Merge pull request #140 from francescomessina/shadow_mode

Add Shadow Services

Author: frisso

Documentation/cubes.rst

@@ -25,7 +25,7 @@ A standard cube:
            | +----------+ |
    port1---|-|          |-|---port3
            | |   core   | |
-   port2---|-|          |-|---port3
+   port2---|-|          |-|---port4
            | +----------+ |
            |              |
            +--------------+
@@ -71,6 +71,44 @@ Following is example topology composed by standard and transparent cubes.
 
 ``polycubectl ?`` shows available cubes installed on your system.
 
+
+A shadow cube:
+  Only a standard cube can be **Shadow** type;
+   - ``polycubectl <cubetype> add <cubename> shadow=true``.
+
+  A shadow cube is associated with a Linux network namespace;
+
+  The parameters between the shadow cube and the namespace are aligned;
+
+  A port defined on a shadow cube is also visible from the network namespace:
+   - the user can decide to configure the ports using Linux (e.g. ifconfig or the ip command) or polycubectl;
+
+     for example: "``polycubectl <cubename> ports <PortName> set ip=<IpAddress>``" it is the same as "``ip netns exec pcn-<cubename> ifconfig <PortName> <IpAddress>``".
+   - the developer can let Linux handle some traffic by sending it to the namespace (e.g. ARP, ICMP, but in general all those protocols able to be managed by a tool running inside the namespace);
+
+::
+
+                       +--------------+
+               port1---|              |---port3
+                       |  namespace   |
+               port2---|              |---port4
+  Linux                +--------------+
+ ____________________________________________________________
+
+::
+
+  Polycube               shadow cube
+                       +--------------+
+                       |              |
+                       | +----------+ |
+               port1---|-|          |-|---port3
+                       | |   core   | |
+               port2---|-|          |-|---port4
+                       | +----------+ |
+                       |              |
+                       +--------------+
+
+
 Cubes structure
 ---------------
 
@@ -177,3 +215,19 @@ These primitives allow to associate transparent cubes to standard cube's ports o
   polycubectl attach firewall1 r1:port2
 
   polycubectl attach firewall0 veth1
+
+
+Span Mode
+---------
+
+The shadow cubes have a mode called **span**.
+
+The span mode when activated shows all the traffic seen by the service also to the namespace.
+ - To activate the span mode the command used is "``polycubectl <cubename> set span=true``".
+
+Span mode is very useful for debugging; On a shadow cube in span mode programs such as Wireshark or Tcpdump can sniff the traffic.
+
+However, the span mode consumes many resources when it is active, so it is disabled by default and it is recommended to use it only when necessary.
+
+N.B. Span mode duplicates traffic so that it is shown by the namespace, the cube continues to handle traffic.
+For this reason, for example, if we have a shadow router with active span mode we should not have Ip forwarding active on Linux, otherwise the router service forwards packets and copies them to the namespace, the namespace forwards again packets and there will be duplications.

Documentation/developers/controlplane.rst

@@ -95,6 +95,8 @@ Generating PacketOut events
 
 The ``Port`` class contains the ``send_packet_out(EthernetII &packet, bool recirculate = false)`` method that allows to inject packets into the datapath, the recirculate parameter allows to specify if the packet should be sent out of the port (`recirculate = false`) or received through the port (`recirculate = true`).
 
+Only in shadow services the ``Port`` class contains the ``send_packet_ns(EthernetII &packet)`` method that allows to send packets into the service namespace.
+
 A reference to a port can be got using the `get_port` function of the Cube base class.
 
 Debugging and logging in the control plane
@@ -106,4 +108,4 @@ Usage example:
 
 ::
 
-  logger()->info("Connected port {0}", port_name);
+  logger()->info("Connected port {0}", port_name);

Documentation/developers/datapath.rst

@@ -22,6 +22,8 @@ Polycube architecture adds a wrapper around the user's code, this wrapper calls
 
 - **pcn_pkt_controller_with_metadata(struct __sk_buff *skb, struct pkt_metadata *md, u16 reason, u32 metadata[3])**: Sends the packet to the custom code running in the control path. In addition to the reason the user can also send some additional medatada.
 
+- **pcn_pkt_redirect_ns(struct __sk_buff *skb, struct pkt_metadata *md, u16 port)**: (it is only available for shadow services) sends the packet to the namespace as if it came from the port indicated as parameter
+
 Checksum calculation
 ********************
 
@@ -107,4 +109,3 @@ Usage example:
 ::
 
   pcn_pkt_log(ctx, LOG_DEBUG);
-

src/libs/polycube/include/polycube/services/cube.h

@@ -48,6 +48,11 @@ class Cube : public BaseCube {
   void set_conf(const nlohmann::json &conf);
   nlohmann::json to_json() const;
 
+  const bool get_shadow() const;
+  const bool get_span() const;
+  void set_span(const bool value);
+
+  const std::string get_veth_name_from_index(const int ifindex);
  private:
   std::shared_ptr<CubeIface> cube_;  // pointer to the cube in polycubed
   packet_in_cb handle_packet_in;
@@ -174,5 +179,25 @@ nlohmann::json Cube<PortType>::to_json() const {
   return cube_->to_json();
 }
 
+template <class PortType>
+const bool Cube<PortType>::get_shadow() const {
+  return cube_->get_shadow();
+}
+
+template <class PortType>
+const bool Cube<PortType>::get_span() const {
+  return cube_->get_span();
+}
+
+template <class PortType>
+void Cube<PortType>::set_span(const bool value) {
+  return cube_->set_span(value);
+}
+
+template <class PortType>
+const std::string Cube<PortType>::get_veth_name_from_index(const int ifindex) {
+  return cube_->get_veth_name_from_index(ifindex);
+}
+
 }  // namespace service
 }  // namespace polycube

src/libs/polycube/include/polycube/services/cube_iface.h

@@ -84,6 +84,12 @@ class CubeIface : virtual public BaseCubeIface {
 
   virtual void set_conf(const nlohmann::json &conf) = 0;
   virtual nlohmann::json to_json() const = 0;
+
+  virtual const bool get_shadow() const = 0;
+  virtual const bool get_span() const = 0;
+  virtual void set_span(const bool value) = 0;
+
+  virtual const std::string get_veth_name_from_index(const int ifindex) = 0;
 };
 
 class TransparentCubeIface : virtual public BaseCubeIface {

src/libs/polycube/include/polycube/services/port.h

@@ -40,6 +40,7 @@ class Port {
   Port(std::shared_ptr<PortIface> port);
   ~Port();
   void send_packet_out(EthernetII &packet, bool recirculate = false);
+  void send_packet_ns(EthernetII &packet);
   int index() const;
   std::string name() const;
   void set_peer(const std::string &peer);

src/libs/polycube/include/polycube/services/port_iface.h

@@ -42,6 +42,7 @@ class PortIface {
  public:
   virtual void send_packet_out(const std::vector<uint8_t> &packet,
                                bool recirculate = false) = 0;
+  virtual void send_packet_ns(const std::vector<uint8_t> &packet) = 0;
   virtual uint16_t index() const = 0;
   virtual bool operator==(const PortIface &rhs) const = 0;
   virtual std::string name() const = 0;

src/libs/polycube/include/polycube/services/utils.h

@@ -59,6 +59,14 @@ std::string get_ip_from_string(const std::string &ipv_net);
  * length" -> 24 in this case */
 std::string get_netmask_from_string(const std::string &ipv_net);
 
+/* Take in ingress a string like 255.255.255.0 and return the "prefix
+ * length" -> 24 in this case */
+uint32_t get_netmask_length(const std::string &netmask_string);
+
+/* Take in ingress a prefix length like 24 and return the
+* "netmask" -> 255.255.255.0 in this case */
+std::string get_netmask_from_CIDR(const int cidr);
+
 /*
  * formats a debug string, custom specifiers are evaluated by a
  * custom implemented logic

src/libs/polycube/src/port.cpp

@@ -32,6 +32,7 @@ class Port::impl {
   impl(Port &op);
   ~impl();
   void send_packet_out(EthernetII &packet, bool recirculate);
+  void send_packet_ns(EthernetII &packet);
   int index() const;
   std::string name() const;
   void set_peer(const std::string &peer);
@@ -104,6 +105,10 @@ void Port::impl::send_packet_out(EthernetII &packet, bool recirculate) {
   port_->send_packet_out(packet.serialize(), recirculate);
 }
 
+void Port::impl::send_packet_ns(EthernetII &packet) {
+  port_->send_packet_ns(packet.serialize());
+}
+
 PortStatus Port::impl::get_status() const {
   return port_->get_status();
 }
@@ -129,6 +134,10 @@ void Port::send_packet_out(EthernetII &packet, bool recirculate) {
   return pimpl_->send_packet_out(packet, recirculate);
 }
 
+void Port::send_packet_ns(EthernetII &packet) {
+  return pimpl_->send_packet_ns(packet);
+}
+
 int Port::index() const {
   return pimpl_->index();
 }

src/libs/polycube/src/utils.cpp

@@ -277,6 +277,36 @@ std::string get_netmask_from_string(const std::string &ipv) {
   return ipv_net.substr(pos + 1, std::string::npos);
 }
 
+uint32_t get_netmask_length(const std::string &netmask_string) {
+  struct in_addr buf;
+  char address[100];
+  int res = inet_pton(
+      AF_INET, netmask_string.c_str(),
+      &buf); /*convert ip address in binary form in network byte order */
+
+  if (res == 1) {
+    uint32_t counter = 0;
+    int n = buf.s_addr;
+    while (n) {
+      counter++;
+      n &= (n - 1);
+    }
+    return counter;
+  } else
+    throw std::runtime_error("IP Address is not in a valid format");
+}
+
+std::string get_netmask_from_CIDR(const int cidr) {
+  uint32_t ipv4Netmask;
+
+  ipv4Netmask = 0xFFFFFFFF;
+  ipv4Netmask <<= 32 - cidr;
+  ipv4Netmask = ntohl(ipv4Netmask);
+  struct in_addr addr = {ipv4Netmask};
+
+  return inet_ntoa(addr);
+}
+
 }  // namespace utils
 }  // namespace service
 }  // namespace polycube