예제 #1
0
 def Init(self, tcpcb):
     self.id = tcpcb.id
     gid = "TlsCb%04d" % self.id
     self.GID(gid)
     logger.info("  - %s" % self)
     self.tcpcb = tcpcb
     self.serq = SwDscrRingHelper.main("SERQ", gid, self.id)
     self.bsq = SwDscrRingHelper.main("BSQ", gid, self.id)
     self.crypto_key = CryptoKeyHelper.main()
     self.crypto_hmac_key = CryptoKeyHelper.main()
     self.debug_dol = 0x1  # bypass barco
     self.is_decrypt_flow = False
     self.other_fid = tcpcb.other_qid
     return
예제 #2
0
    def Init(self, qid, other_qid=None, session=None, is_iflow=None):
        if halapi.IsHalDisabled(): qid = resmgr.TcpCbIdAllocator.get()
        self.id = qid
        if other_qid != None:
            self.other_qid = other_qid
        else:
            self.other_qid = 0xffff
        gid = "TcpCb%04d" % qid
        self.GID(gid)
        # self.spec = spec_obj
        # logger.info("  - %s" % self)

        # self.uplinks = objects.ObjectDatabase()
        # for uplink_spec in self.spec.uplinks:
        # uplink_obj = uplink_spec.Get(Store)
        # self.uplinks.Set(uplink_obj.GID(), uplink_obj)

        # assert(len(self.uplinks) > 0)
        logger.info("  - %s" % self)
        if session is not None:
            if session.iflow.label == 'NVME-PROXY':
                logger.info("skipping TLS cb creation for nvme..")
            else:
                self.tlscb = TlsCbHelper.main(self)
        self.sesq = SwDscrRingHelper.main("SESQ", gid, self.id)
        self.asesq = SwDscrRingHelper.main("ASESQ", gid, self.id)

        if is_iflow:
            logger.info("%s is iflow" % gid)
            tcp_proxy.init_tcb1(self, session)
        elif is_iflow != None:
            logger.info("%s is rflow" % gid)
            if session.iflow.label == 'NVME-PROXY':
                nvme_o_tcp.init_tcb2(self, session)
            else:
                tcp_proxy.init_tcb2(self, session)

        self.debug_dol = tcp_proxy.tcp_debug_dol_dont_send_ack | \
                            tcp_proxy.tcp_debug_dol_bypass_barco
        self.debug_dol_tx = tcp_proxy.tcp_tx_debug_dol_dont_send_ack | \
                                tcp_proxy.tcp_tx_debug_dol_bypass_barco

        return
예제 #3
0
    def Init(self, qid):
        if halapi.IsHalDisabled(): qid = resmgr.RawcCbIdAllocator.get()
        self.id = qid
        gid = "RawcCb%04d" % qid
        self.GID(gid)
        # self.spec = spec_obj
        # logger.info("  - %s" % self)

        # self.uplinks = objects.ObjectDatabase()
        # for uplink_spec in self.spec.uplinks:
        # uplink_obj = uplink_spec.Get(Store)
        # self.uplinks.Set(uplink_obj.GID(), uplink_obj)

        # assert(len(self.uplinks) > 0)
        logger.info("  - %s" % self)

        self.rawccbq = SwDscrRingHelper.main("RAWCCBQ", gid, self.id)
        return
예제 #4
0
    def Init(self, qid):
        if halapi.IsHalDisabled(): qid = resmgr.ProxycCbIdAllocator.get()
        self.id = qid
        self.chain_txq_lif = app_redir_shared.service_lif_tcp_proxy
        gid = "ProxycCb%04d" % qid
        self.GID(gid)
        # self.spec = spec_obj
        # logger.info("  - %s" % self)

        # self.uplinks = objects.ObjectDatabase()
        # for uplink_spec in self.spec.uplinks:
            # uplink_obj = uplink_spec.Get(Store)
            # self.uplinks.Set(uplink_obj.GID(), uplink_obj)

        # assert(len(self.uplinks) > 0)
        logger.info("  - %s" % self)

        self.proxyccbq = SwDscrRingHelper.main("PROXYCCBQ", gid, self.id)
        return
예제 #5
0
    def Init(self, qid):
        #self.id = resmgr.IpsecCbIdAllocator.get()
        self.id = qid
        gid = "IPSECCB%04d" % self.id
        self.GID(gid)
        self.ipseccbq_base = SwDscrRingHelper.main("IPSECCBQ", gid, self.id)
        logger.info("  - %s" % self)
        self.crypto_key = CryptoKeyHelper.main() 
        self.new_crypto_key = CryptoKeyHelper.main() 
        self.sip6 = resmgr.TepIpv6SubnetAllocator.get()
        self.dip6 = resmgr.TepIpv6SubnetAllocator.get()
        self.sip6.v6_addr = self.sip6.getnum().to_bytes(16, 'big')
        self.dip6.v6_addr = self.dip6.getnum().to_bytes(16, 'big')

        key_type = types_pb2.CRYPTO_KEY_TYPE_AES128
        key_size = 16
        key = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
        sip6 = b'\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xaa'
        dip6 = b'\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\xbb'
        self.crypto_key.Update(key_type, key_size, key)

        self.tunnel_sip4               = 0x0A010001
        self.tunnel_dip4               = 0x0A010002
        self.iv_size                   = 8
        self.icv_size                  = 16
        self.block_size                = 16
        self.key_index                 = 0
        self.barco_enc_cmd             = 0x30000000
        self.iv                        = 0xaaaaaaaaaaaaaaaa
        self.iv_salt                   = 0xbbbbbbbb
        self.esn_hi                    = 0
        self.esn_lo                    = 0
        self.spi                       = 0
        self.key_index                 = self.crypto_key.keyindex
        self.sip6.ip_af                = 2
        self.sip6.v6_addr              = sip6 
        self.dip6.ip_af                = 2
        self.dip6.v6_addr              = dip6 

        return
예제 #6
0
def process(topospec):
    # Device Mode
    NicHelper.main()

    # Security Profiles
    SecurityProfileHelper.main(topospec)
    QosClassHelper.main(topospec)

    #initialize nvme proxy related global resources before
    #any LIFs are configured
    nvme_proxy = getattr(topospec, 'nvme_proxy', False)
    if nvme_proxy:
        nvme_gbl = NvmeGlobalObject()
        nvme_gbl.main(topospec.nvme_proxy)
        Store.objects.SetAll([nvme_gbl])

    # Uplinks
    UplinkHelper.main(topospec)
    # UplinkPC
    UplinkPcHelper.main(topospec)
    # Generate and Configure Tenants
    TenantHelper.main(topospec)
    # Security Groups
    SecurityGroupPolicyHelper.main(topospec)

    # Enable all segments on Uplinks and UplinkPcs
    UplinkHelper.ConfigureAllSegments()
    UplinkPcHelper.ConfigureAllSegments()
    # Phase2 Tenant config - EPs and ENICs
    TenantHelper.ConfigurePhase2()

    app_redir = getattr(topospec, 'app_redir', False)
    proxy = getattr(topospec, 'proxy', False)
    if proxy == True or app_redir == True:
        # Global descriptors and page rings
        ProxyServiceHelper.main()
        SwDscrRingHelper.main("NMDPR")
        SwDscrRingHelper.main("IPSEC_NMDR")
        SwDscrRingHelper.main("IPSEC_NMPR")
        BRQHelper.main()
        for i in range(3):
            SwDscrRingHelper.main("ARQ", ('CPU%04d' % i), i)
            SwDscrRingHelper.main("ARQ-TX", ('CPU%04d' % i), i)
            SwDscrRingHelper.main("TCP_ACTL", ('CPU%04d' % i), i)

    if app_redir == True:
        SwDscrRingHelper.main("RAWCCBQ")
        SwDscrRingHelper.main("PROXYRCBQ")
        SwDscrRingHelper.main("PROXYCCBQ")
        AppRedirIfHelper.main(topospec)

    # Generate all sessions
    SessionHelper.main()

    # setup the system drop actions
    SystemHelper.main(topospec)

    # Generate all sessions
    RdmaSessionHelper.main()

    # Generate all Nvme sessions
    if nvme_proxy:
        NvmeSessionHelper.main()

    ipsec = getattr(topospec, 'ipsec', False)
    #if ipsec:
    #    IpsecCbHelper.main()

    CpuHelper.main(topospec)
    # Generate ACLs
    AclHelper.main(topospec)
    TimerHelper.main(topospec)

    if GlobalOptions.gft:
        GftHeaderGroupHelper.main(topospec)
        GftExmProfileHelper.main(topospec)
        GftTranspositionHeaderGroupHelper.main(topospec)
        GftTranspositionProfileHelper.main(topospec)
        GftFlowHelper.main()

    return