update embed all id to construct path of flow

a168d01e · NGUYEN Do Duc Anh · 30043fde · a168d01e · a168d01e
Commit a168d01e authored 2 months ago by NGUYEN Do Duc Anh
--- a/simple-IDS/custom_option.ml
+++ b/simple-IDS/custom_option.ml
@@ -16,42 +16,38 @@ let header_size = 4
 let entry_size = 8

 let print_entry_type entry =
-  Logs.err (fun m ->
+  Logs.info (fun m ->
      m "{ id_val = %d; inter_val = %d; cmd_val = %d; addition_info_val = %ld }" entry.id_val entry.inter_val entry.cmd_val entry.addition_info_val)

 (* Function to print a value of type t *)
 let print_t t =
-  Logs.err (fun m -> m "\n");
-  Logs.err (fun m -> m "  option_type = %d;" t.option_type);
-  Logs.err (fun m -> m "  length = %d;" t.length);
-  Logs.err (fun m -> m "  count = %d;" t.count);
-  Logs.err (fun m -> m "  entries = [");
+  Logs.info (fun m -> m "\n");
+  Logs.info (fun m -> m "  option_type = %d;" t.option_type);
+  Logs.info (fun m -> m "  length = %d;" t.length);
+  Logs.info (fun m -> m "  count = %d;" t.count);
+  Logs.info (fun m -> m "  entries = [");
  List.iter print_entry_type t.entries;
-  Logs.err (fun m -> m "  ];");
-  Logs.err (fun m -> m "}\n")
+  Logs.info (fun m -> m "  ];");
+  Logs.info (fun m -> m "}\n")

 (* Create a map module with IP addresses as keys and value tuples as values *)
 module IpV4Map = Map.Make (Ipaddr.V4)

-let map_entry_to_string ip (id_val, inter_val) = Printf.sprintf "%s -> (id_val = %ld, inter_val = %d)" (Ipaddr.V4.to_string ip) id_val inter_val
+let map_entry_to_string ip lst =
+  Log.info (fun f -> f "%s ->" (Ipaddr.V4.to_string ip));
+  List.iter (fun (id_val, inter_val) -> Log.info (fun f -> f "  (id_val = %ld, inter_val = %d)" id_val inter_val)) lst

-(* Function to convert the entire map to a string *)
+(* Function to log the entire map *)
 let map_to_string map =
  let entries = IpV4Map.bindings map in
-  let entry_strings = List.map (fun (ip, value) -> map_entry_to_string ip value) entries in
-  "{" ^ String.concat "; " entry_strings ^ "}"
-
-(* Function to log the map using Logs.err *)
-let log_map map =
-  let map_str = map_to_string map in
-  Log.err (fun m -> m "%s" map_str)
+  List.iter (fun (ip, value) -> map_entry_to_string ip value) entries

 let cmd_DECISION_DROP = 0
 let cmd_REGISTER = 1
 let map_ip = ref IpV4Map.empty

-let add_to_map ip id_val inter_val map =
-  let value = (id_val, inter_val) in
+let add_to_map ip updated_path map =
+  let value = updated_path in
  IpV4Map.add ip value !map

 let create id_val inter_val cmd_val addition_info_val =
@@ -105,24 +101,42 @@ type ipv4_option =
  | Custom_option of Cstruct.t (* Your custom option with its own Cstruct *)
  | Unknown_option of int * Cstruct.t (* Unknown option type with raw Cstruct *)

+let id_val_of_addition_info (info : Int32.t) : int = Int32.(to_int (shift_right_logical info 16) land 0xFFFF)
+let inter_val_of_addition_info (info : Int32.t) : int = Int32.(to_int (shift_right_logical info 8) land 0xFF)
+let cmd_val_of_addition_info (info : Int32.t) : int = Int32.(to_int info land 0xFF)
+
 let update_node_info ip custom_option =
  let entries = custom_option.entries in
-  let rec update_node_from_entries entries =
+  let rec update_node_from_entries entries updated_path =
    match entries with
-    | [] -> ()
-    | { id_val; inter_val; cmd_val; _ } :: tail when cmd_val = cmd_REGISTER ->
-        map_ip := add_to_map ip id_val inter_val map_ip;
-        update_node_from_entries tail
-    | _ :: tail -> update_node_from_entries tail
+    | [] -> updated_path
+    | { id_val; inter_val; cmd_val; addition_info_val } :: tail when cmd_val = cmd_REGISTER ->
+        let id_val_2 = id_val_of_addition_info addition_info_val in
+        let inter_val_2 = inter_val_of_addition_info addition_info_val in
+        (* let cmd_val_2 = cmd_val_of_addition_info addition_info_val in *)
+        update_node_from_entries tail ((id_val, inter_val) :: (id_val_2, inter_val_2) :: updated_path)
+    | _ :: tail -> update_node_from_entries tail updated_path
  in
-  update_node_from_entries entries
+  map_ip := add_to_map ip (update_node_from_entries entries []) map_ip

 let get_decision_list ip_dst attacker_ip_lst =
-  let find_matching_attackers attacker_ips id_val map =
-    List.filter_map (fun ip -> match IpV4Map.find_opt ip map with Some (id, inter) when id = id_val -> Some (ip, id, inter) | _ -> None) attacker_ips
+  let find_matching_attackers attacker_ips path =
+    List.filter_map
+      (fun ip ->
+        (* For each attacker IP, see if the packet is in the path through the appropriate node *)
+        List.find_map
+          (fun (id_val, _) ->
+            match IpV4Map.find_opt ip !map_ip with
+            | Some path_list -> (
+                match path_list with
+                | (attacker_id_val, attacker_inter_val) :: _ when attacker_id_val = id_val ->
+                    Some (ip, attacker_id_val, attacker_inter_val) (* Return the full tuple *)
+                | _ -> None)
+            | None -> None)
+          path)
+      attacker_ips
  in
-
-  match IpV4Map.find_opt ip_dst !map_ip with Some (id_val, _) -> find_matching_attackers attacker_ip_lst id_val !map_ip | None -> []
+  match IpV4Map.find_opt ip_dst !map_ip with Some path -> find_matching_attackers attacker_ip_lst path | None -> []

 let read_and_append_custom_opt ip_src decision_list options_cs =
  if Cstruct.length options_cs = 0 then (
@@ -130,8 +144,7 @@ let read_and_append_custom_opt ip_src decision_list options_cs =
    Cstruct.empty)
  else
    let rec append_custom_opt options_cs =
-      if Cstruct.length options_cs = 0 then
-        options_cs
+      if Cstruct.length options_cs = 0 then options_cs
      else
        let option_type = Cstruct.get_uint8 options_cs 0 in
        match option_type with
@@ -170,7 +183,7 @@ let read_and_append_custom_opt ip_src decision_list options_cs =
 let rec read_custom_opt ip_src options_cs (node_id, node_inter_num) =
  if Cstruct.length options_cs = 0 then (
    Logs.err (fun m -> m "Save my own node ID: %d and interface number %d" node_id node_inter_num);
-    map_ip := add_to_map ip_src node_id node_inter_num map_ip)
+    map_ip := add_to_map ip_src [ (node_id, node_inter_num) ] map_ip)
  else
    (* Get the option type (first byte) *)
    let option_type = Cstruct.get_uint8 options_cs 0 in

--- a/ubuntu_base/op_ebpf.c
+++ b/ubuntu_base/op_ebpf.c
@@ -132,11 +132,18 @@ int op_ebpf(struct xdp_md *ctx)
                //                }
                if (cmd_val == REGISTER)
                {
+                    __u16 id_val_2nd = bpf_ntohs((__u16)(addition_info >> 16));
+                    if (id_val_2nd == 0)
+                    {
+                        entry->addition_info = ((__u32)bpf_htons(id_val_2nd) << 16) | // Upper 16 bits: id_val_2nd
+                                               ((__u32)ctx->ingress_ifindex << 8) |   // Next 8 bits: inter_val_2nd
+                                               (__u32)REGISTER;                       // Lowest 8 bits: cmd_val_2nd
                        is_register = 0;
                    }
                }
            }
        }
+    }

    if (is_register)
    {