Merge pull request #65 from loxilb-io/proxy-proto-v2

PR - loxilb-io/loxilb#675 Initial support for proxy protocol v2
loxilb-io · Nov 27, 2024 · 9d182a2 · 9d182a2
2 parents a3edc2f + e59b5b4
commit 9d182a2
Show file tree

Hide file tree

Showing 11 changed files with 376 additions and 33 deletions.
diff --git a/common/llb_dp_mdi.h b/common/llb_dp_mdi.h
@@ -137,7 +137,10 @@ struct dp_pi_mdi {
 #define LLB_PIPE_RC_RESOLVE   0x4000000
     __u32            rcode;
 
-    __u8             tc;
+    __u8             tc:4;
+    __u8             ppv2:2;
+    __u8             oppv2:1;
+    __u8             ippv2:1;
 #define LLB_DP_PORT_UPP       0x1
     __u8             pprop;
     __u8             lkup_dmac[6];
@@ -270,7 +273,8 @@ struct dp_nat_mdi {
     __u8            sel_aid;
     __u8            nv6;
     __u8            xlate_proto;
-    __u8            dsr;
+    __u8            dsr:4;
+    __u8            ppv2:4;
     __u8            cdis;
     __u64           ito;
 };

diff --git a/common/llb_dpapi.h b/common/llb_dpapi.h
@@ -239,6 +239,7 @@ struct dp_nat_act {
   __u8 dsr;
   __u8 cdis;
   __u8 nmh;
+  __u8 ppv2;
 };
 
 #define MIN_DP_POLICER_RATE  (8*1000*1000)  /* 1 MBps = 8 Mbps */
@@ -541,13 +542,15 @@ typedef enum {
   CT_TCP_FINI2  = 0x20,
   CT_TCP_FINI3  = 0x40,
   CT_TCP_CW     = 0x80,
-  CT_TCP_ERR    = 0x100
+  CT_TCP_ERR    = 0x100,
+  CT_TCP_PEST   = 0x200,
 } ct_tcp_state_t;
 
 typedef struct {
   __u16 hstate;
 #define CT_TCP_INIT_ACK_THRESHOLD 3
-  __u16 init_acks;
+  __u8 init_acks;
+  __u8 ppv2;
   __u32 seq;
   __be32 pack;
   __be32 pseq;
@@ -783,18 +786,21 @@ struct dp_nat_key {
 #define SEC_MODE_HTTPS 1
 #define SEC_MODE_HTTPS_E2E 2
 
+#define NAT_LB_OP_CHKSRC 0x1
+
 struct dp_proxy_tacts {
   struct dp_cmn_act ca;
   uint64_t ito;
   uint64_t pto;
   struct bpf_spin_lock lock;
   uint8_t nxfrm;
-  uint8_t chksrc;
+  uint8_t opflags;
   uint8_t cdis;
   uint8_t npmhh;
   uint16_t sel_hint;
   uint8_t sel_type;
   uint8_t sec_mode;
+  uint8_t ppv2;
   uint32_t pmhh[LLB_MAX_MHOSTS];
   struct mf_xfrm_inf nxfrms[LLB_MAX_NXFRMS];
   uint8_t host_url[LLB_MAX_HOSTURL_LEN];

diff --git a/common/parsing_helpers.h b/common/parsing_helpers.h
@@ -178,7 +178,17 @@ static inline int ipv6_addr_is_multicast(const struct in6_addr *addr)
 static __always_inline __be16
 csum_fold_helper(__be32 csum)
 {
-  return ~((csum & 0xffff) + (csum >> 16));
+  csum = (csum & 0xffff) + (csum >> 16);
+  csum = (csum & 0xffff) + (csum >> 16);
+  return (__u16)~csum;
+}
+
+static __always_inline __be16
+csum_fold_helper_diff(__be32 csum)
+{
+  csum = (csum & 0xffff) + (csum >> 16);
+  csum = (csum & 0xffff) + (csum >> 16);
+  return (__u16)csum;
 }
 
 static __always_inline void
@@ -359,6 +369,27 @@ struct sctp_cookie {
   __be32 cookie;
 };
 
+struct proxy_hdr_v2 {
+  __u8 sig[12];  /* hex 0D 0A 0D 0A 00 0D 0A 51 55 49 54 0A */
+  __u8 ver_cmd;  /* protocol version and command */
+  __u8 family;   /* protocol family and address */
+  __be16 len;    /* number of following bytes part of the header */
+};
+
+struct proxy_ipv4_hdr { /* for TCP/UDP over IPv4, len = 12 */
+  __be32 src_addr;
+  __be32 dst_addr;
+  __be16 src_port;
+  __be16 dst_port;
+};
+
+struct proxy_ipv6_hdr { /* for TCP/UDP over IPv4, len = 36 */
+  __u8 src_addr[16];
+  __u8 dst_addr[16];
+  __be16 src_port;
+  __be16 dst_port;
+};
+
 struct mkrt_args {
   uint32_t seq;
   uint8_t fin:1;