask[0] = 0xffffffff;
break;
}
@ -90,11 +90,11 @@ status_t pgw_compile_packet_filter(pgw_rule_t *pgw_rule, c_int8_t *description)
case O_IP_DST_MASK:
{
uint32_t *a = ((ipfw_insn_u32 *)cmd)->d;
pgw_rule->ipv4.remote.addr = a[0];
pgw_rule->ip.remote.addr[0] = a[0];
if (cmd->opcode == O_IP_DST_MASK)
pgw_rule->ipv4.remote.mask = a[1];
pgw_rule->ip.remote.mask[0] = a[1];
else
pgw_rule->ipv4.remote.mask = 0xffffffff;
pgw_rule->ip.remote.mask[0] = 0xffffffff;
break;
}
case O_IP_SRCPORT:

12
src/pgw/pgw_s5c_build.c
View File

@ -248,21 +248,21 @@ status_t pgw_s5c_build_create_bearer_request(
j++; len += 2;
}
if (pf->rule.ipv4.local.addr)
if (pf->rule.ip.local.addr[0])
{
tft.pf[i].component[j].type =
GTP_PACKET_FILTER_IPV4_LOCAL_ADDRESS_TYPE;
tft.pf[i].component[j].ipv4.addr = pf->rule.ipv4.local.addr;
tft.pf[i].component[j].ipv4.mask = pf->rule.ipv4.local.mask;
tft.pf[i].component[j].ipv4.addr = pf->rule.ip.local.addr[0];
tft.pf[i].component[j].ipv4.mask = pf->rule.ip.local.mask[0];
j++; len += 9;
}
if (pf->rule.ipv4.remote.addr)
if (pf->rule.ip.remote.addr)
{
tft.pf[i].component[j].type =
GTP_PACKET_FILTER_IPV4_REMOTE_ADDRESS_TYPE;
tft.pf[i].component[j].ipv4.addr = pf->rule.ipv4.remote.addr;
tft.pf[i].component[j].ipv4.mask = pf->rule.ipv4.remote.mask;
tft.pf[i].component[j].ipv4.addr = pf->rule.ip.remote.addr[0];
tft.pf[i].component[j].ipv4.mask = pf->rule.ip.remote.mask[0];
j++; len += 9;
}

11
test/volte_test.c
View File

@ -371,7 +371,7 @@ static void volte_test2(abts_case *tc, void *data)
"\"description\" : \"permit out udp from any 1-65535 to 10.200.136.98/32 23454\","
"\"_id\" : { \"$oid\" : \"599eb929c850caabcbfdcd31\" } },"
"{ \"direction\" : 1,"
"\"description\" : \"permit out udp from any 50020 to 10.200.136.98/32 1-65535\","
"\"description\" : \"permit out ip from 45.45.0.1 to any\","
"\"_id\" : { \"$oid\" : \"599eb929c850caabcbfdcd30\" } },"
"{ \"direction\" : 2,"
"\"description\" : \"permit out udp from any 1-65535 to 10.200.136.98/32 23455\","
@ -547,6 +547,15 @@ static void volte_test2(abts_case *tc, void *data)
rv = tests1ap_enb_send(sock, sendbuf);
ABTS_INT_EQUAL(tc, CORE_OK, rv);
#if 0 /* Classification Rule Tester */
core_sleep(time_from_msec(300));
/* Send GTP-U ICMP Packet */
rv = testgtpu_enb_send("45.45.0.2", "45.45.0.1");
core_sleep(time_from_msec(300));
#endif
/********** Remove Subscriber in Database */
doc = BCON_NEW("imsi", BCON_UTF8("001010123456819"));
ABTS_PTR_NOTNULL(tc, doc);