From 2b9c1c7fa0937499af84a533df15e96aff0779ba Mon Sep 17 00:00:00 2001 From: Vijaya Kumar Abbaraju Date: Wed, 10 Apr 2024 01:39:40 -0700 Subject: [PATCH] Changes to handle PAC operational info --- src/sonic-pac/pacoper/Makefile.am | 17 ++ src/sonic-pac/pacoper/pacoper.cpp | 274 +++++++++++++++++++++++++ src/sonic-pac/pacoper/pacoper.h | 48 +++++ src/sonic-pac/pacoper/pacoper_common.h | 64 ++++++ 4 files changed, 403 insertions(+) create mode 100755 src/sonic-pac/pacoper/Makefile.am create mode 100644 src/sonic-pac/pacoper/pacoper.cpp create mode 100644 src/sonic-pac/pacoper/pacoper.h create mode 100644 src/sonic-pac/pacoper/pacoper_common.h diff --git a/src/sonic-pac/pacoper/Makefile.am b/src/sonic-pac/pacoper/Makefile.am new file mode 100755 index 000000000000..9cfcb9001fa3 --- /dev/null +++ b/src/sonic-pac/pacoper/Makefile.am @@ -0,0 +1,17 @@ +INCLUDES = -I $(top_srcdir)/pacoper -I $(top_srcdir)/authmgr/common -I $(top_srcdir)/authmgr/mapping/include -I $(top_srcdir)/fpinfra/inc -I $(top_srcdir)/authmgr/protocol/include + +lib_LTLIBRARIES = libpacoper.la + +if DEBUG +DBGFLAGS = -ggdb -DDEBUG +else +DBGFLAGS = -g -DNDEBUG +endif + + +libpacoper_la_SOURCES = $(top_srcdir)/pacoper/pacoper.cpp + +AM_CPPFLAGS = $(DBGFLAGS) $(AM_CFLAGS) $(SONIC_COMMON_CFLAGS) $(CFLAGS_COMMON) +#libipacoper_la_CPPFLAGS = $(DBGFLAGS) $(CFLAGS_COMMON) + +libpacoper_la_LIBADD = -lswsscommon -lnl-3 -lnl-route-3 -lhiredis $(SONIC_COMMON_LDFLAGS) -L$(top_srcdir)/fpinfra -lfpinfra diff --git a/src/sonic-pac/pacoper/pacoper.cpp b/src/sonic-pac/pacoper/pacoper.cpp new file mode 100644 index 000000000000..6babfdaaf2eb --- /dev/null +++ b/src/sonic-pac/pacoper/pacoper.cpp @@ -0,0 +1,274 @@ +/* + * Copyright 2021 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include "pacoper.h" +#include "pacoper_common.h" +#include "nimapi.h" +#include "resources.h" + +std::vector authMgrMethod {"none", "802.1x", "mab"}; + +std::vector userMgrAuthMethod {"undefined", "local", + "none", "radius"}; + +std::vector authMgrPortStatus {"na", "authorized", "unauthorized"}; + +std::vector vlanType {"Unassigned", "RADIUS", + "Default", "Blocked"}; + +FpDbAdapter::FpDbAdapter( DBConnector *stateDb, DBConnector *configDb, DBConnector *appDb) : + m_PacGlobalOperTbl(stateDb, STATE_PAC_GLOBAL_OPER_TABLE), + m_PacPortOperTbl(stateDb, STATE_PAC_PORT_OPER_TABLE), + m_PacAuthClientOperTbl(stateDb, STATE_PAC_AUTHENTICATED_CLIENT_OPER_TABLE) +{ +} + +DBConnector *stateDb = new DBConnector("STATE_DB", 0); +DBConnector *configDb = new DBConnector("CONFIG_DB", 0); +DBConnector *appDb = new DBConnector("APPL_DB", 0); +FpDbAdapter * Fp = new FpDbAdapter(stateDb, configDb, appDb); + + +string fetch_interface_name(int intIfNum) +{ + string name(""); + char8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + if (nimGetIntfName(intIfNum, ALIASNAME, ( uchar8*)ifName) != SUCCESS) + { + return "FAILURE"; + } + + name = ifName; + return name; +} + +void PacAuthClientOperTblSet(uint32 intIfNum, enetMacAddr_t macAddr, + pac_authenticated_clients_oper_table_t *client_info) +{ + vector fvs; + char c[18]; + unsigned int i; + string serverState(""); + string serverClass(""); + enetMacAddr_t zeroMac; + + SWSS_LOG_NOTICE("----- PacAuthClientOperTbl func called from AuthMgr -----"); + + memset (&zeroMac, 0, sizeof ( enetMacAddr_t)); + if (0 == memcmp (zeroMac.addr, macAddr.addr, ENET_MAC_ADDR_LEN)) + { + return; + } + + if ( AUTHMGR_PORT_STATUS_AUTHORIZED != client_info->auth_status) + { + return; + } + + string userName(client_info->userName, + client_info->userName + + sizeof(client_info->userName)/sizeof(client_info->userName[0])); + + memset(c, 0, sizeof(c)); + + sprintf(c, "%02X:%02X:%02X:%02X:%02X:%02X", + macAddr.addr[0], macAddr.addr[1], macAddr.addr[2], + macAddr.addr[3], macAddr.addr[4], macAddr.addr[5]); + + string macAddress(c); + + string interfaceName = fetch_interface_name(intIfNum); + + string key = interfaceName + "|"; + + key += macAddress; + + fvs.emplace_back("current_id", to_string(client_info->currentIdL)); + fvs.emplace_back("auth_status", authMgrPortStatus[client_info->auth_status]); + fvs.emplace_back("authenticated_method", authMgrMethod[client_info->authenticatedMethod]); + + for (i = 0; i < client_info->serverStateLen; i++) + { + memset(c, 0, sizeof(c)); + sprintf(c, "%02X", client_info->serverState[i]); + serverState += c; + } + + fvs.emplace_back("server_state", serverState); + fvs.emplace_back("server_state_len", to_string(client_info->serverStateLen)); + + for (i = 0; i < client_info->serverClassLen; i++) + { + memset(c, 0, sizeof(c)); + sprintf(c, "%02X", client_info->serverClass[i]); + serverState += c; + } + + fvs.emplace_back("server_class", serverClass); + fvs.emplace_back("server_class_len", to_string(client_info->serverClassLen)); + + fvs.emplace_back("session_timeout_RADIUS", to_string(client_info->sessionTimeoutRcvdFromRadius)); + fvs.emplace_back("session_timeout_oper", to_string(client_info->sessionTimeoutOper)); + fvs.emplace_back("user_name", userName); + fvs.emplace_back("user_name_len", to_string(client_info->userNameLen)); + fvs.emplace_back("termination_action", to_string(client_info->terminationAction)); + fvs.emplace_back("vlan_id", to_string(client_info->vlanId)); + fvs.emplace_back("vlan_type", vlanType[client_info->vlanType]); + fvs.emplace_back("backend_auth_method", userMgrAuthMethod[client_info->backend_auth_method]); + fvs.emplace_back("session_time", to_string(client_info->sessionTime)); + fvs.emplace_back("termination_action_time_left", to_string(client_info->lastAuthTime)); + + Fp->m_PacAuthClientOperTbl.set(key, fvs); + + } + +void PacAuthClientOperTblDel(uint32 intIfNum, enetMacAddr_t macAddr) +{ + string interfaceName = fetch_interface_name(intIfNum); + + char c[18]; + + sprintf(c, "%02X:%02X:%02X:%02X:%02X:%02X", + macAddr.addr[0], macAddr.addr[1], macAddr.addr[2], + macAddr.addr[3], macAddr.addr[4], macAddr.addr[5]); + + string macAddress(c); + + string key = interfaceName + "|"; + key += macAddress; + + Fp->m_PacAuthClientOperTbl.del(key); + +} + +void PacAuthClientOperTblCleanup(void) +{ + vector keys; + Fp->m_PacAuthClientOperTbl.getKeys(keys); + for (const auto key : keys) + { + Fp->m_PacAuthClientOperTbl.del(key); + } +} + +void PacGlobalOperTblSet(pac_global_oper_table_t *info) +{ + vector fvs; + + SWSS_LOG_NOTICE("----- PacOperTbl API called from AuthMgr -----"); + + fvs.emplace_back("num_clients_authenticated", to_string(info->authCount)); + fvs.emplace_back("num_clients_authenticated_monitor", to_string(info->authCountMonMode)); + + Fp->m_PacGlobalOperTbl.set("GLOBAL", fvs); +} + +void PacGlobalOperTblCleanup(void) +{ + vector keys; + Fp->m_PacGlobalOperTbl.getKeys(keys); + for (const auto key : keys) + { + Fp->m_PacGlobalOperTbl.del(key); + } +} + +void PacPortOperTblSet(uint32 intIfNum, AUTHMGR_METHOD_t *enabledMethods, + AUTHMGR_METHOD_t *enabledPriority) +{ + vector fvs; + uint32 idx; + string methods(""); + string priorities(""); + + SWSS_LOG_NOTICE("----- PacPortOperTbl API called from AuthMgr -----"); + + string key = fetch_interface_name(intIfNum); + + for (idx = 0; idx < 2; idx++) + { + if (idx != 0) + { + methods += ","; + } + + if (!enabledMethods[idx]) + { + methods += "undefined"; + } + else + { + if ( AUTHMGR_METHOD_8021X == enabledMethods[idx]) + { + methods += "dot1x"; + } + else if ( AUTHMGR_METHOD_MAB == enabledMethods[idx]) + { + methods += "mab"; + } + } + } + + for (idx = 0; idx < 2; idx++) + { + if (idx != 0) + { + priorities += ","; + } + if (!enabledPriority[idx]) + { + priorities += "undefined"; + } + else + { + if ( AUTHMGR_METHOD_8021X == enabledPriority[idx]) + { + priorities += "dot1x"; + } + else if ( AUTHMGR_METHOD_MAB == enabledPriority[idx]) + { + priorities += "mab"; + } + } + } + + fvs.emplace_back("enabled_method_list@", methods); + fvs.emplace_back("enabled_priority_list@", priorities); + + Fp->m_PacPortOperTbl.set(key, fvs); +} + +void PacPortOperTblCleanup(void) +{ + vector keys; + Fp->m_PacPortOperTbl.getKeys(keys); + for (const auto key : keys) + { + Fp->m_PacPortOperTbl.del(key); + } +} + + +void PacOperTblCleanup(void) +{ + PacAuthClientOperTblCleanup(); + PacGlobalOperTblCleanup(); +} + + diff --git a/src/sonic-pac/pacoper/pacoper.h b/src/sonic-pac/pacoper/pacoper.h new file mode 100644 index 000000000000..012af49894f2 --- /dev/null +++ b/src/sonic-pac/pacoper/pacoper.h @@ -0,0 +1,48 @@ +/* + * Copyright 2021 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef PACOPER_H +#define PACOPER_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace swss; +using namespace std; + +#define AUTHMGR_MAX_HISTENT_PER_INTERFACE 48 + +class FpDbAdapter { +public: + FpDbAdapter(DBConnector *stateDb, DBConnector *configDb, DBConnector *appDb); + Table m_PacGlobalOperTbl; + Table m_PacPortOperTbl; + Table m_PacAuthClientOperTbl; + +private: +}; + +string fetch_interface_name(int); + +#endif /* PACOPER_H */ diff --git a/src/sonic-pac/pacoper/pacoper_common.h b/src/sonic-pac/pacoper/pacoper_common.h new file mode 100644 index 000000000000..d52318372eb0 --- /dev/null +++ b/src/sonic-pac/pacoper/pacoper_common.h @@ -0,0 +1,64 @@ +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +//#include "single.h" +#include "datatypes.h" +#include "packet.h" +#include "auth_mgr_exports.h" +#include "auth_mgr_common.h" + +typedef struct pac_global_oper_table_s +{ + /* number of authorized clients */ + uint32 authCount; + /* number of authorized clients in monitor mode */ + uint32 authCountMonMode; +}pac_global_oper_table_t; + +typedef struct pac_port_oper_table_s +{ + /* Authentication methods */ + AUTHMGR_METHOD_t enabledMethods[AUTHMGR_METHOD_LAST]; + /* Authentication priority */ + AUTHMGR_METHOD_t enabledPriority[AUTHMGR_METHOD_LAST]; +}pac_port_oper_table_t; + +typedef struct pac_authenticated_clients_oper_table_s +{ + uchar8 currentIdL; /* ID of current auth session (0-255) */ + AUTHMGR_PORT_STATUS_t auth_status; + AUTHMGR_METHOD_t authenticatedMethod; + uchar8 serverState[AUTHMGR_SERVER_STATE_LEN]; + uint32 serverStateLen; + uchar8 serverClass[AUTHMGR_SERVER_CLASS_LEN]; + uint32 serverClassLen; + uint32 sessionTimeoutRcvdFromRadius; + uint32 sessionTimeoutOper; + char8 userName[AUTHMGR_USER_NAME_LEN]; + uint32 userNameLen; + uint32 terminationAction; + authmgrVlanType_t vlanType; /* assigned vlan category */ + uint32 vlanId; + uint32 sessionTime; + uint32 lastAuthTime; + USER_MGR_AUTH_METHOD_t backend_auth_method; + +}pac_authenticated_clients_oper_table_t; + + +void PacAuthClientOperTblSet(uint32 intIfNum, enetMacAddr_t macAddr, + pac_authenticated_clients_oper_table_t *client_info); +void PacAuthClientOperTblDel(uint32 intIfNum, enetMacAddr_t macAddr); + +void PacGlobalOperTblSet(pac_global_oper_table_t *info); + +void PacPortOperTblSet(uint32 intIfNum, AUTHMGR_METHOD_t *enabledMethods, + AUTHMGR_METHOD_t *enabledPriority); + +void PacOperTblCleanup(void); + +#ifdef __cplusplus +} +#endif