sonic-net · kcudnik · Dec 1, 2020 · Nov 23, 2020 · Nov 26, 2020 · Nov 26, 2020
diff --git a/vslib/inc/HostInterfaceInfo.h b/vslib/inc/HostInterfaceInfo.h
@@ -6,6 +6,7 @@ extern "C" {
 
 #include "EventQueue.h"
 #include "TrafficFilterPipes.h"
+#include "TrafficForwarder.h"
 
 #include "swss/selectableevent.h"
 
@@ -15,7 +16,8 @@ extern "C" {
 
 namespace saivs
 {
-    class HostInterfaceInfo
+    class HostInterfaceInfo :
+        public TrafficForwarder
     {
         private:
 

diff --git a/vslib/inc/MACsecForwarder.h b/vslib/inc/MACsecForwarder.h
@@ -1,6 +1,7 @@
 #pragma once
 
 #include "HostInterfaceInfo.h"
+#include "TrafficForwarder.h"
 
 #include "swss/sal.h"
 #include "swss/selectableevent.h"
@@ -11,12 +12,12 @@
 
 namespace saivs
 {
-    class MACsecForwarder
+    class MACsecForwarder :
+        public TrafficForwarder
     {
     public:
         MACsecForwarder(
             _In_ const std::string &macsecInterfaceName,
-            _In_ int tapfd,
             _In_ std::shared_ptr<HostInterfaceInfo> info);
 
         virtual ~MACsecForwarder();
@@ -26,7 +27,6 @@ namespace saivs
         void forward();
 
     private:
-        int m_tapfd;
         int m_macsecfd;
 
         const std::string m_macsecInterfaceName;

diff --git a/vslib/inc/TrafficForwarder.h b/vslib/inc/TrafficForwarder.h
@@ -0,0 +1,29 @@
+#pragma once
+
+#include "swss/sal.h"
+
+#include <stddef.h>
+#include <sys/socket.h>
+
+namespace saivs
+{
+    class TrafficForwarder
+    {
+    public:
+        virtual ~TrafficForwarder() = default;
+
+    protected:
+        TrafficForwarder() = default;
+
+        void add_vlan_tag(
+            _Inout_ unsigned char *buffer,
+            _Inout_ size_t &length,
+            _Inout_ struct msghdr &msg) const;
+
+        bool send_to(
+            _In_ int fd,
+            _In_ const unsigned char *buffer,
+            _In_ size_t &length) const;
+
+    };
+}
diff --git a/vslib/src/HostInterfaceInfo.cpp b/vslib/src/HostInterfaceInfo.cpp
@@ -195,9 +195,10 @@ void HostInterfaceInfo::veth2tap_fun()
             continue;
         }
 
+        // Buffer include the ingress packets
+        // MACsec scenario: EAPOL packets and encrypted packets
         size_t length = static_cast<size_t>(size);
         auto ret = m_e2tFilters.execute(buffer, length);
-        size = static_cast<ssize_t>(length);
 
         if (ret == TrafficFilter::TERMINATE)
         {
@@ -209,63 +210,13 @@ void HostInterfaceInfo::veth2tap_fun()
             return;
         }
 
-        struct cmsghdr *cmsg;
-
-        for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; cmsg = CMSG_NXTHDR(&msg, cmsg))
-        {
-            if (cmsg->cmsg_level != SOL_PACKET || cmsg->cmsg_type != PACKET_AUXDATA)
-                continue;
-
-            struct tpacket_auxdata* aux = (struct tpacket_auxdata*)CMSG_DATA(cmsg);
-
-            if ((aux->tp_status & TP_STATUS_VLAN_VALID) &&
-                    (aux->tp_status & TP_STATUS_VLAN_TPID_VALID))
-            {
-                SWSS_LOG_DEBUG("got vlan tci: 0x%x, vlanid: %d", aux->tp_vlan_tci, aux->tp_vlan_tci & 0xFFF);
-
-                // inject vlan tag into frame
-
-                // for overlapping buffers
-                memmove(buffer + 2 * MAC_ADDRESS_SIZE + VLAN_TAG_SIZE,
-                        buffer + 2 * MAC_ADDRESS_SIZE,
-                        size - (2 * MAC_ADDRESS_SIZE));
-
-                uint16_t tci = htons(aux->tp_vlan_tci);
-                uint16_t tpid = htons(IEEE_8021Q_ETHER_TYPE);
-
-                uint8_t* pvlan =  (uint8_t *)(buffer + 2 * MAC_ADDRESS_SIZE);
-                memcpy(pvlan, &tpid, sizeof(uint16_t));
-                memcpy(pvlan + sizeof(uint16_t), &tci, sizeof(uint16_t));
-
-                size += VLAN_TAG_SIZE;
-
-                break;
-            }
-        }
+        add_vlan_tag(buffer, length, msg);
 
-        async_process_packet_for_fdb_event(buffer, size);
+        async_process_packet_for_fdb_event(buffer, length);
 
-        if (write(m_tapfd, buffer, size) < 0)
+        if (!send_to(m_tapfd, buffer, length))
         {
-            /*
-             * We filter out EIO because of this patch:
-             * https://github.com/torvalds/linux/commit/1bd4978a88ac2589f3105f599b1d404a312fb7f6
-             */
-
-            if (errno != ENETDOWN && errno != EIO)
-            {
-                SWSS_LOG_ERROR("failed to write to tap device fd %d, errno(%d): %s",
-                        m_tapfd, errno, strerror(errno));
-            }
-
-            if (errno == EBADF)
-            {
-                // bad file descriptor, just end thread
-                SWSS_LOG_NOTICE("ending thread for tap fd %d", m_tapfd);
-                return;
-            }
-
-            continue;
+            break;
         }
     }
 
@@ -316,6 +267,8 @@ void HostInterfaceInfo::tap2veth_fun()
             continue;
         }
 
+        // Buffer include the egress packets
+        // MACsec scenario: EAPOL packets and plaintext packets
         size_t length = static_cast<size_t>(size);
         auto ret = m_t2eFilters.execute(buffer, length);
         size = static_cast<ssize_t>(length);

diff --git a/vslib/src/MACsecForwarder.cpp b/vslib/src/MACsecForwarder.cpp
@@ -22,15 +22,18 @@ using namespace saivs;
 
 MACsecForwarder::MACsecForwarder(
     _In_ const std::string &macsecInterfaceName,
-    _In_ int tapfd,
     _In_ std::shared_ptr<HostInterfaceInfo> info):
-    m_tapfd(tapfd),
     m_macsecInterfaceName(macsecInterfaceName),
     m_runThread(true),
     m_info(info)
 {
     SWSS_LOG_ENTER();
 
+    if (m_info == nullptr)
+    {
+        SWSS_LOG_THROW("The HostInterfaceInfo on the MACsec port %s is empty", m_macsecInterfaceName.c_str());
+    }
+
     m_macsecfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
 
     if (m_macsecfd < 0)
@@ -118,17 +121,17 @@ void MACsecForwarder::forward()
 
     while (m_runThread)
     {
-        struct msghdr  msg;
+        struct msghdr msg;
         memset(&msg, 0, sizeof(struct msghdr));
 
         struct sockaddr_storage srcAddr;
 
         struct iovec iov[1];
 
-        iov[0].iov_base = buffer;       // buffer for message
+        iov[0].iov_base = buffer; // buffer for message
         iov[0].iov_len = sizeof(buffer);
 
-        char control[CONTROL_MESSAGE_BUFFER_SIZE];   // buffer for control messages
+        char control[CONTROL_MESSAGE_BUFFER_SIZE]; // buffer for control messages
 
         msg.msg_name = &srcAddr;
         msg.msg_namelen = sizeof(srcAddr);
@@ -183,77 +186,19 @@ void MACsecForwarder::forward()
             continue;
         }
 
-        struct cmsghdr *cmsg;
-
-        for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; cmsg = CMSG_NXTHDR(&msg, cmsg))
-        {
-            if (cmsg->cmsg_level != SOL_PACKET || cmsg->cmsg_type != PACKET_AUXDATA)
-                continue;
-
-            struct tpacket_auxdata* aux = (struct tpacket_auxdata*)CMSG_DATA(cmsg);
-
-            if ((aux->tp_status & TP_STATUS_VLAN_VALID) &&
-                    (aux->tp_status & TP_STATUS_VLAN_TPID_VALID))
-            {
-                SWSS_LOG_DEBUG("got vlan tci: 0x%x, vlanid: %d", aux->tp_vlan_tci, aux->tp_vlan_tci & 0xFFF);
+        size_t length = static_cast<size_t>(size);
 
-                // inject vlan tag into frame
+        add_vlan_tag(buffer, length, msg);
 
-                // for overlapping buffers
-                memmove(buffer + 2 * MAC_ADDRESS_SIZE + VLAN_TAG_SIZE,
-                        buffer + 2 * MAC_ADDRESS_SIZE,
-                        size - (2 * MAC_ADDRESS_SIZE));
-
-                uint16_t tci = htons(aux->tp_vlan_tci);
-                uint16_t tpid = htons(IEEE_8021Q_ETHER_TYPE);
-
-                uint8_t* pvlan =  (uint8_t *)(buffer + 2 * MAC_ADDRESS_SIZE);
-                memcpy(pvlan, &tpid, sizeof(uint16_t));
-                memcpy(pvlan + sizeof(uint16_t), &tci, sizeof(uint16_t));
-
-                size += VLAN_TAG_SIZE;
-
-                break;
-            }
-        }
+        m_info->async_process_packet_for_fdb_event(buffer, length);
 
-        if (m_info == nullptr)
+        if (!send_to(m_info->m_tapfd, buffer, length))
         {
-            SWSS_LOG_ERROR("The HostInterfaceInfo on the MACsec port %s is empty", m_macsecInterfaceName.c_str());
-
             break;
         }
-
-        m_info->async_process_packet_for_fdb_event(buffer, size);
-
-        if (write(m_tapfd, buffer, static_cast<int>(size)) < 0)
-        {
-            if (errno != ENETDOWN && errno != EIO)
-            {
-                SWSS_LOG_ERROR(
-                    "failed to write to macsec device %s fd %d, errno(%d): %s",
-                    m_macsecInterfaceName.c_str(),
-                    m_macsecfd,
-                    errno,
-                    strerror(errno));
-            }
-
-            if (errno == EBADF)
-            {
-                // bad file descriptor, just end thread
-                SWSS_LOG_ERROR(
-                    "ending thread for macsec device %s fd %d",
-                    m_macsecInterfaceName.c_str(),
-                    m_macsecfd);
-                return;
-            }
-
-            continue;
-        }
     }
 
     SWSS_LOG_NOTICE(
         "ending thread proc for %s",
         m_macsecInterfaceName.c_str());
 }
-
diff --git a/vslib/src/MACsecManager.cpp b/vslib/src/MACsecManager.cpp
@@ -579,7 +579,7 @@ bool MACsecManager::add_macsec_forwarder(
 
     auto &manager = itr->second;
 
-    manager.m_forwarder = std::make_shared<MACsecForwarder>(macsecInterface, manager.m_info->m_tapfd, manager.m_info);
+    manager.m_forwarder = std::make_shared<MACsecForwarder>(macsecInterface, manager.m_info);
     return true;
 }
 

diff --git a/vslib/src/Makefile.am b/vslib/src/Makefile.am
@@ -57,6 +57,8 @@ libSaiVS_a_SOURCES = \
 					  MACsecFilter.cpp \
 					  MACsecEgressFilter.cpp \
 					  MACsecIngressFilter.cpp \
+					  TrafficForwarder.cpp \
+					  MACsecForwarder.cpp \
 					  TrafficFilterPipes.cpp
 
 libsaivs_la_SOURCES = \