From dca01e4abffac9f68e46de5274d0617ff0cc8ad8e58506767f432c23ed072df5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=96=9F=E9=85=8C=20=E9=B5=AC=E5=85=84?= <tgckpg@gmail.com>
Date: Mon, 11 May 2026 02:13:10 +0800
Subject: [PATCH] Added cmm image

---
 ask/cmm/cmm.conf                              | 26 +++++++
 ask/cmm/entrypoint.sh                         | 38 ++++++++++
 docker/ask.Dockerfile                         |  2 +-
 docker/cmm.Dockerfile                         | 15 ++++
 docs/vendor-resources.md                      |  6 +-
 makefile                                      | 14 +++-
 .../cmm/0001-cmm-add-foreground-mode.patch    | 75 +++++++++++++++++++
 .../0002-cmm-support-stdout-log-target.patch  | 36 +++++++++
 8 files changed, 206 insertions(+), 6 deletions(-)
 create mode 100644 ask/cmm/cmm.conf
 create mode 100644 ask/cmm/entrypoint.sh
 create mode 100644 docker/cmm.Dockerfile
 create mode 100644 patches/ask/cmm/0001-cmm-add-foreground-mode.patch
 create mode 100644 patches/ask/cmm/0002-cmm-support-stdout-log-target.patch

diff --git a/ask/cmm/cmm.conf b/ask/cmm/cmm.conf
new file mode 100644
index 0000000..5951418
--- /dev/null
+++ b/ask/cmm/cmm.conf
@@ -0,0 +1,26 @@
+# CMM Fast Forward configuration
+# This file specifies traffic that should NOT be offloaded to the fast path
+
+# Don't Fast Forward FTP traffic (needs ALG)
+config fastforward ftp
+	option proto		tcp
+	option port		21
+
+# Don't Fast Forward SIP (needs ALG)
+config fastforward sip
+	option proto		udp
+	option port		5060
+
+# Don't Fast Forward PPTP control
+config fastforward pptp
+	option proto		tcp
+	option port		1723
+
+# Optional logging
+# NOTE: "stdout" only supported in our own patched version
+config logging
+	option file	stdout
+	option command	0
+	option error	1
+	option warning	1
+	option info	1
diff --git a/ask/cmm/entrypoint.sh b/ask/cmm/entrypoint.sh
new file mode 100644
index 0000000..c8c91ec
--- /dev/null
+++ b/ask/cmm/entrypoint.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+set -eu
+
+CMM_CONFIG="${CMM_CONFIG:-/etc/cmm/cmm.conf}"
+
+# Vendor default from cmm.service: (131072 = 128 * 1024) max active conntrack/offload entries
+CMM_MAX_CONNECTIONS="${CMM_MAX_CONNECTIONS:-131072}"
+
+mkdir -p /run/ask /var/log
+
+echo "[ask] loading auto_bridge"
+modprobe auto_bridge || true
+
+echo "[ask] loading cdx"
+modprobe cdx
+
+echo "[ask] waiting for /dev/cdx_ctrl"
+for i in $(seq 1 40); do
+	if [ -e /dev/cdx_ctrl ]; then
+		break
+	fi
+	sleep 0.25
+done
+test -e /dev/cdx_ctrl
+
+if [ ! -e /run/ask/dpa_app.loaded ]; then
+	echo "[ask] running dpa_app"
+	/bin/dpa_app
+	touch /run/ask/dpa_app.loaded
+else
+	echo "[ask] dpa_app already loaded; skipping"
+fi
+
+echo "[ask] loading fci"
+modprobe fci
+
+echo "[ask] starting cmm"
+exec /bin/cmm -D -f "$CMM_CONFIG" -n "$CMM_MAX_CONNECTIONS"
diff --git a/docker/ask.Dockerfile b/docker/ask.Dockerfile
index 0372f4a..82e6028 100644
--- a/docker/ask.Dockerfile
+++ b/docker/ask.Dockerfile
@@ -284,7 +284,7 @@ RUN mkdir -p /out/rootfs-cfg/etc/dpa && \
 	cp "${ASK_DIR}/config/gateway-dk/cdx_cfg.xml" /out/rootfs-cfg/etc/dpa/ && \
 	cp -r /src/fmc/etc/* /out/rootfs-cfg/etc && \
 	mkdir -p /out/rootfs-cfg/etc/cmm && \
-	cp "${ASK_DIR}/config/fastforward" /out/rootfs-cfg/etc/cmm/
+	cp "${ASK_DIR}/config/fastforward" /out/rootfs-cfg/etc/cmm/fastforward.vendor.orig
 
 
 FROM scratch AS export
diff --git a/docker/cmm.Dockerfile b/docker/cmm.Dockerfile
new file mode 100644
index 0000000..a1f877f
--- /dev/null
+++ b/docker/cmm.Dockerfile
@@ -0,0 +1,15 @@
+ARG ALPINE_SERIES=3.23
+FROM alpine:${ALPINE_SERIES}
+
+RUN apk add --no-cache kmod busybox-extras
+
+COPY ./out/ASK/rootfs-cfg/etc /etc
+COPY ./out/ASK/bin/cmm /bin/cmm
+COPY ./out/ASK/bin/dpa_app /bin/dpa_app
+COPY ./ask/cmm/cmm.conf /etc/cmm/cmm.conf
+COPY ./ask/cmm/entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /bin/cmm /bin/dpa_app /entrypoint.sh \
+ && mkdir -p /run/ask /var/log
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/docs/vendor-resources.md b/docs/vendor-resources.md
index 7f67794..be822ec 100644
--- a/docs/vendor-resources.md
+++ b/docs/vendor-resources.md
@@ -88,7 +88,7 @@ set -eu
 
 FILES="
 bin/cmm
-rootfs-cfg/etc/cmm/fastforward
+rootfs-cfg/etc/cmm/fastforward.vendor.orig
 "
 
 SIZE=$(
@@ -110,7 +110,7 @@ SIZE=$(
   echo 'tar -xzf /tmp/cmm-test.tar.gz -C /var/cmm-test'
 
   echo 'install -m 0755 /var/cmm-test/bin/cmm /var/ask/bin/cmm'
-  echo 'install -m 0644 /var/cmm-test/rootfs-cfg/etc/cmm/fastforward /var/ask/etc/cmm/fastforward'
+  echo 'install -m 0644 /var/cmm-test/rootfs-cfg/etc/cmm/fastforward.vendor.orig /var/ask/etc/cmm/fastforward'
 
   echo 'ls -l /var/ask/bin/cmm /var/ask/etc/cmm/fastforward /dev/cdx_ctrl'
   echo 'ldd /var/ask/bin/cmm || true'
@@ -118,7 +118,7 @@ SIZE=$(
   echo 'test -e /sys/class/vwd/vwd0/vwd_fast_path_enable && echo 1 > /sys/class/vwd/vwd0/vwd_fast_path_enable || true'
 
   echo 'echo Running cmm'
-  echo '/var/ask/bin/cmm -f /var/ask/etc/cmm/fastforward -n 131072'
+  echo '/var/ask/bin/cmm -D -f /var/ask/etc/cmm/fastforward -n 131072'
   echo 'echo exit=$?'
 ) | nc 10.0.0.10 1234
 ```
diff --git a/makefile b/makefile
index a3b7995..f5197a5 100644
--- a/makefile
+++ b/makefile
@@ -247,6 +247,17 @@ ASK: $(ASK_TAR) $(LIBNFCT_TAR) $(LIBNFNETLINK_TAR) $(TCLAP_TAR) $(LIBXML2_TAR) |
 		--build-arg DEVICE_TREE_TARGET=$(DEVICE_TREE_TARGET) \
 		--output type=local,dest=./$(OUT_DIR)/ASK .
 
+cmm-image: ASK
+	docker buildx build \
+		--platform linux/arm64 \
+		-f docker/cmm.Dockerfile \
+		--build-arg ALPINE_SERIES=$(ALPINE_SERIES) \
+		--load \
+		-t $(IMAGE_REPOSITORY)/cmm:$(KUBE_VERSION)-$(TAG) .
+
+push-cmm-image: cmm-image
+	docker push $(IMAGE_REPOSITORY)/cmm:$(KUBE_VERSION)-$(TAG)
+
 vpp: $(BUILD_BASE_STAMP) $(VPP_TAR) $(DPDK_TAR) $(FMLIB_TAR) $(FMC_TAR) $(NXP_TAR)
 	@build_base_tag=$$(docker image inspect \
 		--format '{{.Id}}' \
@@ -337,7 +348,6 @@ $(RELEASE_IMAGE): $(RELEASE_DEPS) $(DOWNLOAD_PACKAGES_STAMP) | $(OUT_DIR)
 
 	test -f $@
 
-
 # ---- config targets ------------------------------------------------------------
 
 cluster-config: $(CLUSTER_ENV_DEFAULT) $(CLUSTER_ENV_WORK) $(SCRIPTS_DIR)/merge-env.sh | $(OUT_DIR)
@@ -403,5 +413,5 @@ pkgclean:
 	rm -rf $(PACKAGES_DIR)
 
 .PHONY: release kernel initramfs itb build-base clitools clean distclean pkgclean \
-	vpp ASK \
+	vpp ASK cmm-image \
 	cluster-config cluster-defconfig cluster-print
diff --git a/patches/ask/cmm/0001-cmm-add-foreground-mode.patch b/patches/ask/cmm/0001-cmm-add-foreground-mode.patch
new file mode 100644
index 0000000..ab59ddd
--- /dev/null
+++ b/patches/ask/cmm/0001-cmm-add-foreground-mode.patch
@@ -0,0 +1,75 @@
+From 7b6ff0e4a7b5e7d422c787d55225ecaa32afc8e4 Mon Sep 17 00:00:00 2001
+From: Mono <dev@mono>
+Date: Sun, 10 May 2026 15:53:21 +0000
+Subject: [PATCH] cmm: add foreground mode
+
+---
+ cmm/src/cmm.c | 24 +++++++++++++++++-------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/cmm/src/cmm.c b/cmm/src/cmm.c
+index 6452476..1bbc73e 100644
+--- a/cmm/src/cmm.c
++++ b/cmm/src/cmm.c
+@@ -339,6 +339,7 @@ int main (int argc, char ** argv)
+ 	struct sigaction action;
+ 	int option,ii;
+ 	char *buf;
++	int foreground = 0;
+ 	int ret = 0;
+ 	int ch;
+ 
+@@ -402,7 +403,7 @@ int main (int argc, char ** argv)
+ 	}
+ 
+ 	// Analyse the command line
+-	while ((option = getopt(argc, argv, "c:f:n:hv")) != -1)
++	while ((option = getopt(argc, argv, "c:f:n:hvD")) != -1)
+ 	{
+ 		switch (option)
+ 		{
+@@ -424,6 +425,10 @@ int main (int argc, char ** argv)
+ 				}
+ 				break;
+ 
++			case 'D':	// Do not daemonize; run in foreground
++				foreground = 1;
++				break;
++
+ 			case 'h':	// Print help
+ 				cmmHelp();
+ 				return 0;
+@@ -443,9 +448,11 @@ int main (int argc, char ** argv)
+ 		goto err0;
+ 	}
+ 
+-	// Daemonize the application
+-	if(daemon(0, 1) == -1)
+-		goto err0;
++	// Daemonize the application unless foreground mode was requested
++	if (!foreground) {
++		if(daemon(0, 1) == -1)
++			goto err0;
++	}
+ 	//Ensure clean termination
+ 	action.sa_handler = sig_term_hdlr;
+ 	sigemptyset(&action.sa_mask);
+@@ -471,9 +478,12 @@ int main (int argc, char ** argv)
+ 	//schedParams.sched_priority = 99;
+ 	//sched_setscheduler(0, SCHED_FIFO, &schedParams);
+ 
+-	//Init process does not set stdout on console
+-	if(freopen("/dev/console", "w", stdout) == NULL)
+-		goto err0;		
++	// Init process does not set stdout on console.
++	// In foreground mode, keep stdout attached to the caller/container.
++	if (!foreground) {
++		if(freopen("/dev/console", "w", stdout) == NULL)
++			goto err0;
++	}
+ 	sigemptyset(&block_mask);
+ 	sigaddset(&block_mask, SIGTERM);
+ 	sigaddset(&block_mask, SIGPIPE);
+-- 
+2.47.3
+
diff --git a/patches/ask/cmm/0002-cmm-support-stdout-log-target.patch b/patches/ask/cmm/0002-cmm-support-stdout-log-target.patch
new file mode 100644
index 0000000..818836b
--- /dev/null
+++ b/patches/ask/cmm/0002-cmm-support-stdout-log-target.patch
@@ -0,0 +1,36 @@
+From 787cf734c807eecc479776ab6ac5c2c43c72e93d Mon Sep 17 00:00:00 2001
+From: Patch <patch@example.com>
+Date: Sun, 10 May 2026 17:37:49 +0000
+Subject: [PATCH] cmm: support stdout log target
+
+
+diff --git a/cmm/src/ffcontrol.c b/cmm/src/ffcontrol.c
+index 4c9bdf1..b2b6b53 100644
+--- a/cmm/src/ffcontrol.c
++++ b/cmm/src/ffcontrol.c
+@@ -19,6 +19,7 @@
+ #include <string.h>
+ #include <signal.h>
+ #include <ctype.h>
++#include <unistd.h>
+ 
+ /* bits/sockaddr.h is glibc internal, use sys/socket.h (already included) */
+ #include <asm/types.h>
+@@ -865,7 +866,13 @@ static int section_logging_option_hdlr(void *data, int argc, char **argv)
+ 
+ 	if (!strcasecmp(option, "file"))
+ 	{
+-		globalConf.logFile = fopen(value, "a");
++		if (!strcasecmp(value, "stdout") || !strcmp(value, "-"))
++			globalConf.logFile = fdopen(dup(STDOUT_FILENO), "a");
++		else if (!strcasecmp(value, "stderr"))
++			globalConf.logFile = fdopen(dup(STDERR_FILENO), "a");
++		else
++			globalConf.logFile = fopen(value, "a");
++
+ 		if (!globalConf.logFile)
+ 		{
+ 			cmm_print(DEBUG_CRIT, "cmmFcParser: Opening logfile %s returned error %s.\n", value, strerror(errno));
+-- 
+2.47.3
+