2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/session/mma_16.h>
17 #include <vnet/session/mma_template.c>
18 #include <vnet/session/mma_40.h>
19 #include <vnet/session/mma_template.c>
20 #include <vnet/session/session_rules_table.h>
21 #include <vnet/session/transport.h>
24 session_rule_tag_key_index (u32 ri, u8 is_ip4)
26 return ((ri << 1) | is_ip4);
30 session_rule_tag_key_index_parse (u32 rti_key, u32 * ri, u8 * is_ip4)
32 *is_ip4 = rti_key & 1;
37 session_rules_table_rule_tag (session_rules_table_t * srt, u32 ri, u8 is_ip4)
40 session_rule_tag_t *rt;
43 hash_get (srt->tags_by_rules, session_rule_tag_key_index (ri, is_ip4));
46 rt = pool_elt_at_index (srt->rule_tags, *tip);
53 session_rules_table_add_del_tag (session_rules_table_t * srt, u8 * tag,
54 u32 rule_index, u8 is_ip4, u8 is_add)
57 session_rule_tag_t *rt;
64 pool_get (srt->rule_tags, rt);
65 rt->tag = vec_dup (tag);
66 hash_set_mem (srt->rules_by_tag, rt->tag, rule_index);
67 rti_key = session_rule_tag_key_index (rule_index, is_ip4);
68 hash_set (srt->tags_by_rules, rti_key, rt - srt->rule_tags);
72 rip = hash_get_mem (srt->rules_by_tag, tag);
75 clib_warning ("tag has no rule associated");
78 rti_key = session_rule_tag_key_index (*rip, is_ip4);
79 rtip = hash_get (srt->tags_by_rules, rti_key);
82 clib_warning ("rule has no tag associated");
85 rt = pool_elt_at_index (srt->rule_tags, *rtip);
87 hash_unset_mem (srt->rules_by_tag, tag);
88 hash_unset (srt->tags_by_rules, rti_key);
89 pool_put (srt->rule_tags, rt);
94 session_rules_table_rule_for_tag (session_rules_table_t * srt, u8 * tag)
98 return SESSION_RULES_TABLE_INVALID_INDEX;
99 rp = hash_get_mem (srt->rules_by_tag, tag);
100 return (rp == 0 ? SESSION_RULES_TABLE_INVALID_INDEX : *rp);
104 fib_pref_normalize (fib_prefix_t * pref)
106 if (pref->fp_proto == FIB_PROTOCOL_IP4)
107 ip4_address_normalize (&pref->fp_addr.ip4, pref->fp_len);
109 ip6_address_normalize (&pref->fp_addr.ip6, pref->fp_len);
113 format_session_rule4 (u8 * s, va_list * args)
115 session_rules_table_t *srt = va_arg (*args, session_rules_table_t *);
116 mma_rule_16_t *sr = va_arg (*args, mma_rule_16_t *);
117 session_mask_or_match_4_t *mask, *match;
118 mma_rules_table_16_t *srt4;
119 u8 *tag = 0, *null_tag = format (0, "none");
123 srt4 = &srt->session_rules_tables_16;
124 ri = mma_rules_table_rule_index_16 (srt4, sr);
125 tag = session_rules_table_rule_tag (srt, ri, 1);
126 match = (session_mask_or_match_4_t *) & sr->match;
127 mask = (session_mask_or_match_4_t *) & sr->mask;
129 s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
130 format_ip4_address, &match->lcl_ip,
131 ip4_mask_to_preflen (&mask->lcl_ip), match->lcl_port,
132 format_ip4_address, &match->rmt_ip,
133 ip4_mask_to_preflen (&mask->rmt_ip), match->rmt_port,
134 sr->action_index, tag ? tag : null_tag);
135 if (vec_len (sr->next_indices))
137 s = format (s, "\n children: ");
138 for (i = 0; i < vec_len (sr->next_indices); i++)
139 s = format (s, "%d ", sr->next_indices[i]);
146 format_session_rule6 (u8 * s, va_list * args)
148 session_rules_table_t *srt = va_arg (*args, session_rules_table_t *);
149 mma_rule_40_t *sr = va_arg (*args, mma_rule_40_t *);
150 session_mask_or_match_6_t *mask, *match;
151 mma_rules_table_40_t *srt6;
152 u8 *tag = 0, *null_tag = format (0, "none");
156 srt6 = &srt->session_rules_tables_40;
157 ri = mma_rules_table_rule_index_40 (srt6, sr);
158 tag = session_rules_table_rule_tag (srt, ri, 0);
159 match = (session_mask_or_match_6_t *) & sr->match;
160 mask = (session_mask_or_match_6_t *) & sr->mask;
162 s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
163 format_ip6_address, &match->lcl_ip,
164 ip6_mask_to_preflen (&mask->lcl_ip), match->lcl_port,
165 format_ip6_address, &match->rmt_ip,
166 ip6_mask_to_preflen (&mask->rmt_ip), match->rmt_port,
167 sr->action_index, tag ? tag : null_tag);
168 if (vec_len (sr->next_indices))
170 s = format (s, "\n children: ");
171 for (i = 0; i < vec_len (sr->next_indices); i++)
172 s = format (s, "%d ", sr->next_indices[i]);
179 session_rules_table_get (session_rules_table_t * srt, u8 fib_proto)
181 if (fib_proto == FIB_PROTOCOL_IP4)
182 return &srt->session_rules_tables_16;
183 else if (fib_proto == FIB_PROTOCOL_IP6)
184 return &srt->session_rules_tables_40;
189 rule_cmp_16 (mma_rule_16_t * rule1, mma_rule_16_t * rule2)
191 session_mask_or_match_4_t *m1, *m2;
193 m1 = (session_mask_or_match_4_t *) & rule1->max_match;
194 m2 = (session_mask_or_match_4_t *) & rule2->max_match;
195 if (m1->rmt_ip.as_u32 != m2->rmt_ip.as_u32)
196 return (m1->rmt_ip.as_u32 < m2->rmt_ip.as_u32 ? -1 : 1);
197 if (m1->lcl_ip.as_u32 != m2->lcl_ip.as_u32)
198 return (m1->lcl_ip.as_u32 < m2->lcl_ip.as_u32 ? -1 : 1);
199 if (m1->rmt_port != m2->rmt_port)
200 return (m1->rmt_port < m2->rmt_port ? -1 : 1);
201 if (m1->lcl_port != m2->lcl_port)
202 return (m1->lcl_port < m2->lcl_port ? -1 : 1);
207 rule_cmp_40 (mma_rule_40_t * rule1, mma_rule_40_t * rule2)
209 session_mask_or_match_6_t *r1, *r2;
210 r1 = (session_mask_or_match_6_t *) & rule1->max_match;
211 r2 = (session_mask_or_match_6_t *) & rule2->max_match;
212 if (r1->rmt_ip.as_u64[0] != r2->rmt_ip.as_u64[0])
213 return (r1->rmt_ip.as_u64[0] < r2->rmt_ip.as_u64[0] ? -1 : 1);
214 if (r1->rmt_ip.as_u64[1] != r2->rmt_ip.as_u64[1])
215 return (r1->rmt_ip.as_u64[1] < r2->rmt_ip.as_u64[1] ? -1 : 1);
216 if (r1->lcl_ip.as_u64[0] != r2->lcl_ip.as_u64[0])
217 return (r1->lcl_ip.as_u64[0] < r2->lcl_ip.as_u64[0] ? -1 : 1);
218 if (r1->lcl_ip.as_u64[1] != r2->lcl_ip.as_u64[1])
219 return (r1->lcl_ip.as_u64[1] < r2->lcl_ip.as_u64[1]) ? -1 : 1;
220 if (r1->rmt_port != r2->rmt_port)
221 return (r1->rmt_port < r2->rmt_port ? -1 : 1);
222 if (r1->lcl_port != r2->lcl_port)
223 return (r1->lcl_port < r2->lcl_port ? -1 : 1);
228 session_rules_table_init_rule_16 (mma_rule_16_t * rule,
229 fib_prefix_t * lcl, u16 lcl_port,
230 fib_prefix_t * rmt, u16 rmt_port)
232 session_mask_or_match_4_t *match, *mask, *max_match;
233 fib_pref_normalize (lcl);
234 fib_pref_normalize (rmt);
235 match = (session_mask_or_match_4_t *) & rule->match;
236 match->lcl_ip.as_u32 = lcl->fp_addr.ip4.as_u32;
237 match->rmt_ip.as_u32 = rmt->fp_addr.ip4.as_u32;
238 match->lcl_port = lcl_port;
239 match->rmt_port = rmt_port;
240 mask = (session_mask_or_match_4_t *) & rule->mask;
241 ip4_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
242 ip4_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
243 mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
244 mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
245 max_match = (session_mask_or_match_4_t *) & rule->max_match;
246 ip4_prefix_max_address_host_order (&rmt->fp_addr.ip4, rmt->fp_len,
248 ip4_prefix_max_address_host_order (&lcl->fp_addr.ip4, lcl->fp_len,
250 max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
251 max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
255 session_rules_table_init_rule_40 (mma_rule_40_t * rule,
256 fib_prefix_t * lcl, u16 lcl_port,
257 fib_prefix_t * rmt, u16 rmt_port)
259 session_mask_or_match_6_t *match, *mask, *max_match;
260 fib_pref_normalize (lcl);
261 fib_pref_normalize (rmt);
262 match = (session_mask_or_match_6_t *) & rule->match;
263 clib_memcpy (&match->lcl_ip, &lcl->fp_addr.ip6, sizeof (match->lcl_ip));
264 clib_memcpy (&match->rmt_ip, &rmt->fp_addr.ip6, sizeof (match->rmt_ip));
265 match->lcl_port = lcl_port;
266 match->rmt_port = rmt_port;
267 mask = (session_mask_or_match_6_t *) & rule->mask;
268 ip6_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
269 ip6_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
270 mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
271 mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
272 max_match = (session_mask_or_match_6_t *) & rule->max_match;
273 ip6_prefix_max_address_host_order (&rmt->fp_addr.ip6, rmt->fp_len,
275 ip6_prefix_max_address_host_order (&lcl->fp_addr.ip6, lcl->fp_len,
277 max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
278 max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
282 session_rules_table_alloc_rule_16 (mma_rules_table_16_t * srt,
283 fib_prefix_t * lcl, u16 lcl_port,
284 fib_prefix_t * rmt, u16 rmt_port)
286 mma_rule_16_t *rule = 0;
287 rule = mma_rules_table_rule_alloc_16 (srt);
288 session_rules_table_init_rule_16 (rule, lcl, lcl_port, rmt, rmt_port);
293 session_rules_table_alloc_rule_40 (mma_rules_table_40_t * srt,
294 fib_prefix_t * lcl, u16 lcl_port,
295 fib_prefix_t * rmt, u16 rmt_port)
298 rule = mma_rules_table_rule_alloc_40 (srt);
299 session_rules_table_init_rule_40 (rule, lcl, lcl_port, rmt, rmt_port);
304 * Add/delete session rule
306 * @param srt table where rule should be added
307 * @param args rule arguments
309 * @return 0 if success, clib_error_t error otherwise
312 session_rules_table_add_del (session_rules_table_t * srt,
313 session_rule_table_add_del_args_t * args)
315 u8 fib_proto = args->rmt.fp_proto;
319 ri_from_tag = session_rules_table_rule_for_tag (srt, args->tag);
320 if (args->is_add && ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
321 return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE, 0,
324 if (fib_proto == FIB_PROTOCOL_IP4)
326 mma_rules_table_16_t *srt4;
327 srt4 = &srt->session_rules_tables_16;
330 mma_rule_16_t *rule4;
331 rule4 = session_rules_table_alloc_rule_16 (srt4, &args->lcl,
335 rule4->action_index = args->action_index;
336 rv = mma_rules_table_add_rule_16 (srt4, rule4);
339 ri = mma_rules_table_rule_index_16 (srt4, rule4);
340 session_rules_table_add_del_tag (srt, args->tag, ri, 1, 1);
346 if (ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
348 rule = mma_rules_table_get_rule_16 (srt4, ri_from_tag);
349 mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
350 session_rules_table_add_del_tag (srt, args->tag, 0, 1, 0);
356 memset (rule, 0, sizeof (*rule));
357 session_rules_table_init_rule_16 (rule, &args->lcl,
358 args->lcl_port, &args->rmt,
360 mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
364 else if (fib_proto == FIB_PROTOCOL_IP6)
366 mma_rules_table_40_t *srt6;
367 mma_rule_40_t *rule6;
368 srt6 = &srt->session_rules_tables_40;
371 rule6 = session_rules_table_alloc_rule_40 (srt6, &args->lcl,
375 rule6->action_index = args->action_index;
376 rv = mma_rules_table_add_rule_40 (srt6, rule6);
379 ri = mma_rules_table_rule_index_40 (srt6, rule6);
380 session_rules_table_add_del_tag (srt, args->tag, ri, 0, 1);
386 if (ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
388 rule = mma_rules_table_get_rule_40 (srt6, ri_from_tag);
389 mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
390 session_rules_table_add_del_tag (srt, args->tag, 0, 0, 0);
396 memset (rule, 0, sizeof (*rule));
397 session_rules_table_init_rule_40 (rule, &args->lcl,
398 args->lcl_port, &args->rmt,
400 mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
405 return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE_2, 0,
406 "invalid fib proto");
411 session_rules_table_lookup4 (session_rules_table_t * srt,
412 ip4_address_t * lcl_ip, ip4_address_t * rmt_ip,
413 u16 lcl_port, u16 rmt_port)
415 mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16;
416 session_mask_or_match_4_t key = {
417 .lcl_ip.as_u32 = lcl_ip->as_u32,
418 .rmt_ip.as_u32 = rmt_ip->as_u32,
419 .lcl_port = lcl_port,
420 .rmt_port = rmt_port,
422 return mma_rules_table_lookup_16 (srt4, (mma_mask_or_match_16_t *) & key,
427 session_rules_table_lookup6 (session_rules_table_t * srt,
428 ip6_address_t * lcl_ip, ip6_address_t * rmt_ip,
429 u16 lcl_port, u16 rmt_port)
431 mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40;
432 session_mask_or_match_6_t key = {
433 .lcl_port = lcl_port,
434 .rmt_port = rmt_port,
436 clib_memcpy (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
437 clib_memcpy (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
438 return mma_rules_table_lookup_40 (srt6, (mma_mask_or_match_40_t *) & key,
443 session_rules_table_init (session_rules_table_t * srt)
445 mma_rules_table_16_t *srt4;
446 mma_rules_table_40_t *srt6;
447 mma_rule_16_t *rule4;
448 mma_rule_40_t *rule6;
449 fib_prefix_t null_prefix;
451 memset (&null_prefix, 0, sizeof (null_prefix));
453 srt4 = &srt->session_rules_tables_16;
454 rule4 = session_rules_table_alloc_rule_16 (srt4, &null_prefix, 0,
456 rule4->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
457 srt4->root_index = mma_rules_table_rule_index_16 (srt4, rule4);
458 srt4->rule_cmp_fn = rule_cmp_16;
460 srt6 = &srt->session_rules_tables_40;
461 rule6 = session_rules_table_alloc_rule_40 (srt6, &null_prefix, 0,
463 rule6->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
464 srt6->root_index = mma_rules_table_rule_index_40 (srt6, rule6);
465 srt6->rule_cmp_fn = rule_cmp_40;
467 srt->rules_by_tag = hash_create_vec (0, sizeof (u8), sizeof (uword));
468 srt->tags_by_rules = hash_create (0, sizeof (uword));
472 session_rules_table_show_rule (vlib_main_t * vm, session_rules_table_t * srt,
473 ip46_address_t * lcl_ip, u16 lcl_port,
474 ip46_address_t * rmt_ip, u16 rmt_port,
477 mma_rules_table_16_t *srt4;
478 mma_rules_table_40_t *srt6;
485 srt4 = session_rules_table_get (srt, FIB_PROTOCOL_IP4);
486 session_mask_or_match_4_t key = {
487 .lcl_ip.as_u32 = lcl_ip->ip4.as_u32,
488 .rmt_ip.as_u32 = rmt_ip->ip4.as_u32,
489 .lcl_port = lcl_port,
490 .rmt_port = rmt_port,
493 mma_rules_table_lookup_rule_16 (srt4,
494 (mma_mask_or_match_16_t *) & key,
496 sr4 = mma_rules_table_get_rule_16 (srt4, ri);
497 vlib_cli_output (vm, "%U", format_session_rule4, srt, sr4);
501 srt6 = session_rules_table_get (srt, FIB_PROTOCOL_IP6);
502 session_mask_or_match_6_t key = {
503 .lcl_port = lcl_port,
504 .rmt_port = rmt_port,
506 clib_memcpy (&key.lcl_ip, &lcl_ip->ip6, sizeof (lcl_ip->ip6));
507 clib_memcpy (&key.rmt_ip, &rmt_ip->ip6, sizeof (rmt_ip->ip6));
508 ri = mma_rules_table_lookup_rule_40 (srt6,
509 (mma_mask_or_match_40_t *) & key,
511 sr6 = mma_rules_table_get_rule_40 (srt6, ri);
512 vlib_cli_output (vm, "%U", format_session_rule6, srt, sr6);
517 session_rules_table_cli_dump (vlib_main_t * vm, session_rules_table_t * srt,
520 if (fib_proto == FIB_PROTOCOL_IP4)
522 mma_rules_table_16_t *srt4;
524 srt4 = &srt->session_rules_tables_16;
525 vlib_cli_output (vm, "IP4 rules");
528 pool_foreach(sr4, srt4->rules, ({
529 vlib_cli_output (vm, "%U", format_session_rule4, srt, sr4);
534 else if (fib_proto == FIB_PROTOCOL_IP6)
536 mma_rules_table_40_t *srt6;
538 srt6 = &srt->session_rules_tables_40;
539 vlib_cli_output (vm, "IP6 rules");
542 pool_foreach(sr6, srt6->rules, ({
543 vlib_cli_output (vm, "%U", format_session_rule6, srt, sr6);
551 * fd.io coding-style-patch-verification: ON
554 * eval: (c-set-style "gnu")