void *worker_thread(void *dummyPtr) { struct processor *me = NULL; struct packet *thispacket = NULL; struct session *thissession = NULL; struct iphdr *iph = NULL; struct tcphdr *tcph = NULL; __u32 largerIP, smallerIP; __u16 largerIPPort, smallerIPPort; char *remoteID = NULL; char message[LOGSZ]; qlz_state_compress *state_compress = (qlz_state_compress *) malloc( sizeof(qlz_state_compress)); qlz_state_decompress *state_decompress = (qlz_state_decompress *) malloc( sizeof(qlz_state_decompress)); me = (struct processor*) dummyPtr; me->lzbuffer = calloc(1, BUFSIZE + 400); /* Sharwan J: QuickLZ buffer needs (original data size + 400 bytes) buffer */ if (me->lzbuffer == NULL) { sprintf(message, "Worker: Couldn't allocate buffer"); logger(LOG_INFO, message); exit(1); } /* * Register the worker threads metrics so they get updated. */ register_counter(counter_updateworkermetrics, (t_counterdata) & me->metrics); if (me->lzbuffer != NULL) { while (me->state >= STOPPING) { thispacket = dequeue_packet(&me->queue, true); if (thispacket != NULL) { // If a packet was taken from the queue. iph = (struct iphdr *) thispacket->data; tcph = (struct tcphdr *) (((u_int32_t *) iph) + iph->ihl); if (DEBUG_WORKER == true) { sprintf(message, "Worker: IP Packet length is: %u\n", ntohs(iph->tot_len)); logger(LOG_INFO, message); } me->metrics.bytesin += ntohs(iph->tot_len); //remoteID = (__u32) __get_tcp_option((__u8 *)iph,30);/* Check what IP address is larger. */ remoteID = get_nod_header_data((__u8 *)iph, ONOP).data; sort_sockets(&largerIP, &largerIPPort, &smallerIP, &smallerIPPort, iph->saddr,tcph->source,iph->daddr,tcph->dest); if (DEBUG_WORKER == true) { sprintf(message, "Worker: Searching for session.\n"); logger(LOG_INFO, message); } thissession = getsession(largerIP, largerIPPort, smallerIP,smallerIPPort); if (thissession != NULL) { if (DEBUG_WORKER == true) { sprintf(message, "Worker: Found a session.\n"); logger(LOG_INFO, message); } if ((tcph->syn == 0) && (tcph->ack == 1) && (tcph->fin == 0)) { if ((remoteID == NULL) || verify_neighbor_in_domain(remoteID) == false) { /* * An accelerator ID was NOT found. * This is the first accelerator in the traffic path. * This will soon be tested against a list of opennop neighbors. * Traffic is sent through the optimize functions. */ saveacceleratorid(largerIP, (char*)get_opennop_id(), iph, thissession); //binary_dump("worker.c IP Packet: ", (char*)iph, ntohs(iph->tot_len)); //__set_tcp_option((__u8 *)iph,30,6,localID); // Add the Accelerator ID to this packet. set_nod_header_data((__u8 *)iph, ONOP, get_opennop_id(), OPENNOP_IPC_ID_LENGTH); //binary_dump("worker.c IP Packet: ", (char*)iph, ntohs(iph->tot_len)); if ((((iph->saddr == largerIP) && //(thissession->larger.accelerator == localID) && (compare_opennopid((char*)&thissession->larger.accelerator, (char*)get_opennop_id()) == 1) && //(thissession->smaller.accelerator != 0) && (check_opennopid((char*)&thissession->smaller.accelerator) == 1) && //(thissession->smaller.accelerator != localID)) || (compare_opennopid((char*)&thissession->smaller.accelerator, (char*)get_opennop_id()) != 1)) || ((iph->saddr == smallerIP) && //(thissession->smaller.accelerator == localID) && (compare_opennopid((char*)&thissession->smaller.accelerator, (char*)get_opennop_id()) == 1) && //(thissession->larger.accelerator != 0) && (check_opennopid((char*)&thissession->larger.accelerator) == 1) && //(thissession->larger.accelerator != localID))) && (compare_opennopid((char*)&thissession->larger.accelerator, (char*)get_opennop_id()) != 1))) && (thissession->state == TCP_ESTABLISHED)) { /* * Do some acceleration! */ if (DEBUG_WORKER == true) { sprintf(message, "Worker: Compressing packet.\n"); logger(LOG_INFO, message); } updateseq(largerIP, iph, tcph, thissession); tcp_compress((__u8 *)iph, me->lzbuffer,state_compress); } else { updateseq(largerIP, iph, tcph, thissession); if (DEBUG_WORKER == true) { sprintf(message, "Worker: Not compressing packet.\n"); logger(LOG_INFO, message); } } /* * End of what should be the optimize function. */ } else if(verify_neighbor_in_domain(remoteID) == true) { /* * An accelerator ID WAS found. * Traffic is sent through the de-optimize functions. */ saveacceleratorid(largerIP, remoteID, iph, thissession); if (__get_tcp_option((__u8 *)iph,31) != 0) { // Packet is flagged as compressed. if (DEBUG_WORKER == true) { sprintf(message, "Worker: Packet is compressed.\n"); logger(LOG_INFO, message); } if (((iph->saddr == largerIP) && //(thissession->smaller.accelerator == localID)) || (compare_opennopid((char*)&thissession->smaller.accelerator, (char*)get_opennop_id()) == 1))|| ((iph->saddr == smallerIP) && //(thissession->larger.accelerator == localID))) { (compare_opennopid((char*)&thissession->larger.accelerator, (char*)get_opennop_id()) == 1))) { /* * Decompress this packet! */ if (tcp_decompress((__u8 *)iph, me->lzbuffer, state_decompress) == 0) { // Decompression failed if 0. nfq_set_verdict(thispacket->hq, thispacket->id, NF_DROP, 0, NULL); // Decompression failed drop. put_freepacket_buffer(thispacket); thispacket = NULL; }else{ updateseq(largerIP, iph, tcph, thissession); // Only update the sequence after decompression. } } }else{ updateseq(largerIP, iph, tcph, thissession); // Also update sequences if packet is not optimized. } /* * End of what should be the deoptimize function. */ } } if (tcph->rst == 1) { // Session was reset. if (DEBUG_WORKER == true) { sprintf(message, "Worker: Session was reset.\n"); logger(LOG_INFO, message); } thissession = clearsession(thissession); } /* Normal session closing sequence. */ if (tcph->fin == 1) { thissession = closingsession(tcph, thissession); } if (thispacket != NULL) { /* * Changing anything requires the IP and TCP * checksum to need recalculated. */ checksum(thispacket->data); me->metrics.bytesout += ntohs(iph->tot_len); nfq_set_verdict(thispacket->hq, thispacket->id, NF_ACCEPT, ntohs(iph->tot_len), (unsigned char *)thispacket->data); put_freepacket_buffer(thispacket); thispacket = NULL; } } /* End NULL session check. */ else { /* Session was NULL. */ me->metrics.bytesout += ntohs(iph->tot_len); nfq_set_verdict(thispacket->hq, thispacket->id, NF_ACCEPT, 0, NULL); put_freepacket_buffer(thispacket); thispacket = NULL; } me->metrics.packets++; } /* End NULL packet check. */ } /* End working loop. */ free(me->lzbuffer); free(state_compress); free(state_decompress); me->lzbuffer = NULL; } return NULL; }
int fetcher_callback(struct nfq_q_handle *hq, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data) { u_int32_t id = 0; struct iphdr *iph = NULL; struct tcphdr *tcph = NULL; struct session *thissession = NULL; struct packet *thispacket = NULL; struct nfqnl_msg_packet_hdr *ph; struct timeval tv; __u32 largerIP, smallerIP, remoteID; __u16 largerIPPort, smallerIPPort, mms; int ret; int incomingQueueNum; unsigned char *originalpacket = NULL; char strIP[20]; // for debugging purposes char saddr[INET_ADDRSTRLEN]; char daddr[INET_ADDRSTRLEN]; ph = nfq_get_msg_packet_hdr(nfa); if (ph) { id = ntohl(ph->packet_id); } ret = nfq_get_payload(nfa, &originalpacket); if (servicestate >= RUNNING) { iph = (struct iphdr *) originalpacket; thefetcher.metrics.bytesin += ntohs(iph->tot_len); /* We need to double check that only TCP packets get accelerated. */ /* This is because we are working from the Netfilter QUEUE. */ /* User could QUEUE UDP traffic, and we cannot accelerate UDP. */ if ((iph->protocol == IPPROTO_TCP) && (id != 0)) { tcph = (struct tcphdr *) (((u_int32_t *) originalpacket) + iph->ihl); // for debugging purpose inet_ntop(AF_INET, &iph->saddr, saddr, INET_ADDRSTRLEN); inet_ntop(AF_INET, &iph->daddr, daddr, INET_ADDRSTRLEN); /* Check what IP address is larger. */ sort_sockets(&largerIP, &largerIPPort, &smallerIP, &smallerIPPort, iph->saddr, tcph->source, iph->daddr, tcph->dest); // remoteID = (__u32) __get_tcp_option((__u8 *)originalpacket,32); if (__get_tcp_option((__u8 *)originalpacket,32) ) { unsigned char *tcpdata = (unsigned char *) tcph + tcph->doff * 4; // Find starting location of the TCP data. unsigned int incLen = (__u16)(ntohs(iph->tot_len) - iph->ihl * 4) - tcph->doff * 4; if (incLen < sizeof(OpennopHeader)) { LOGERROR(lc_fetcher, "detected opennop option but incoming TCP data length less than opennop header length!!!!"); return nfq_set_verdict(hq, id, NF_DROP,0,NULL); } pOpennopHeader oh = (pOpennopHeader) tcpdata; remoteID = oh->opennopID; incomingQueueNum = oh->queuenum; if (oh->pattern != OPENNOP_PATTERN) { LOGERROR(lc_fetcher, "option 32 found but bad pattern!!!"); return nfq_set_verdict(hq, id, NF_DROP,0,NULL); } } else remoteID = 0; inet_ntop(AF_INET, &remoteID, strIP, INET_ADDRSTRLEN); //LOGDEBUG(lc_fetcher, "The accellerator ID is:%s", strIP); if (remoteID == 0) { LOGTRACE(lc_fetcher, "Packet from CLIENT: SYN=%d/FIN=%d/ACK=%d/RST=%d, %s:%d->%s:%d, IP_Id=%d, NFQ_Id=%d, TCP_seq=%u, ACK_seq=%u, Total_len=%d, TCP_hlen=%d, IP_hlen=%d, Data_len=%d", tcph->syn, tcph->fin, tcph->ack, tcph->rst, saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest), ntohs(iph->id), id, ntohl(tcph->seq), ntohl(tcph->ack_seq), ntohs(iph->tot_len), tcph->doff * 4, iph->ihl * 4, ntohs(iph->tot_len) - tcph->doff * 4 - iph->ihl * 4); } else { LOGTRACE(lc_fetcher, "Packet from %s: SYN=%d/FIN=%d/ACK=%d/RST=%d, %s:%d->%s:%d, IP_Id=%d, NFQ_Id=%d, TCP_seq=%u, ACK_seq=%u, Total_len=%d, TCP_hlen=%d, IP_hlen=%d, Data_len=%d", strIP, tcph->syn, tcph->fin, tcph->ack, tcph->rst, saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest), ntohs(iph->id), id, ntohl(tcph->seq), ntohl(tcph->ack_seq), ntohs(iph->tot_len), tcph->doff * 4, iph->ihl * 4, ntohs(iph->tot_len) - tcph->doff * 4 - iph->ihl * 4); } thissession = getsession(largerIP, largerIPPort, smallerIP, smallerIPPort); // Check for an outstanding syn. // if (thissession != NULL) { // LOGDEBUG(lc_sesman_check, "****** [SESSION MANAGER] LargerIPseq: %u SmallerIPseq %u, TCP_seq=%u", thissession->largerIPseq, thissession->smallerIPseq, ntohl(tcph->seq)); // } /* Check if this a SYN packet to identify a new session. */ /* This packet will not be placed in a work queue, but */ /* will be accepted here because it does not have any data. */ //if ((tcph->syn == 1) && (tcph->ack == 0)) { if (tcph->syn == 1) { // // SYN segment // if (tcph->ack == 0) { if (remoteID == 0) { LOGDEBUG(lc_fetcher, "SYN from CLIENT: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); } else { LOGDEBUG(lc_fetcher, "SYN from %s: %s:%d->%s:%d", strIP, saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); } } else { if (remoteID == 0) { LOGDEBUG(lc_fetcher, "SYN+ACK from CLIENT: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); } else { LOGDEBUG(lc_fetcher, "SYN+ACK from %s: %s:%d->%s:%d", strIP, saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); } } if (thissession == NULL) { if (remoteID != 0) thissession = insertsession(largerIP, largerIPPort, smallerIP, smallerIPPort, incomingQueueNum); // Insert into sessions list. else thissession = insertsession(largerIP, largerIPPort, smallerIP, smallerIPPort, -1); // Insert into sessions list. if (remoteID == 0) { LOGDEBUG(lc_fetcher, "New session from CLIENT created: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ) } else { LOGDEBUG(lc_fetcher, "New session from %s created: %s:%d->%s:%d", strIP, saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ) }; } /* We need to check for NULL to make sure */ /* that a record for the session was created */ if (thissession != NULL) { gettimeofday(&tv,NULL); // Get the time from hardware. thissession->lastactive = tv.tv_sec; // Update the session timestamp. sourceisclient(largerIP, iph, thissession, tcph->ack == 0); updateseq(largerIP, iph, tcph, thissession); updateseqnumber(largerIP, iph, tcph, thissession); if (remoteID == 0) { // Accelerator ID was not found. mms = __get_tcp_option((__u8 *)originalpacket,2); if (mms > 68) { if (__set_tcp_option((__u8 *)originalpacket,2,4,mms - 68) == -1) {// Reduce the MSS. LOGERROR(lc_fetcher, "Cannot reduce MSS in 68, fetcher.c, packet is a SYN, IP datagram ID %x, current value of TCP doff %d",ntohs(iph->id), tcph->doff); } if (__set_tcp_option((__u8 *)originalpacket,32,3,1) == -1) { // Add the Accelerator ID to this packet. LOGERROR(lc_fetcher, "Cannot set opennop option to 1, fetcher.c, packet is a SYN, IP datagram ID %x, current value of TCP doff %d",ntohs(iph->id), tcph->doff); } else { unsigned char *tcpdata = (unsigned char *) tcph + tcph->doff * 4; // Find starting location of the TCP data. pOpennopHeader oh = (pOpennopHeader) tcpdata; oh->opennopID = localID; oh->seqNo = 0; oh->compression = 0; oh->deduplication = 0; oh->reasonForNoOptimization = NOT_RELEVANT; oh->pattern = OPENNOP_PATTERN; oh->queuenum = thissession->queue; iph->tot_len = htons(ntohs(iph->tot_len)+sizeof(OpennopHeader)); LOGTRACE(lc_fetcher, "Adding opennop header to SYN packet: IP total length=%d",ntohs(iph->tot_len)); } saveacceleratorid(largerIP, localID, iph, thissession); /* * Changing anything requires the IP and TCP * checksum to need recalculated. */ checksum(originalpacket); } } else { // Accelerator ID was found. //LOGDEBUG(lc_fetcher, "New session from %s created: %s:%d->%s:%d", strIP, saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); if (__set_tcp_option((__u8 *)originalpacket,32,3,0) == -1) { LOGERROR(lc_fetcher, "Cannot set opennop option to 0, fetcher.c, packet is a SYN, IP datagram ID %x, current value of TCP doff %d",ntohs(iph->id), tcph->doff); } else iph->tot_len = htons(ntohs(iph->tot_len)-sizeof(OpennopHeader)); checksum(originalpacket); saveacceleratorid(largerIP, remoteID, iph, thissession); } if (tcph->ack == 0) { thissession->state = TCP_SYN_SENT; LOGDEBUG(lc_fetcher, "Session state set to TCP_SYN_SENT"); } else { thissession->state = TCP_ESTABLISHED; LOGDEBUG(lc_fetcher, "Session state set to TCP_ESTABLISHED"); } } /* Before we return let increment the packets counter. */ thefetcher.metrics.packets++; /* This is the last step for a SYN packet. */ /* accept all SYN packets. */ return nfq_set_verdict(hq, id, NF_ACCEPT, ntohs(iph->tot_len), (unsigned char *)originalpacket); // } else if (tcph->rst == 1) { // // RESET segment // // LOGDEBUG(lc_fetcher, "Session RESET %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest)); // clearsession(thissession); // fruiz // // thissession = NULL; /* Before we return let increment the packets counter. */ // thefetcher.metrics.packets++; // return nfq_set_verdict(hq, id, NF_ACCEPT, 0, NULL); // } else if (tcph->fin == 1) { // // // // // FIN segment // // // LOGDEBUG(lc_fetcher, "FIN packet: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest)); // if (thissession != NULL) { // switch (thissession->state) { // case TCP_ESTABLISHED: // thissession->state = TCP_CLOSING; // LOGDEBUG(lc_fetcher, "Session half closed: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest)); // break; // case TCP_CLOSING: // clearsession(thissession); // LOGDEBUG(lc_fetcher, "Session full closed: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest)); // break; // } // } // // /* Before we return let increment the packets counter. */ // thefetcher.metrics.packets++; // LOGDEBUG(lc_fetcher, "hq=%d, id=%d", hq, id); // int res = nfq_set_verdict(hq, id, NF_ACCEPT, ntohs(iph->tot_len), (unsigned char *)originalpacket); // LOGDEBUG(lc_fetcher, "Returning FIN packet %d", res); // //return nfq_set_verdict(hq, id, NF_ACCEPT, 0, NULL); // //return nfq_set_verdict(hq, id, NF_ACCEPT, ntohs(iph->tot_len), (unsigned char *)originalpacket); // return res; } else { // // DATA or FIN segment // if (thissession != NULL) { // DATA segment in an active session //LOGDEBUG(lc_sesman_check, "[SESSION MANAGER] LargerIPseq: %u SmallerIPseq %u", thissession->largerIPseq, thissession->smallerIPseq); gettimeofday(&tv,NULL); // Get the time from hardware. thissession->lastactive = tv.tv_sec; // Update the active timer. thissession->deadcounter = 0; // Reset the dead counter. if (__get_tcp_option((__u8 *)originalpacket,32) == 2) { // Keepalive, can drop LOGDEBUG(lc_fetcher, "Received keepalive: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); return nfq_set_verdict(hq, id, NF_DROP,0,NULL); } thispacket = get_freepacket_buffer(); if (thispacket != NULL){ save_packet(thispacket,hq, id, ret, (__u8 *)originalpacket, thissession); if (remoteID == 0){ LOGTRACE(lc_fetcher, "Packet sent to optimize"); optimize_packet(thissession->queue, thispacket); } else { LOGTRACE(lc_fetcher, "Packet sent to deoptimize"); deoptimize_packet(thissession->queue, thispacket); } } else { LOGERROR(lc_fetcher, "Failed getting packet buffer for processing"); } /* Before we return let increment the packets counter. */ thefetcher.metrics.packets++; return 0; } else { // DATA segment and no active session exists int data_len = ntohs(iph->tot_len) - tcph->doff * 4 - iph->ihl * 4; if (data_len > 0) { LOGDEBUG(lc_fetcher, "No session found for: SYN=%d/FIN=%d/ACK=%d/RST=%d, %s:%d->%s:%d, Opt_ID=%s, IP_Id=%d, NFQ_Id=%d, Total_len=%d, TCP_hlen=%d, IP_hlen=%d, Data_len=%d", tcph->syn, tcph->fin, tcph->ack, tcph->rst, saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest), strIP, ntohs(iph->id), id, ntohs(iph->tot_len), tcph->doff * 4, iph->ihl * 4, ntohs(iph->tot_len) - tcph->doff * 4 - iph->ihl * 4); } /* We only want to create new sessions for active sessions. */ /* This means we exclude anything accept ACK packets. */ if (tcph->ack == 1) { if (remoteID != 0) { // Detected remote Accelerator so it is safe to add this session. thissession = insertsession(largerIP, largerIPPort, smallerIP, smallerIPPort, incomingQueueNum); // Insert into sessions list. if (thissession != NULL) { // Test to make sure the session was added. LOGDEBUG(lc_fetcher, "Created NEW session for: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); thissession->state = TCP_ESTABLISHED; saveacceleratorid(largerIP, remoteID, iph, thissession); thispacket = get_freepacket_buffer(); if (thispacket != NULL){ save_packet(thispacket,hq, id, ret, (__u8 *)originalpacket, thissession); updateseqnumber(largerIP, iph, tcph, thissession); //Update the stored TCP sequence number deoptimize_packet(thissession->queue, thispacket); } else { LOGERROR(lc_fetcher, "Failed getting packet buffer for deoptimization."); } /* Before we return let increment the packets counter. */ thefetcher.metrics.packets++; return 0; } else { LOGERROR(lc_fetcher, "Failed to create session for: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); } } } /* Before we return let increment the packets counter. */ thefetcher.metrics.packets++; //LOGERROR(lc_fetcher, "Unknown packet: %s:%d->%s:%d", saddr, ntohs(tcph->source), daddr, ntohs(tcph->dest) ); return nfq_set_verdict(hq, id, NF_ACCEPT, ntohs(iph->tot_len), (unsigned char *)originalpacket); } } } else { /* Packet was not a TCP Packet or ID was 0. */