src/vnet/session/session_rules_table.h

   1 /*
   2  * Copyright (c) 2017 Cisco and/or its affiliates.
   3  * Licensed under the Apache License, Version 2.0 (the "License");
   4  * you may not use this file except in compliance with the License.
   5  * You may obtain a copy of the License at:
   6  *
   7  *     http://www.apache.org/licenses/LICENSE-2.0
   8  *
   9  * Unless required by applicable law or agreed to in writing, software
  10  * distributed under the License is distributed on an "AS IS" BASIS,
  11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12  * See the License for the specific language governing permissions and
  13  * limitations under the License.
  14  */
  15
  16 #ifndef SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
  17 #define SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
  18
  19 #include <vnet/vnet.h>
  20 #include <vnet/fib/fib.h>
  21 #include <vnet/session/transport.h>
  22 #include <vnet/session/mma_16.h>
  23 #include <vnet/session/mma_40.h>
  24
  25 /* *INDENT-OFF* */
  26 typedef CLIB_PACKED (struct
  27 {
  28   union
  29     {
  30       struct
  31         {
  32           ip4_address_t rmt_ip;
  33           ip4_address_t lcl_ip;
  34           u16 rmt_port;
  35           u16 lcl_port;
  36         };
  37       u64 as_u64[2];
  38     };
  39 }) session_mask_or_match_4_t;
  40
  41 typedef CLIB_PACKED (struct
  42 {
  43   union
  44     {
  45       struct
  46         {
  47           ip6_address_t rmt_ip;
  48           ip6_address_t lcl_ip;
  49           u16 rmt_port;
  50           u16 lcl_port;
  51         };
  52       u64 as_u64[5];
  53     };
  54 }) session_mask_or_match_6_t;
  55 /* *INDENT-ON* */
  56
  57 #define SESSION_RULE_TAG_MAX_LEN 64
  58 #define SESSION_RULES_TABLE_INVALID_INDEX MMA_TABLE_INVALID_INDEX
  59 #define SESSION_RULES_TABLE_ACTION_DROP (MMA_TABLE_INVALID_INDEX - 1)
  60 #define SESSION_RULES_TABLE_ACTION_ALLOW (MMA_TABLE_INVALID_INDEX - 2)
  61
  62 typedef struct _session_rules_table_add_del_args
  63 {
  64   fib_prefix_t lcl;
  65   fib_prefix_t rmt;
  66   u16 lcl_port;
  67   u16 rmt_port;
  68   u32 action_index;
  69   u8 *tag;
  70   u8 is_add;
  71 } session_rule_table_add_del_args_t;
  72
  73 typedef struct _rule_tag
  74 {
  75   u8 *tag;
  76 } session_rule_tag_t;
  77
  78 typedef struct _session_rules_table_t
  79 {
  80   /**
  81    * Per fib proto session rules tables
  82    */
  83   mma_rules_table_16_t session_rules_tables_16;
  84   mma_rules_table_40_t session_rules_tables_40;
  85   /**
  86    * Hash table that maps tags to rules
  87    */
  88   uword *rules_by_tag;
  89   /**
  90    * Pool of rules tags
  91    */
  92   session_rule_tag_t *rule_tags;
  93   /**
  94    * Hash table that maps rule indices to tags
  95    */
  96   uword *tags_by_rules;
  97 } session_rules_table_t;
  98
  99 u32 session_rules_table_lookup4 (session_rules_table_t * srt,
 100                                  ip4_address_t * lcl_ip,
 101                                  ip4_address_t * rmt_ip, u16 lcl_port,
 102                                  u16 rmt_port);
 103 u32 session_rules_table_lookup6 (session_rules_table_t * srt,
 104                                  ip6_address_t * lcl_ip,
 105                                  ip6_address_t * rmt_ip, u16 lcl_port,
 106                                  u16 rmt_port);
 107 void session_rules_table_cli_dump (vlib_main_t * vm,
 108                                    session_rules_table_t * srt, u8 fib_proto);
 109 void session_rules_table_show_rule (vlib_main_t * vm,
 110                                     session_rules_table_t * srt,
 111                                     ip46_address_t * lcl_ip, u16 lcl_port,
 112                                     ip46_address_t * rmt_ip, u16 rmt_port,
 113                                     u8 is_ip4);
 114 clib_error_t *session_rules_table_add_del (session_rules_table_t * srt,
 115                                            session_rule_table_add_del_args_t *
 116                                            args);
 117 u8 *session_rules_table_rule_tag (session_rules_table_t * srt, u32 ri,
 118                                   u8 is_ip4);
 119 void session_rules_table_init (session_rules_table_t * srt);
 120 #endif /* SRC_VNET_SESSION_SESSION_RULES_TABLE_H_ */
 121 /*
 122  * fd.io coding-style-patch-verification: ON
 123  *
 124  * Local Variables:
 125  * eval: (c-set-style "gnu")
 126  * End:
 127  */