2 * Copyright (c) 2017-2019 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 /** Generate typed init functions for multiple hash table styles... */
17 #include <vppinfra/bihash_16_8.h>
18 #include <vppinfra/bihash_template.h>
20 #include <vppinfra/bihash_template.c>
22 #undef __included_bihash_template_h__
24 #include <vppinfra/bihash_48_8.h>
25 #include <vppinfra/bihash_template.h>
27 #include <vppinfra/bihash_template.c>
28 #include <vnet/session/session_lookup.h>
29 #include <vnet/session/session.h>
30 #include <vnet/session/application.h>
32 static session_lookup_main_t sl_main;
35 * Network namespace index (i.e., fib index) to session lookup table. We
36 * should have one per network protocol type but for now we only support IP4/6
38 static u32 *fib_index_to_table_index[2];
42 typedef CLIB_PACKED (struct {
51 /* align by making this 4 octets even though its a 1-bit field
52 * NOTE: avoid key overlap with other transports that use 5 tuples for
53 * session identification.
59 }) v4_connection_key_t;
61 typedef CLIB_PACKED (struct {
76 }) v6_connection_key_t;
79 typedef clib_bihash_kv_16_8_t session_kv4_t;
80 typedef clib_bihash_kv_48_8_t session_kv6_t;
83 make_v4_ss_kv (session_kv4_t * kv, ip4_address_t * lcl, ip4_address_t * rmt,
84 u16 lcl_port, u16 rmt_port, u8 proto)
86 kv->key[0] = (u64) rmt->as_u32 << 32 | (u64) lcl->as_u32;
87 kv->key[1] = (u64) proto << 32 | (u64) rmt_port << 16 | (u64) lcl_port;
92 make_v4_listener_kv (session_kv4_t * kv, ip4_address_t * lcl, u16 lcl_port,
95 kv->key[0] = (u64) lcl->as_u32;
96 kv->key[1] = (u64) proto << 32 | (u64) lcl_port;
101 make_v4_proxy_kv (session_kv4_t * kv, ip4_address_t * lcl, u8 proto)
103 kv->key[0] = (u64) lcl->as_u32;
104 kv->key[1] = (u64) proto << 32;
109 make_v4_ss_kv_from_tc (session_kv4_t * kv, transport_connection_t * tc)
111 make_v4_ss_kv (kv, &tc->lcl_ip.ip4, &tc->rmt_ip.ip4, tc->lcl_port,
112 tc->rmt_port, tc->proto);
116 make_v6_ss_kv (session_kv6_t * kv, ip6_address_t * lcl, ip6_address_t * rmt,
117 u16 lcl_port, u16 rmt_port, u8 proto)
119 kv->key[0] = lcl->as_u64[0];
120 kv->key[1] = lcl->as_u64[1];
121 kv->key[2] = rmt->as_u64[0];
122 kv->key[3] = rmt->as_u64[1];
123 kv->key[4] = (u64) proto << 32 | (u64) rmt_port << 16 | (u64) lcl_port;
129 make_v6_listener_kv (session_kv6_t * kv, ip6_address_t * lcl, u16 lcl_port,
132 kv->key[0] = lcl->as_u64[0];
133 kv->key[1] = lcl->as_u64[1];
136 kv->key[4] = (u64) proto << 32 | (u64) lcl_port;
142 make_v6_proxy_kv (session_kv6_t * kv, ip6_address_t * lcl, u8 proto)
144 kv->key[0] = lcl->as_u64[0];
145 kv->key[1] = lcl->as_u64[1];
148 kv->key[4] = (u64) proto << 32;
154 make_v6_ss_kv_from_tc (session_kv6_t * kv, transport_connection_t * tc)
156 make_v6_ss_kv (kv, &tc->lcl_ip.ip6, &tc->rmt_ip.ip6, tc->lcl_port,
157 tc->rmt_port, tc->proto);
161 session_table_alloc_needs_sync (void)
163 return !vlib_thread_is_main_w_barrier () && (vlib_num_workers () > 1);
166 static session_table_t *
167 session_table_get_or_alloc (u8 fib_proto, u32 fib_index)
171 ASSERT (fib_index != ~0);
172 if (vec_len (fib_index_to_table_index[fib_proto]) > fib_index &&
173 fib_index_to_table_index[fib_proto][fib_index] != ~0)
175 table_index = fib_index_to_table_index[fib_proto][fib_index];
176 return session_table_get (table_index);
180 u8 needs_sync = session_table_alloc_needs_sync ();
181 session_lookup_main_t *slm = &sl_main;
183 /* Stop workers, otherwise consumers might be affected. This is
184 * acceptable because new tables should seldom be allocated */
187 vlib_workers_sync ();
189 /* We might have a race, only one worker allowed at once */
190 clib_spinlock_lock (&slm->st_alloc_lock);
193 st = session_table_alloc ();
194 table_index = session_table_index (st);
195 vec_validate_init_empty (fib_index_to_table_index[fib_proto], fib_index,
197 fib_index_to_table_index[fib_proto][fib_index] = table_index;
198 st->active_fib_proto = fib_proto;
199 session_table_init (st, fib_proto);
203 clib_spinlock_unlock (&slm->st_alloc_lock);
204 vlib_workers_continue ();
211 static session_table_t *
212 session_table_get_or_alloc_for_connection (transport_connection_t * tc)
215 fib_proto = transport_connection_fib_proto (tc);
216 return session_table_get_or_alloc (fib_proto, tc->fib_index);
219 static session_table_t *
220 session_table_get_for_connection (transport_connection_t * tc)
222 u32 fib_proto = transport_connection_fib_proto (tc);
223 if (vec_len (fib_index_to_table_index[fib_proto]) <= tc->fib_index)
226 session_table_get (fib_index_to_table_index[fib_proto][tc->fib_index]);
229 static session_table_t *
230 session_table_get_for_fib_index (u32 fib_proto, u32 fib_index)
232 if (vec_len (fib_index_to_table_index[fib_proto]) <= fib_index)
234 return session_table_get (fib_index_to_table_index[fib_proto][fib_index]);
238 session_lookup_get_index_for_fib (u32 fib_proto, u32 fib_index)
240 if (vec_len (fib_index_to_table_index[fib_proto]) <= fib_index)
241 return SESSION_TABLE_INVALID_INDEX;
242 return fib_index_to_table_index[fib_proto][fib_index];
246 session_lookup_get_or_alloc_index_for_fib (u32 fib_proto, u32 fib_index)
249 st = session_table_get_or_alloc (fib_proto, fib_index);
250 return session_table_index (st);
254 * Add transport connection to a session table
256 * Session lookup 5-tuple (src-ip, dst-ip, src-port, dst-port, session-type)
257 * is added to requested session table.
259 * @param tc transport connection to be added
260 * @param value value to be stored
262 * @return non-zero if failure
265 session_lookup_add_connection (transport_connection_t * tc, u64 value)
271 st = session_table_get_or_alloc_for_connection (tc);
276 make_v4_ss_kv_from_tc (&kv4, tc);
278 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4,
283 make_v6_ss_kv_from_tc (&kv6, tc);
285 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6,
291 session_lookup_add_session_endpoint (u32 table_index,
292 session_endpoint_t * sep, u64 value)
298 st = session_table_get (table_index);
303 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
304 sep->transport_proto);
306 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4, 1);
310 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
311 sep->transport_proto);
313 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6, 1);
318 session_lookup_del_session_endpoint (u32 table_index,
319 session_endpoint_t * sep)
325 st = session_table_get (table_index);
330 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
331 sep->transport_proto);
332 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4, 0);
336 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
337 sep->transport_proto);
338 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6, 0);
343 session_lookup_del_session_endpoint2 (session_endpoint_t * sep)
345 fib_protocol_t fib_proto;
350 fib_proto = sep->is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
351 st = session_table_get_for_fib_index (fib_proto, sep->fib_index);
356 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
357 sep->transport_proto);
358 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4, 0);
362 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
363 sep->transport_proto);
364 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6, 0);
369 * Delete transport connection from session table
371 * @param table_index session table index
372 * @param tc transport connection to be removed
374 * @return non-zero if failure
377 session_lookup_del_connection (transport_connection_t * tc)
383 st = session_table_get_for_connection (tc);
388 make_v4_ss_kv_from_tc (&kv4, tc);
389 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4,
394 make_v6_ss_kv_from_tc (&kv6, tc);
395 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6,
401 session_lookup_del_session (session_t * s)
403 transport_connection_t *ts;
404 ts = transport_get_connection (session_get_transport_proto (s),
405 s->connection_index, s->thread_index);
406 if (!ts || (ts->flags & TRANSPORT_CONNECTION_F_NO_LOOKUP))
408 return session_lookup_del_connection (ts);
412 session_lookup_action_index_is_valid (u32 action_index)
414 if (action_index == SESSION_RULES_TABLE_ACTION_ALLOW
415 || action_index == SESSION_RULES_TABLE_INVALID_INDEX)
421 session_lookup_action_to_handle (u32 action_index)
423 switch (action_index)
425 case SESSION_RULES_TABLE_ACTION_DROP:
426 return SESSION_DROP_HANDLE;
427 case SESSION_RULES_TABLE_ACTION_ALLOW:
428 case SESSION_RULES_TABLE_INVALID_INDEX:
429 return SESSION_INVALID_HANDLE;
431 /* application index */
437 session_lookup_app_listen_session (u32 app_index, u8 fib_proto,
441 app = application_get_if_valid (app_index);
445 return app_worker_first_listener (application_get_default_worker (app),
446 fib_proto, transport_proto);
450 session_lookup_action_to_session (u32 action_index, u8 fib_proto,
454 app_index = session_lookup_action_to_handle (action_index);
455 /* Nothing sophisticated for now, action index is app index */
456 return session_lookup_app_listen_session (app_index, fib_proto,
462 session_lookup_rules_table_session4 (session_table_t * st, u8 proto,
463 ip4_address_t * lcl, u16 lcl_port,
464 ip4_address_t * rmt, u16 rmt_port)
466 session_rules_table_t *srt = &st->session_rules[proto];
467 u32 action_index, app_index;
468 action_index = session_rules_table_lookup4 (srt, lcl, rmt, lcl_port,
470 app_index = session_lookup_action_to_handle (action_index);
471 /* Nothing sophisticated for now, action index is app index */
472 return session_lookup_app_listen_session (app_index, FIB_PROTOCOL_IP4,
478 session_lookup_rules_table_session6 (session_table_t * st, u8 proto,
479 ip6_address_t * lcl, u16 lcl_port,
480 ip6_address_t * rmt, u16 rmt_port)
482 session_rules_table_t *srt = &st->session_rules[proto];
483 u32 action_index, app_index;
484 action_index = session_rules_table_lookup6 (srt, lcl, rmt, lcl_port,
486 app_index = session_lookup_action_to_handle (action_index);
487 return session_lookup_app_listen_session (app_index, FIB_PROTOCOL_IP6,
492 * Lookup listener for session endpoint in table
494 * @param table_index table where the endpoint should be looked up
495 * @param sep session endpoint to be looked up
496 * @param use_rules flag that indicates if the session rules of the table
498 * @return invalid handle if nothing is found, the handle of a valid listener
499 * or an action derived handle if a rule is hit
502 session_lookup_endpoint_listener (u32 table_index, session_endpoint_t * sep,
505 session_rules_table_t *srt;
510 st = session_table_get (table_index);
512 return SESSION_INVALID_HANDLE;
518 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
519 sep->transport_proto);
520 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
525 clib_memset (&lcl4, 0, sizeof (lcl4));
526 srt = &st->session_rules[sep->transport_proto];
527 ai = session_rules_table_lookup4 (srt, &lcl4, &sep->ip.ip4, 0,
529 if (session_lookup_action_index_is_valid (ai))
530 return session_lookup_action_to_handle (ai);
538 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
539 sep->transport_proto);
540 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
546 clib_memset (&lcl6, 0, sizeof (lcl6));
547 srt = &st->session_rules[sep->transport_proto];
548 ai = session_rules_table_lookup6 (srt, &lcl6, &sep->ip.ip6, 0,
550 if (session_lookup_action_index_is_valid (ai))
551 return session_lookup_action_to_handle (ai);
554 return SESSION_INVALID_HANDLE;
558 * Look up endpoint in local session table
560 * The result, for now, is an application index and it may in the future
561 * be extended to a more complicated "action object". The only action we
562 * emulate now is "drop" and for that we return a special app index.
564 * Lookup logic is to check in order:
565 * - the rules in the table (connect acls)
566 * - session sub-table for a listener
567 * - session sub-table for a local listener (zeroed addr)
569 * @param table_index table where the lookup should be done
570 * @param sep session endpoint to be looked up
571 * @return session handle that can be interpreted as an adjacency
574 session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep)
576 session_rules_table_t *srt;
581 st = session_table_get (table_index);
583 return SESSION_INVALID_INDEX;
584 ASSERT (st->is_local);
592 * Check if endpoint has special rules associated
594 clib_memset (&lcl4, 0, sizeof (lcl4));
595 srt = &st->session_rules[sep->transport_proto];
596 ai = session_rules_table_lookup4 (srt, &lcl4, &sep->ip.ip4, 0,
598 if (session_lookup_action_index_is_valid (ai))
599 return session_lookup_action_to_handle (ai);
602 * Check if session endpoint is a listener
604 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
605 sep->transport_proto);
606 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
611 * Zero out the ip. Logic is that connect to local ips, say
612 * 127.0.0.1:port, can match 0.0.0.0:port
614 if (ip4_is_local_host (&sep->ip.ip4))
617 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
627 * Zero out the port and check if we have proxy
630 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
639 clib_memset (&lcl6, 0, sizeof (lcl6));
640 srt = &st->session_rules[sep->transport_proto];
641 ai = session_rules_table_lookup6 (srt, &lcl6, &sep->ip.ip6, 0,
643 if (session_lookup_action_index_is_valid (ai))
644 return session_lookup_action_to_handle (ai);
646 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
647 sep->transport_proto);
648 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
653 * Zero out the ip. Same logic as above.
656 if (ip6_is_local_host (&sep->ip.ip6))
658 kv6.key[0] = kv6.key[1] = 0;
659 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
665 kv6.key[0] = kv6.key[1] = 0;
669 * Zero out the port. Same logic as above.
671 kv6.key[4] = kv6.key[5] = 0;
672 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
676 return SESSION_INVALID_HANDLE;
679 static inline session_t *
680 session_lookup_listener4_i (session_table_t * st, ip4_address_t * lcl,
681 u16 lcl_port, u8 proto, u8 use_wildcard)
687 * First, try a fully formed listener
689 make_v4_listener_kv (&kv4, lcl, lcl_port, proto);
690 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
692 return listen_session_get ((u32) kv4.value);
695 * Zero out the lcl ip and check if any 0/0 port binds have been done
700 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
702 return listen_session_get ((u32) kv4.value);
710 * Zero out port and check if we have a proxy set up for our ip
712 make_v4_proxy_kv (&kv4, lcl, proto);
713 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
715 return listen_session_get ((u32) kv4.value);
721 session_lookup_listener4 (u32 fib_index, ip4_address_t * lcl, u16 lcl_port,
722 u8 proto, u8 use_wildcard)
725 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
728 return session_lookup_listener4_i (st, lcl, lcl_port, proto, use_wildcard);
732 session_lookup_listener6_i (session_table_t * st, ip6_address_t * lcl,
733 u16 lcl_port, u8 proto, u8 ip_wildcard)
738 make_v6_listener_kv (&kv6, lcl, lcl_port, proto);
739 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
741 return listen_session_get ((u32) kv6.value);
743 /* Zero out the lcl ip */
746 kv6.key[0] = kv6.key[1] = 0;
747 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
749 return listen_session_get ((u32) kv6.value);
753 kv6.key[0] = kv6.key[1] = 0;
756 make_v6_proxy_kv (&kv6, lcl, proto);
757 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
759 return listen_session_get ((u32) kv6.value);
764 session_lookup_listener6 (u32 fib_index, ip6_address_t * lcl, u16 lcl_port,
765 u8 proto, u8 use_wildcard)
768 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
771 return session_lookup_listener6_i (st, lcl, lcl_port, proto, use_wildcard);
775 * Lookup listener, exact or proxy (inaddr_any:0) match
778 session_lookup_listener (u32 table_index, session_endpoint_t * sep)
781 st = session_table_get (table_index);
785 return session_lookup_listener4_i (st, &sep->ip.ip4, sep->port,
786 sep->transport_proto, 0);
788 return session_lookup_listener6_i (st, &sep->ip.ip6, sep->port,
789 sep->transport_proto, 0);
794 * Lookup listener wildcard match
797 session_lookup_listener_wildcard (u32 table_index, session_endpoint_t * sep)
800 st = session_table_get (table_index);
804 return session_lookup_listener4_i (st, &sep->ip.ip4, sep->port,
805 sep->transport_proto,
806 1 /* use_wildcard */ );
808 return session_lookup_listener6_i (st, &sep->ip.ip6, sep->port,
809 sep->transport_proto,
810 1 /* use_wildcard */ );
815 session_lookup_add_half_open (transport_connection_t * tc, u64 value)
821 st = session_table_get_or_alloc_for_connection (tc);
826 make_v4_ss_kv_from_tc (&kv4, tc);
828 return clib_bihash_add_del_16_8 (&st->v4_half_open_hash, &kv4,
833 make_v6_ss_kv_from_tc (&kv6, tc);
835 return clib_bihash_add_del_48_8 (&st->v6_half_open_hash, &kv6,
841 session_lookup_del_half_open (transport_connection_t * tc)
847 st = session_table_get_for_connection (tc);
852 make_v4_ss_kv_from_tc (&kv4, tc);
853 return clib_bihash_add_del_16_8 (&st->v4_half_open_hash, &kv4,
858 make_v6_ss_kv_from_tc (&kv6, tc);
859 return clib_bihash_add_del_48_8 (&st->v6_half_open_hash, &kv6,
865 session_lookup_half_open_handle (transport_connection_t * tc)
872 st = session_table_get_for_fib_index (transport_connection_fib_proto (tc),
875 return HALF_OPEN_LOOKUP_INVALID_VALUE;
878 make_v4_ss_kv (&kv4, &tc->lcl_ip.ip4, &tc->rmt_ip.ip4, tc->lcl_port,
879 tc->rmt_port, tc->proto);
880 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
886 make_v6_ss_kv (&kv6, &tc->lcl_ip.ip6, &tc->rmt_ip.ip6, tc->lcl_port,
887 tc->rmt_port, tc->proto);
888 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
892 return HALF_OPEN_LOOKUP_INVALID_VALUE;
895 transport_connection_t *
896 session_lookup_half_open_connection (u64 handle, u8 proto, u8 is_ip4)
898 if (handle != HALF_OPEN_LOOKUP_INVALID_VALUE)
900 u32 sst = session_type_from_proto_and_ip (proto, is_ip4);
901 return transport_get_half_open (sst, handle & 0xFFFFFFFF);
907 * Lookup connection with ip4 and transport layer information
909 * This is used on the fast path so it needs to be fast. Thereby,
910 * duplication of code and 'hacks' allowed.
912 * The lookup is incremental and returns whenever something is matched. The
914 * - Try to find an established session
915 * - Try to find a half-open connection
916 * - Try session rules table
917 * - Try to find a fully-formed or local source wildcarded (listener bound to
918 * all interfaces) listener session
921 * @param fib_index index of fib wherein the connection was received
922 * @param lcl local ip4 address
923 * @param rmt remote ip4 address
924 * @param lcl_port local port
925 * @param rmt_port remote port
926 * @param proto transport protocol (e.g., tcp, udp)
927 * @param thread_index thread index for request
928 * @param is_filtered return flag that indicates if connection was filtered.
930 * @return pointer to transport connection, if one is found, 0 otherwise
932 transport_connection_t *
933 session_lookup_connection_wt4 (u32 fib_index, ip4_address_t * lcl,
934 ip4_address_t * rmt, u16 lcl_port,
935 u16 rmt_port, u8 proto, u32 thread_index,
944 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
945 if (PREDICT_FALSE (!st))
949 * Lookup session amongst established ones
951 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
952 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
955 if (PREDICT_FALSE ((u32) (kv4.value >> 32) != thread_index))
957 *result = SESSION_LOOKUP_RESULT_WRONG_THREAD;
960 s = session_get (kv4.value & 0xFFFFFFFFULL, thread_index);
961 return transport_get_connection (proto, s->connection_index,
966 * Try half-open connections
968 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
970 return transport_get_half_open (proto, kv4.value & 0xFFFFFFFF);
973 * Check the session rules table
975 action_index = session_rules_table_lookup4 (&st->session_rules[proto], lcl,
976 rmt, lcl_port, rmt_port);
977 if (session_lookup_action_index_is_valid (action_index))
979 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
981 *result = SESSION_LOOKUP_RESULT_FILTERED;
984 if ((s = session_lookup_action_to_session (action_index,
985 FIB_PROTOCOL_IP4, proto)))
986 return transport_get_listener (proto, s->connection_index);
991 * If nothing is found, check if any listener is available
993 s = session_lookup_listener4_i (st, lcl, lcl_port, proto, 1);
995 return transport_get_listener (proto, s->connection_index);
1001 * Lookup connection with ip4 and transport layer information
1003 * Not optimized. Lookup logic is identical to that of
1004 * @ref session_lookup_connection_wt4
1006 * @param fib_index index of the fib wherein the connection was received
1007 * @param lcl local ip4 address
1008 * @param rmt remote ip4 address
1009 * @param lcl_port local port
1010 * @param rmt_port remote port
1011 * @param proto transport protocol (e.g., tcp, udp)
1013 * @return pointer to transport connection, if one is found, 0 otherwise
1015 transport_connection_t *
1016 session_lookup_connection4 (u32 fib_index, ip4_address_t * lcl,
1017 ip4_address_t * rmt, u16 lcl_port, u16 rmt_port,
1020 session_table_t *st;
1026 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
1027 if (PREDICT_FALSE (!st))
1031 * Lookup session amongst established ones
1033 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
1034 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
1037 s = session_get_from_handle (kv4.value);
1038 return transport_get_connection (proto, s->connection_index,
1043 * Try half-open connections
1045 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
1047 return transport_get_half_open (proto, kv4.value & 0xFFFFFFFF);
1050 * Check the session rules table
1052 action_index = session_rules_table_lookup4 (&st->session_rules[proto], lcl,
1053 rmt, lcl_port, rmt_port);
1054 if (session_lookup_action_index_is_valid (action_index))
1056 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1058 if ((s = session_lookup_action_to_session (action_index,
1059 FIB_PROTOCOL_IP4, proto)))
1060 return transport_get_listener (proto, s->connection_index);
1065 * If nothing is found, check if any listener is available
1067 s = session_lookup_listener4_i (st, lcl, lcl_port, proto, 1);
1069 return transport_get_listener (proto, s->connection_index);
1075 * Lookup session with ip4 and transport layer information
1077 * Important note: this may look into another thread's pool table
1079 * Lookup logic is similar to that of @ref session_lookup_connection_wt4 but
1080 * this returns a session as opposed to a transport connection and it does not
1081 * try to lookup half-open sessions.
1083 * Typically used by dgram connections
1086 session_lookup_safe4 (u32 fib_index, ip4_address_t * lcl, ip4_address_t * rmt,
1087 u16 lcl_port, u16 rmt_port, u8 proto)
1089 session_table_t *st;
1095 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
1096 if (PREDICT_FALSE (!st))
1100 * Lookup session amongst established ones
1102 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
1103 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
1105 return session_get_from_handle_safe (kv4.value);
1108 * Check the session rules table
1110 action_index = session_rules_table_lookup4 (&st->session_rules[proto], lcl,
1111 rmt, lcl_port, rmt_port);
1112 if (session_lookup_action_index_is_valid (action_index))
1114 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1116 return session_lookup_action_to_session (action_index, FIB_PROTOCOL_IP4,
1121 * If nothing is found, check if any listener is available
1123 if ((s = session_lookup_listener4_i (st, lcl, lcl_port, proto, 1)))
1130 * Lookup connection with ip6 and transport layer information
1132 * This is used on the fast path so it needs to be fast. Thereby,
1133 * duplication of code and 'hacks' allowed.
1135 * The lookup is incremental and returns whenever something is matched. The
1137 * - Try to find an established session
1138 * - Try to find a half-open connection
1139 * - Try session rules table
1140 * - Try to find a fully-formed or local source wildcarded (listener bound to
1141 * all interfaces) listener session
1144 * @param fib_index index of the fib wherein the connection was received
1145 * @param lcl local ip6 address
1146 * @param rmt remote ip6 address
1147 * @param lcl_port local port
1148 * @param rmt_port remote port
1149 * @param proto transport protocol (e.g., tcp, udp)
1150 * @param thread_index thread index for request
1152 * @return pointer to transport connection, if one is found, 0 otherwise
1154 transport_connection_t *
1155 session_lookup_connection_wt6 (u32 fib_index, ip6_address_t * lcl,
1156 ip6_address_t * rmt, u16 lcl_port,
1157 u16 rmt_port, u8 proto, u32 thread_index,
1160 session_table_t *st;
1166 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1167 if (PREDICT_FALSE (!st))
1170 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
1171 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
1174 ASSERT ((u32) (kv6.value >> 32) == thread_index);
1175 if (PREDICT_FALSE ((u32) (kv6.value >> 32) != thread_index))
1177 *result = SESSION_LOOKUP_RESULT_WRONG_THREAD;
1180 s = session_get (kv6.value & 0xFFFFFFFFULL, thread_index);
1181 return transport_get_connection (proto, s->connection_index,
1185 /* Try half-open connections */
1186 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
1188 return transport_get_half_open (proto, kv6.value & 0xFFFFFFFF);
1190 /* Check the session rules table */
1191 action_index = session_rules_table_lookup6 (&st->session_rules[proto], lcl,
1192 rmt, lcl_port, rmt_port);
1193 if (session_lookup_action_index_is_valid (action_index))
1195 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1197 *result = SESSION_LOOKUP_RESULT_FILTERED;
1200 if ((s = session_lookup_action_to_session (action_index,
1201 FIB_PROTOCOL_IP6, proto)))
1202 return transport_get_listener (proto, s->connection_index);
1206 /* If nothing is found, check if any listener is available */
1207 s = session_lookup_listener6_i (st, lcl, lcl_port, proto, 1);
1209 return transport_get_listener (proto, s->connection_index);
1215 * Lookup connection with ip6 and transport layer information
1217 * Not optimized. This is used on the fast path so it needs to be fast.
1218 * Thereby, duplication of code and 'hacks' allowed. Lookup logic is identical
1219 * to that of @ref session_lookup_connection_wt4
1221 * @param fib_index index of the fib wherein the connection was received
1222 * @param lcl local ip6 address
1223 * @param rmt remote ip6 address
1224 * @param lcl_port local port
1225 * @param rmt_port remote port
1226 * @param proto transport protocol (e.g., tcp, udp)
1228 * @return pointer to transport connection, if one is found, 0 otherwise
1230 transport_connection_t *
1231 session_lookup_connection6 (u32 fib_index, ip6_address_t * lcl,
1232 ip6_address_t * rmt, u16 lcl_port, u16 rmt_port,
1235 session_table_t *st;
1241 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1242 if (PREDICT_FALSE (!st))
1245 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
1246 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
1249 s = session_get_from_handle (kv6.value);
1250 return transport_get_connection (proto, s->connection_index,
1254 /* Try half-open connections */
1255 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
1257 return transport_get_half_open (proto, kv6.value & 0xFFFFFFFF);
1259 /* Check the session rules table */
1260 action_index = session_rules_table_lookup6 (&st->session_rules[proto], lcl,
1261 rmt, lcl_port, rmt_port);
1262 if (session_lookup_action_index_is_valid (action_index))
1264 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1266 if ((s = session_lookup_action_to_session (action_index,
1267 FIB_PROTOCOL_IP6, proto)))
1268 return transport_get_listener (proto, s->connection_index);
1272 /* If nothing is found, check if any listener is available */
1273 s = session_lookup_listener6_i (st, lcl, lcl_port, proto, 1);
1275 return transport_get_listener (proto, s->connection_index);
1281 * Lookup session with ip6 and transport layer information
1283 * Important note: this may look into another thread's pool table and
1284 * register as 'peeker'. Caller should call @ref session_pool_remove_peeker as
1285 * if needed as soon as possible.
1287 * Lookup logic is similar to that of @ref session_lookup_connection_wt6 but
1288 * this returns a session as opposed to a transport connection and it does not
1289 * try to lookup half-open sessions.
1291 * Typically used by dgram connections
1294 session_lookup_safe6 (u32 fib_index, ip6_address_t * lcl, ip6_address_t * rmt,
1295 u16 lcl_port, u16 rmt_port, u8 proto)
1297 session_table_t *st;
1303 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1304 if (PREDICT_FALSE (!st))
1307 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
1308 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
1310 return session_get_from_handle_safe (kv6.value);
1312 /* Check the session rules table */
1313 action_index = session_rules_table_lookup6 (&st->session_rules[proto], lcl,
1314 rmt, lcl_port, rmt_port);
1315 if (session_lookup_action_index_is_valid (action_index))
1317 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1319 return session_lookup_action_to_session (action_index, FIB_PROTOCOL_IP6,
1323 /* If nothing is found, check if any listener is available */
1324 if ((s = session_lookup_listener6_i (st, lcl, lcl_port, proto, 1)))
1329 transport_connection_t *
1330 session_lookup_connection (u32 fib_index, ip46_address_t * lcl,
1331 ip46_address_t * rmt, u16 lcl_port, u16 rmt_port,
1332 u8 proto, u8 is_ip4)
1335 return session_lookup_connection4 (fib_index, &lcl->ip4, &rmt->ip4,
1336 lcl_port, rmt_port, proto);
1338 return session_lookup_connection6 (fib_index, &lcl->ip6, &rmt->ip6,
1339 lcl_port, rmt_port, proto);
1343 vnet_session_rule_add_del (session_rule_add_del_args_t *args)
1345 app_namespace_t *app_ns = app_namespace_get (args->appns_index);
1346 session_rules_table_t *srt;
1347 session_table_t *st;
1353 return SESSION_E_INVALID_NS;
1355 if (args->scope > 3)
1356 return SESSION_E_INVALID;
1358 if (args->transport_proto != TRANSPORT_PROTO_TCP
1359 && args->transport_proto != TRANSPORT_PROTO_UDP)
1360 return SESSION_E_INVALID;
1362 if ((args->scope & SESSION_RULE_SCOPE_GLOBAL) || args->scope == 0)
1364 fib_proto = args->table_args.rmt.fp_proto;
1365 fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
1366 st = session_table_get_for_fib_index (fib_proto, fib_index);
1367 srt = &st->session_rules[args->transport_proto];
1368 if ((rv = session_rules_table_add_del (srt, &args->table_args)))
1371 if (args->scope & SESSION_RULE_SCOPE_LOCAL)
1373 clib_memset (&args->table_args.lcl, 0, sizeof (args->table_args.lcl));
1374 args->table_args.lcl.fp_proto = args->table_args.rmt.fp_proto;
1375 args->table_args.lcl_port = 0;
1376 st = app_namespace_get_local_table (app_ns);
1377 srt = &st->session_rules[args->transport_proto];
1378 rv = session_rules_table_add_del (srt, &args->table_args);
1384 * Mark (global) tables as pertaining to app ns
1387 session_lookup_set_tables_appns (app_namespace_t * app_ns)
1389 session_table_t *st;
1393 for (fp = 0; fp < ARRAY_LEN (fib_index_to_table_index); fp++)
1395 fib_index = app_namespace_get_fib_index (app_ns, fp);
1396 st = session_table_get_or_alloc (fp, fib_index);
1398 st->appns_index = app_namespace_index (app_ns);
1403 format_ip4_session_lookup_kvp (u8 * s, va_list * args)
1405 clib_bihash_kv_16_8_t *kvp = va_arg (*args, clib_bihash_kv_16_8_t *);
1406 u32 is_local = va_arg (*args, u32);
1407 v4_connection_key_t *key = (v4_connection_key_t *) kvp->key;
1409 app_worker_t *app_wrk;
1415 session = session_get_from_handle (kvp->value);
1416 app_wrk = app_worker_get (session->app_wrk_index);
1417 app_name = application_name_from_index (app_wrk->app_index);
1418 str = format (0, "[%U] %U:%d->%U:%d", format_transport_proto_short,
1419 key->proto, format_ip4_address, &key->src,
1420 clib_net_to_host_u16 (key->src_port), format_ip4_address,
1421 &key->dst, clib_net_to_host_u16 (key->dst_port));
1422 s = format (s, "%-40v%-30v", str, app_name);
1426 session = session_get_from_handle (kvp->value);
1427 app_wrk = app_worker_get (session->app_wrk_index);
1428 app_name = application_name_from_index (app_wrk->app_index);
1429 str = format (0, "[%U] %U:%d", format_transport_proto_short, key->proto,
1430 format_ip4_address, &key->src,
1431 clib_net_to_host_u16 (key->src_port));
1432 s = format (s, "%-30v%-30v", str, app_name);
1437 typedef struct _ip4_session_table_show_ctx_t
1441 } ip4_session_table_show_ctx_t;
1444 ip4_session_table_show (clib_bihash_kv_16_8_t * kvp, void *arg)
1446 ip4_session_table_show_ctx_t *ctx = arg;
1447 vlib_cli_output (ctx->vm, "%U", format_ip4_session_lookup_kvp, kvp,
1453 session_lookup_show_table_entries (vlib_main_t * vm, session_table_t * table,
1454 u8 type, u8 is_local)
1456 ip4_session_table_show_ctx_t ctx = {
1458 .is_local = is_local,
1461 vlib_cli_output (vm, "%-40s%-30s", "Session", "Application");
1463 vlib_cli_output (vm, "%-30s%-30s", "Listener", "Application");
1468 ip4_session_table_walk (&table->v4_session_hash, ip4_session_table_show,
1472 clib_warning ("not supported");
1476 static clib_error_t *
1477 session_rule_command_fn (vlib_main_t * vm, unformat_input_t * input,
1478 vlib_cli_command_t * cmd)
1480 u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen = 0, rmt_plen = 0;
1481 clib_error_t *error = 0;
1482 u32 appns_index, scope = 0;
1483 ip46_address_t lcl_ip, rmt_ip;
1484 u8 is_ip4 = 1, conn_set = 0;
1485 u8 fib_proto, is_add = 1, *ns_id = 0;
1487 app_namespace_t *app_ns;
1490 session_cli_return_if_not_enabled ();
1492 clib_memset (&lcl_ip, 0, sizeof (lcl_ip));
1493 clib_memset (&rmt_ip, 0, sizeof (rmt_ip));
1494 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1496 if (unformat (input, "del"))
1498 else if (unformat (input, "add"))
1500 else if (unformat (input, "appns %_%v%_", &ns_id))
1502 else if (unformat (input, "scope global"))
1503 scope = SESSION_RULE_SCOPE_GLOBAL;
1504 else if (unformat (input, "scope local"))
1505 scope = SESSION_RULE_SCOPE_LOCAL;
1506 else if (unformat (input, "scope all"))
1507 scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
1508 else if (unformat (input, "proto %U", unformat_transport_proto, &proto))
1510 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
1511 &lcl_ip.ip4, &lcl_plen, &lcl_port,
1512 unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
1518 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
1519 &lcl_ip.ip6, &lcl_plen, &lcl_port,
1520 unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
1526 else if (unformat (input, "action %d", &action))
1528 else if (unformat (input, "tag %_%v%_", &tag))
1532 error = clib_error_return (0, "unknown input `%U'",
1533 format_unformat_error, input);
1540 vlib_cli_output (vm, "proto must be set");
1543 if (is_add && !conn_set && action == ~0)
1545 vlib_cli_output (vm, "connection and action must be set for add");
1548 if (!is_add && !tag && !conn_set)
1550 vlib_cli_output (vm, "connection or tag must be set for delete");
1553 if (vec_len (tag) > SESSION_RULE_TAG_MAX_LEN)
1555 vlib_cli_output (vm, "tag too long (max u64)");
1561 app_ns = app_namespace_get_from_id (ns_id);
1564 vlib_cli_output (vm, "namespace %v does not exist", ns_id);
1570 app_ns = app_namespace_get_default ();
1572 appns_index = app_namespace_index (app_ns);
1574 fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
1575 session_rule_add_del_args_t args = {
1576 .transport_proto = proto,
1577 .table_args.lcl.fp_addr = lcl_ip,
1578 .table_args.lcl.fp_len = lcl_plen,
1579 .table_args.lcl.fp_proto = fib_proto,
1580 .table_args.rmt.fp_addr = rmt_ip,
1581 .table_args.rmt.fp_len = rmt_plen,
1582 .table_args.rmt.fp_proto = fib_proto,
1583 .table_args.lcl_port = lcl_port,
1584 .table_args.rmt_port = rmt_port,
1585 .table_args.action_index = action,
1586 .table_args.is_add = is_add,
1587 .table_args.tag = tag,
1588 .appns_index = appns_index,
1591 if ((rv = vnet_session_rule_add_del (&args)))
1592 error = clib_error_return (0, "rule add del returned %u", rv);
1601 VLIB_CLI_COMMAND (session_rule_command, static) =
1603 .path = "session rule",
1604 .short_help = "session rule [add|del] appns <ns_id> proto <proto> "
1605 "<lcl-ip/plen> <lcl-port> <rmt-ip/plen> <rmt-port> action <action>",
1606 .function = session_rule_command_fn,
1611 session_lookup_dump_rules_table (u32 fib_index, u8 fib_proto,
1614 vlib_main_t *vm = vlib_get_main ();
1615 session_rules_table_t *srt;
1616 session_table_t *st;
1617 st = session_table_get_for_fib_index (fib_index, fib_proto);
1618 srt = &st->session_rules[transport_proto];
1619 session_rules_table_cli_dump (vm, srt, fib_proto);
1623 session_lookup_dump_local_rules_table (u32 table_index, u8 fib_proto,
1626 vlib_main_t *vm = vlib_get_main ();
1627 session_rules_table_t *srt;
1628 session_table_t *st;
1629 st = session_table_get (table_index);
1630 srt = &st->session_rules[transport_proto];
1631 session_rules_table_cli_dump (vm, srt, fib_proto);
1634 static clib_error_t *
1635 show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input,
1636 vlib_cli_command_t * cmd)
1638 u32 transport_proto = ~0, lcl_port, rmt_port, lcl_plen, rmt_plen;
1639 u32 fib_index, scope = 0;
1640 ip46_address_t lcl_ip, rmt_ip;
1641 u8 is_ip4 = 1, show_one = 0;
1642 app_namespace_t *app_ns;
1643 session_rules_table_t *srt;
1644 session_table_t *st;
1645 u8 *ns_id = 0, fib_proto;
1647 session_cli_return_if_not_enabled ();
1649 clib_memset (&lcl_ip, 0, sizeof (lcl_ip));
1650 clib_memset (&rmt_ip, 0, sizeof (rmt_ip));
1651 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1653 if (unformat (input, "%U", unformat_transport_proto, &transport_proto))
1655 else if (unformat (input, "appns %_%v%_", &ns_id))
1657 else if (unformat (input, "scope global"))
1659 else if (unformat (input, "scope local"))
1661 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
1662 &lcl_ip.ip4, &lcl_plen, &lcl_port,
1663 unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
1669 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
1670 &lcl_ip.ip6, &lcl_plen, &lcl_port,
1671 unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
1678 return clib_error_return (0, "unknown input `%U'",
1679 format_unformat_error, input);
1682 if (transport_proto == ~0)
1684 vlib_cli_output (vm, "transport proto must be set");
1690 app_ns = app_namespace_get_from_id (ns_id);
1693 vlib_cli_output (vm, "appns %v doesn't exist", ns_id);
1699 app_ns = app_namespace_get_default ();
1702 if (scope == 1 || scope == 0)
1704 fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
1705 fib_index = is_ip4 ? app_ns->ip4_fib_index : app_ns->ip6_fib_index;
1706 st = session_table_get_for_fib_index (fib_proto, fib_index);
1710 st = app_namespace_get_local_table (app_ns);
1715 srt = &st->session_rules[transport_proto];
1716 session_rules_table_show_rule (vm, srt, &lcl_ip, lcl_port, &rmt_ip,
1721 vlib_cli_output (vm, "%U rules table", format_transport_proto,
1723 srt = &st->session_rules[transport_proto];
1724 session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4);
1725 session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP6);
1732 VLIB_CLI_COMMAND (show_session_rules_command, static) =
1734 .path = "show session rules",
1735 .short_help = "show session rules [<proto> appns <id> <lcl-ip/plen> "
1736 "<lcl-port> <rmt-ip/plen> <rmt-port> scope <scope>]",
1737 .function = show_session_rules_command_fn,
1742 format_session_lookup_tables (u8 *s, va_list *args)
1744 u32 fib_proto = va_arg (*args, u32);
1745 u32 *fibs, num_fibs = 0, fib_index, indent;
1746 session_table_t *st;
1749 fibs = fib_index_to_table_index[fib_proto];
1751 for (fib_index = 0; fib_index < vec_len (fibs); fib_index++)
1753 if (fibs[fib_index] == ~0)
1757 st = session_table_get (fibs[fib_index]);
1758 total_mem += session_table_memory_size (st);
1761 indent = format_get_indent (s);
1762 s = format (s, "active fibs:\t%u\n", num_fibs);
1763 s = format (s, "%Umax fib-index:\t%u\n", format_white_space, indent,
1764 vec_len (fibs) - 1);
1765 s = format (s, "%Utable memory:\t%U\n", format_white_space, indent,
1766 format_memory_size, total_mem);
1767 s = format (s, "%Uvec memory:\t%U\n", format_white_space, indent,
1768 format_memory_size, vec_mem_size (fibs));
1773 static clib_error_t *
1774 show_session_lookup_command_fn (vlib_main_t *vm, unformat_input_t *input,
1775 vlib_cli_command_t *cmd)
1777 session_table_t *st;
1780 session_cli_return_if_not_enabled ();
1781 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1783 if (unformat (input, "table %u", &fib_index))
1786 return clib_error_return (0, "unknown input `%U'",
1787 format_unformat_error, input);
1790 if (fib_index != ~0)
1792 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
1794 vlib_cli_output (vm, "%U", format_session_table, st);
1796 vlib_cli_output (vm, "no ip4 table for fib-index %u", fib_index);
1797 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1799 vlib_cli_output (vm, "%U", format_session_table, st);
1801 vlib_cli_output (vm, "no ip6 table for fib-index %u", fib_index);
1805 vlib_cli_output (vm, "ip4 fib lookup tables:\n %U",
1806 format_session_lookup_tables, FIB_PROTOCOL_IP4);
1807 vlib_cli_output (vm, "ip6 fib lookup tables:\n %U",
1808 format_session_lookup_tables, FIB_PROTOCOL_IP6);
1814 VLIB_CLI_COMMAND (show_session_lookup_command, static) = {
1815 .path = "show session lookup",
1816 .short_help = "show session lookup [table <fib-index>]",
1817 .function = show_session_lookup_command_fn,
1821 session_lookup_init (void)
1823 session_lookup_main_t *slm = &sl_main;
1825 clib_spinlock_init (&slm->st_alloc_lock);
1828 * Allocate default table and map it to fib_index 0
1830 session_table_t *st = session_table_alloc ();
1831 vec_validate (fib_index_to_table_index[FIB_PROTOCOL_IP4], 0);
1832 fib_index_to_table_index[FIB_PROTOCOL_IP4][0] = session_table_index (st);
1833 st->active_fib_proto = FIB_PROTOCOL_IP4;
1834 session_table_init (st, FIB_PROTOCOL_IP4);
1835 st = session_table_alloc ();
1836 vec_validate (fib_index_to_table_index[FIB_PROTOCOL_IP6], 0);
1837 fib_index_to_table_index[FIB_PROTOCOL_IP6][0] = session_table_index (st);
1838 st->active_fib_proto = FIB_PROTOCOL_IP6;
1839 session_table_init (st, FIB_PROTOCOL_IP6);
1843 * fd.io coding-style-patch-verification: ON
1846 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob